Domain 2 Flashcards
Nation State
Country’s Government that uses cyber attacks to disrupt or steal information from another country. High Skill. Motivation Espionage, Disruption, Power. Example - Stealing intellectual property from a foreign competitor
Unskilled Attacker
Someone with limited technical knowledge who may launch attacks out of curiosity or malice. Low. Malice, Curiosity. Launching a phishing campaign against random email addresses
Hacktivist
To promote a political or social cause. Varies skill. Values (Political/Social). Example leaking sensitive data from a corporation they believe is unethical
Insider Threat
Authorised Internal user who intentionally or unintentionally misuses their access to harm a system or organisation. Varies (Financial Gain, Espionage, Disgruntled employee). Selling customer data
Organised Crime
A criminal syndicate that uses cyberattacks for financial gain, such as stealing money or data. High Sill. Financial Gain (Extortion or Fraud). Example Ransomware attack on a major hospital chain
Shadow IT
Employees leveraging unauthorised or unmanaged IT resources used within an organisation, which can create security vulnerabilities. Varies. Productivity
Data Exfiltration’s
Unauthorised removal of sensitive or proprietary information from computer system
Espionage
Goal of stealing confidential information from another organisation
Service Disrption
Causing Outages
Blackmail
Threat to expose sensitive information
Financial Gain
Steal money or valuables
Political belief
Driven by ideological or political motivations
Ethical Hacking
Authorised Stimulated attacks
Revenge
Retaliate against previous activity
Disruption/Chaos
Aimed at causing widespread disruption
War
Disrupt Enemy military operations
Threat Vector
Method or Combination of methods that attacker use to gain unauthorised access to a computer system, network or data
Attack Surface
Sum total of all the possible entry points.
Authority
Citing Position, Responsibility or affiliation that grants the attacker the authority to make the request
Intimidation
Suggesting you may face negative outcomes
Consensus
Claiming that someone is in a similar position
Famililarity
Attempting personal connection
Trust
Citing Knowledge and experience
Urgency
Time sensitivity that demands immediate action
Spear Phishing
Targets Specific group of users
Whaling
Targets high level executives
Vishing
Voice based Phishing
Smishing
SMS based messaging
Pretexting
Attacker tries to convince a victim to give up information of value, or access to a service or system
Watering Hole
Attackers compromise a legitimate website frequently visited by a target grou
Brand Impersonation
Attacker creates websites, social media accounts, or email that closely resemble those of a legitimate brand
Typosquatting
Typing incorrect website address. URL Hijacking
Vulnerability
Weakness in system
Threat
Potential event that could exploit the vulnerability
Exploit
Specific Method/tool used to take advantage of a vulnerability
Attack
Actual attempt
Buffer Overflow
Exist when a developer writes code that does not validate user input to ensure it does not allow input that is too large. Prevent this with Input Validation and Prevent this by software training.
Memory Injection
Maliciously inserting information into memory is known as memory injection. This is primary goal of buffer overflow
Integer Overflow
Putting too much information into small space
Race Condition
Systems behaviour is based on sequence or timing of uncontrollable events
Time of Check
Moment a system verifies access permission or other security controls
Time of Use
Moment when the system accesses the resources or uses granted permission
SQL Injection
Use unexpected input to a web application to gain unauthorised access to an uderlying database
Cross Site Scripting
Malicious scripts are injected into otherwise benign and trusted websites through input field
Firmware
Firmware attacks can occur through the update process or one of malicious downloads, impacting the boot process
End of life
Aging equipment that has some usable lifespan left
Legacy
Hardware, Software that are unsupported
Server Virtualisation
Is the process of dividing a physical server into multiple unique and isolated virtual servers by means of software applications (hypervisor)
Resource Reuse
When cloud providers take hardware resources originally assigned to one customer and reuse them with another customer
Rooting and Jailbreaking
Remove the vendor restrictions on a mobile device
Zero day
Attack that uses a vulnerability that is either unknown to everyone
Trojan
A software program that appears good and harmless but carries a malicious, hidden payload that has the potential to wreak havoc on a system or network
Spyware
Software designed to monitor and steal a users activity without their knowledge
Worm
Self replicating program that spreads itself across network, infecting other computers
Bloatware
Unnecessary software pre-installed on a device
Keylogger
Software or hardware that records every keystroke typed on a computer
Multipartite virus
Use more than one propagation technique
Stealth Viruses
Hide themselves by actually tampering
Polymorphic Viruses
Modify their own code as they travel
Logic Bomb
Malicious code designed to trigger a specific action at a predetermined time or even
Rootkit
Provides attacker Privileged Access
Denial of Service
Is a resource consumption attack intended to prevent legitimate activity on a victimised system
DDOS
DOS attack multiple compromised computers
Reflected DDOS
Attacker sending request to third party server with a spoofed source IP address
Amplified DDOS
Reflection techniques in combination with amplification
DNS Poisoning
Attacker alters the domain name to IP address mappings in DNS system. May direct traffic to a rogue system or perform Denial of service
DNS Spoofing
Attacker sends false replies to a requesting system beating real repy from valid DNS server
Domain Hijacking
Change the registration of a domain through technical means
Bluejacking
Push unsolicited message
Bluesnarfing
Data theft using Bluetooth
Blue bugging
Backdoor attack before returning control of the phone to its owner
Evil Twin
Malicious Access point set up to appear to be legitimate trusted network
Rogue Access Points
Access Points added to your network either intentionally or unintentionally.
On Path attack (Man in the Middle Attack)
Attacker between 2 endpoints and is able to intercept traffic
Credential Replay
Stealing or Capturing legitimate login credentials
Directory Traversal
Gain access to restricted directories . Command Injection attack is used to carry Directory traversal
Collision Attack
Two inputs that produce the same hash value. MD5 is known for collision
Downgrade Attack
Protocol that is downgraded from higher mode to lower mode
Birthday attack
Attempt to find collision in hash function. Targets Digital Signature
Password Spraying
Single password for many different accounts
Mobile App Management (MAM
keep personal and business data separate
Mandatory Access Control
Determined by the system and not the object owner
Discretionary Access Control
Permits the owner or creator of an object to control and define accessibility. NTFS file permission
Non discretionary access control
Enables the enforcement of system wide restrictions that override object specific access control
Rule based Access control
Rules define the traffic
Role Based Access control
Well defined collection of name job control
Application Allow lst
Explicitly allowed application
Application Deny
Not restricted will be allowed
Hardware Root of Trust
A line of defence against executing unauthorised firmware. It verifies keys match before the secure boot process
Trusted Platform Module
Chip on the motherhood. Multipurpose for securing keys and FDE
Extended Detection and Response
Includes Network devices, cloud infrastructure, IoT devices
HIPS - Host based intrusion prevention system
