Cyber Attacks Flashcards
A set of rules and protocols that allow different software applications to communicate with each other. This interface defines the methods and data structures that programs can use to request services from other software components.
API (Application Programming Interface)
The means by which a user interacts with a computer system, software, or hardware. It includes visual elements like buttons, icons, and menus, as well as how users input commands.
The touchscreen interface on a smartphone, where users tap icons to open apps.
UI (User Interface)
Software that allows an operating system to communicate with hardware devices (like printers, video cards, or network adapters). Device drivers translate OS commands into device-specific operations.
Installing a printer driver to enable a computer to print documents.
Device Drivers
A collection of software development tools, libraries, and documentation that developers use to create applications for a specific platform or framework.
A mobile app developer uses this to build Android apps
SDK (Software Development Kit)
A cyberattack in which the attacker floods a target system, network, or website with a massive amount of traffic or requests to overwhelm its resources, causing it to become slow, unavailable, or crash.
An attacker sends excessive traffic to a company’s website, causing it to slow down or go offline.
DoS Attack (Denial of Service Attack)
Occurs when a program or application allocates memory but fails to release it when it is no longer needed, eventually causing the system to run out of memory.
A developer forgets to release memory after using it in an application.
Memory Leak
Happens when more data is written to a buffer (temporary data storage) than it can handle, causing the excess data to overwrite adjacent memory. This can lead to system crashes or security vulnerabilities.
A program tries to store more data in a fixed-size array, causing it to overwrite adjacent memory and crash.
Buffer Overflow
Occurs when multiple processes or threads attempt to access or modify shared resources simultaneously, leading to unpredictable results or errors.
Two users simultaneously attempt to withdraw money from the same bank account, causing the account balance to become inaccurate.
Race Condition
Occurs when a number exceeds the maximum value that can be stored in a variable or data type, causing the value to wrap around and produce unexpected or incorrect results.
A program tries to add two large numbers, causing the result to exceed the limit of the variable’s data type and wrap around to a negative number.
Integer Overflow
A type of attack where the attacker systematically tries all possible combinations of passwords or encryption keys until the correct one is found.
An attacker tries every possible password for a user’s account until they find the correct one.
Brute-force Attack
Occurs when an attacker forces a system or communication to use a weaker or less secure version of a protocol, making it easier to exploit vulnerabilities.
An attacker forces a website to use outdated SSL/TLS encryption instead of the latest.
Downgrade Attack
Involves compromising a website or online resource that is frequently visited by the target group, in order to infect their devices with malware or steal sensitive data.
An attacker compromises a website that is popular among government employees,
Watering Hole Attack
Occurs when an attacker intercepts or alters communications between two parties without them knowing, typically to steal or manipulate data.
An attacker intercepts the communication between a user and a banking website
On-path Attack (formerly known as Man-in-the-Middle Attack)
involves inserting a small piece of code (a “shim”) between two software components to modify or intercept their behavior, often to achieve compatibility or fix a problem.
An attacker may use this to insert malicious code into an application, altering its behavior without the user’s knowledge.
Shimming
The process of restructuring existing code without changing its external behavior, typically to improve readability, maintainability, or performance.
A developer refactors a large, complicated function into smaller, more manageable functions to improve code clarity.
Refactoring
A request made by a software program to an API to retrieve or send data, perform a specific function, or interact with a service or system.
A weather app does this to a weather service to retrieve current weather data.
API Call
The process of installing applications or software from sources other than official app stores or marketplaces, often bypassing security mechanisms.
Installing an APK file directly from a website onto an Android device instead of downloading it from the Google Play Store.
Sideloading
Involves adding data to the beginning of a message or input, often to manipulate how the data is processed or interpreted by a system. This technique is often used in attacks to alter the behavior of a program.
In a phishing attack, an attacker prepends a malicious URL to a seemingly safe link to trick a user into clicking on it.
Prepending
A technique used to find security vulnerabilities by inputting random, unexpected, or invalid data into a program to see how it behaves and identify weaknesses.
A security researcher uses this testing method to find crashes or memory leaks in a web application by feeding it random or malformed inputs.
Fuzz Testing
An attack where an attacker intercepts and possibly alters communication between two parties without their knowledge. The attacker can eavesdrop, manipulate data, or impersonate one of the parties.
Example: An attacker intercepting traffic between a user and a website to steal login credentials.
MitM - Man-in-the-Middle
A long-term, targeted attack by a well-resourced adversary, often a nation-state or organized group, aimed at stealing sensitive information or gaining unauthorized access over a prolonged period.
Example: A hacker group infiltrating a corporate network to steal trade secrets over several months.
APT - Advanced Persistent Threat
An attack where a malicious user tricks a victim into performing unwanted actions on a trusted website where the victim is authenticated, often leading to unauthorized actions like transferring funds or changing settings.
Example: A user unknowingly clicking a link that triggers a fund transfer from their bank account while logged in.
XSRF - Cross-Site Request Forgery
An attack where multiple systems are used to flood a target system, server, or network with excessive traffic to exhaust resources and make the system unavailable to legitimate users.
Example: A large-scale botnet sending massive traffic to a website, causing it to crash and become inaccessible.
DDoS - Distributed Denial-of-Service
The total sum of all points where an attacker can potentially exploit a system to gain unauthorized access or cause damage. This includes hardware, software, network interfaces, and user interactions.
Example: may include exposed APIs, web server ports, authentication systems, and vulnerable third-party libraries.
Attack Surface
An attack where an attacker disguises themselves as a trusted entity to gain unauthorized access, deceive users, or bypass security measures.
Example: An attacker sending an email that appears to come from a trusted source (like a bank) to trick a user into providing login credentials.
Spoofing
A form of social engineering where attackers send fraudulent messages, often appearing as legitimate sources, to steal sensitive information such as usernames, passwords, or financial details.
Example: A fake email from a bank asking users to click a link and update their account information.
Phishing
A type of attack where a hacker compromises a legitimate business email account and uses it to manipulate employees into performing unauthorized actions, such as transferring money or sending sensitive information.
Example: An attacker posing as a CEO sends an email to the finance department, instructing them to wire money to a fraudulent account.
BEC Attacks
Links embedded in emails, websites, or messages that redirect users to phishing sites or trigger the download of malware.
Example: A link in a spam email that leads to a website designed to steal login credentials or install malware.
Malicious Links
Files attached to emails or other messages that contain harmful software designed to infect and damage systems, steal data, or gain unauthorized access.
Example: An email with an attached document that, when opened, installs ransomware on the user’s computer.
Malware Attachements
A type of attack where a user sends unsolicited messages via Bluetooth to nearby devices, often for pranking or spamming.
Example: Sending a random message to someone else’s Bluetooth-enabled phone without their consent.
Bluejacking
An attack that involves accessing and stealing data from a Bluetooth-enabled device without the user’s consent.
Example: An attacker connecting to a phone’s Bluetooth to steal contacts, calendars, or other sensitive information.
Bluesnarfing
A type of Wi-Fi attack where a rogue access point masquerades as a legitimate one, tricking users into connecting to it and potentially intercepting their data or injecting malicious content.
Example: An attacker sets up a Wi-Fi network with a name identical to a nearby coffee shop’s network to steal user credentials.
Evil Twin
A type of phishing attack that targets high-level executives or important figures within an organization, often using highly personalized and sophisticated tactics to deceive them into divulging sensitive information or authorizing fraudulent transactions.
Example: An attacker impersonates a CEO and sends an email to the CFO requesting a large financial transfer.
Whaling
A targeted form of phishing where the attacker customizes their fraudulent communications to a specific individual or organization, often using information gathered from social media or other sources to appear legitimate.
Example: An attacker gathers details about an employee from social media and sends a personalized email that looks like it’s from the IT department, asking the employee to reset their password.
Spear Phishing
A type of social engineering attack that uses voice communication (typically phone calls) to trick individuals into revealing sensitive information or performing actions that benefit the attacker.
Example: An attacker calls a victim, pretending to be from their bank, and asks them to verify personal information over the phone.
Vishing
A form of phishing that uses SMS (text messages) to lure individuals into clicking malicious links or providing personal information, often leading to identity theft or malware installation.
Example: A text message claiming to be from a bank, asking the recipient to click a link to “verify their account,” which leads to a phishing website.
Smishing
A cyberattack where the attacker redirects legitimate website traffic to fraudulent websites, often by manipulating DNS settings or infecting users’ computers, to steal sensitive information like login credentials or personal data.
Example: A user tries to visit their bank’s website, but the DNS has been altered, redirecting them to a fake website that looks identical, where their login details are stolen.
Pharming
An attack where an attacker alters the DNS settings of a user’s device or a DNS server to redirect traffic to malicious websites, often for phishing, data theft, or spreading malware.
Example: An attacker compromises a router’s DNS settings to redirect users to a fake banking website.
Domain Name System (DNS) Hijacking
An attack where corrupt DNS data is injected into the cache of a DNS resolver, causing it to resolve domain names to incorrect IP addresses, often redirecting users to malicious sites.
Example: A DNS cache is poisoned, causing users to be redirected to a fake e-commerce website that collects their credit card information.
Domain Name System (DNS) Poisoining
An attack that involves sending falsified ARP (Address Resolution Protocol) messages to a local network, mapping the attacker’s MAC address to the IP address of another device, allowing them to intercept or alter network traffic.
Example: An attacker uses this to intercept the communication between a user’s device and the router, allowing them to eavesdrop on sensitive information.
Address Resolution Protocol (ARP) Poisoning
The practice of hiding data within other non-suspicious data, such as embedding a secret message in an image, audio, or video file, to avoid detection.
Example: An attacker hides malicious code inside an image file, which when opened, activates a virus or backdoor.
Steganography
Attack methods that use images (e.g., hidden malicious code embedded in image files) as a means to deliver or execute threats, such as malware or exploits.
Example: An attacker embeds a malicious payload in an image file, which is executed when the image is processed by vulnerable software.
Image-Based Threat Vectors
Attack methods that use files, such as documents or executable files, to deliver malware or exploit vulnerabilities in a system.
Example: An attacker sends a PDF file with an embedded macro that, when opened, installs ransomware on the target system.
File-Based Threat Vectors
The unauthorized transfer of data from a system to an external location or attacker-controlled destination, often to steal sensitive information.
Example: A hacker extracts confidential company files and sends them to an external server via email or FTP.
Data Exfiltration
A social engineering attack where an attacker creates a fabricated scenario (pretext) to obtain sensitive information or gain unauthorized access, often by impersonating someone trusted.
Example: An attacker pretends to be from the IT department and calls an employee to ask for their username and password to “fix a technical issue.”
Pretexting
A method of attack where malicious software targets the client-side application or software on a user’s device, such as web browsers or email clients, to exploit vulnerabilities.
Example: A phishing email contains a malicious link that, when clicked in the browser, exploits a vulnerability to install malware on the user’s device.
Client-Based Software Threat Vector
A threat method that involves a software agent (such as a monitoring or management agent) installed on a device, which can be exploited by attackers to control or access sensitive data on the system.
Example: An attacker exploits a vulnerability in an endpoint security agent to gain access to a network and execute commands remotely.
Agent-Based Threat Vector
An attack where an attacker sends false ARP (Address Resolution Protocol) messages onto a local network, associating their MAC address with the IP address of another device, such as the gateway. This allows them to intercept or alter network traffic.
ARP Spoofing
An attack where a malicious user sends frames to a different VLAN (Virtual Local Area Network) by exploiting misconfigurations in network switches, allowing them to bypass network segmentation and access restricted resources.
VLAN Hopping
A physical attack where an attacker taps into a network cable to capture or alter the data being transmitted, often used in man-in-the-middle attacks.
Cable Tapping
A technique used to capture and analyze network traffic passing through a specific port, typically to monitor, troubleshoot, or exploit vulnerabilities in network communication.
Port Sniffing
A type of attack where malicious code is injected into the memory of a running process to alter its execution, often to perform unauthorized actions like code execution or data manipulation.
Memory Injection
An attack where valid data transmissions (such as authentication tokens or messages) are captured and retransmitted (or “replayed”) by an attacker to gain unauthorized access or perform malicious actions.
Example: An attacker intercepts a legitimate login request and sends it again to access the system without needing to know the password.
Replay Attack
A technique used in programming where a pointer (a variable that holds the memory address of another value) is used to access the value it points to. Improper dereferencing can lead to vulnerabilities, such as accessing uninitialized memory or causing a segmentation fault.
Pointer Deference
A security flaw in software or hardware that is unknown to the vendor or the public, and for which no patch or fix is available, making it a target for exploitation by attackers.
Example: An attacker discovers a flaw in a popular web browser and exploits it before the vendor releases a security patch, allowing them to execute malicious code.
Zero-Day Vulnerability
A technique used by attackers to inject malicious DLL files into a running process, allowing them to execute their own code within the context of that process. This can be used to manipulate the behavior of the program or escalate privileges.
DLL Injection
A type of software error that occurs when multiple threads or processes attempt to access shared resources simultaneously, leading to inconsistent or unexpected behavior.
Example: Two threads attempt to update the same file at the same time, causing data corruption.
Concurrency Error
A technique in programming where multiple threads (smaller units of a process) are executed concurrently within a single process. This allows for more efficient use of CPU resources, especially on multi-core processors.
Multithreading
An error that occurs when there is a failure to properly synchronize access to shared resources between threads or processes, leading to race conditions, deadlocks, or inconsistent results.
Synchronization Error
A type of concurrency error or vulnerability that occurs when a system checks the state of a resource (time-of-check) and then uses it later (time-of-use), but the resource’s state changes in between, leading to inconsistent or malicious behavior.
Example: An attacker changes a file’s permissions between the time it’s checked for access and the time it’s actually used, allowing unauthorized access.
TOC/TOU (Time-of-Check to Time-of-Use)
