lecture 3 Flashcards
What is a cyber attack?
an attempt by cybercriminals, hackers or other digital adversaries to access a computer network or system, usually for the purpose of altering, stealing, destroying or exposing information.
What are the goals of hackers toward businesses or organizations?
the hacker’s goal is usually to access sensitive and valuable company resources, such as intellectual property (IP), customer data or payment details.
Types of cyber Attacks
Malware
Phishing
Ransomware
Denial of Service
Man in the middle
Cryptojacking
DNS tunneling
zero day exploits
Denial of service
A denial-of-service (DoS) attack is designed to prevent online services from working efficiently, also known as abrute-force attack.
It is typically caused by an attacker flooding a website with huge amounts of traffic or requests, in an attempt to overwhelm its systems and take them offline.
A more advanced DoS form is a distributed denial-of-service(DDoS) attack, through which an attacker takes control of several computers to overload its target.
Man in the middle attacks
MITMattacks enable malicious actors to position themselves between the target victim and an online service the user accesses.
An example of this is an attacker creating a spoofed, free-to-access Wi-Fi network. When the user connects to or signs into the network, the attacker can steal the login credentials and data they use while on it.
What is a malware?
is malicious software designed to cause damage to computers, networks, and servers.
includes trojans, viruses and worms.
What is a Phishing attack?
This attack tricks a target into downloading malware or entering sensitive information into spoofed websites.
What are ransomware attacks?
Attacks are financially fueled form of malware attack. Attacker demands a ransom fee from the victim and will only restore access upon payment.
What is cryptojacking?
When a bad actor takes control of a device or server to mine for cryptocurrency.
The only sign of cryptojacking is a loss or reduction in computer performance or overactive cooling fans.
what are SQL Injections?
Attackers use Structured Query Language injection to exploit vulnerabilities and seize control of a database.
What is Zero-day attacks?
Target vulnerabilities in software code that businesses have not yet discovered, and as a result, have not been able to patch.
What is DNS tunneling?
This targets the Domain Name System, a protocol that translates web addresses into IP addressed.
What is Confidentiality?
Confidentiality prevents the unauthorized disclosure of data.
The loss of confidentiality is the disclosure of information to unauthorized user.
Confidentiality data can be protected using such technique as access control, encryption, etc.
What is integrity?
Integrity provides assurances that data has not changed, modified, tampered with, or corrupted by unauthorized user.
Data Integrity can be preserved by Hashing etc.
What is availability?
indicates that data and services are available to authorized user where and when needed.
Organizations implement redundancy and fault-tolerant methods to ensure high levels of availability.
