Malware Types and social engineering techniques Flashcards
Viruses and Worms
Types of malicious software (malware) that can replicate themselves and spread across a network.
Virus- needs a host file or program to spread
Worm- can spread independently by actively searching for vulnerable systems on the network to infect
Adware/Spyware
Adware- “adware” is a type of malware that displays unwanted advertisements
Spyware- secretly monitors a user’s activity and collects personal information without their knowledge
Rootkit
a type of malware designed to give hackers access to and control over a target device
Botnet
a network of private computers infected with malicious software and controlled as a group without the owners’ knowledge, e.g., to send spam messages.
Keylogger
a computer program that records every keystroke made by a computer user, especially in order to gain fraudulent access to passwords and other confidential information
Ransomware
a type of malicious software designed to block access to a computer system until a sum of money is paid.
Trojan
a type of malware that disguises itself as a legitimate program or file to gain access to a device
Antivirus and anti-malware
Antivirus and anti-malware are both computer programs that protect devices from malware.
Antivirus: Originally designed to detect and remove viruses, antivirus software scans for known malware patterns and removes or blocks suspicious activity.
Anti-Malware: Can detect and remove a wider range of malicious software, including viruses, spyware, and ransomware. Anti-malware uses techniques to detect new and more sophisticated malware strains.
Phishing
Uses fraudulent emails or websites to trick victims into sharing sensitive data.
Vishing
Uses voice calls or voicemails to trick victims into sharing sensitive data.
Whaling
Whaling attacks, often referred to as CEO fraud or executive phishing, are sophisticated cyberthreats targeting an organization’s high-profile individuals.
Shoulder Surfing
a social engineering attack where a person steals a victim’s personal information by looking over their shoulder or listening to them
Tailgating
a security breach that occurs when someone gains access to a restricted area by following an authorized person
Impersonation
a cyber security tactic where a malicious actor pretends to be someone else to steal data or funds
Dumpster Diving
a cybercrime where hackers search through trash to find sensitive information, such as bank statements, credit card numbers, or passwords
Evil Twin
a cyberattack where a hacker creates a fake Wi-Fi network that looks like a legitimate one to trick users into connecting
Distributed denial of service (DDoS)
a cybercrime that involves flooding a website or network with traffic to make it inaccessible or degrade its performance
Denial of service (DoS)
a cyber-attack that attempts to make a network resource or machine unavailable to its intended users
Zero-day attack
a cyber attack that exploits a software, hardware, or firmware vulnerability that is unknown to the vendor or antivirus companies
On-path attack
a cyberattack where an attacker intercepts and modifies communication between two parties
Spoofing
a cybercrime where a person or program impersonates another entity to gain access to sensitive information or systems
Brute-force attack
Dictionary attack
Brute Force: An attacker uses automated software to try every possible combination of letters, numbers, and symbols until they crack the password
Dictionary: An attacker uses a wordlist of common words and phrases to try and crack a password
Structured Query Language (SQL) injection
a type of cyber attack that uses malicious SQL statements to exploit vulnerabilities in a web application’s code
Cross-site scripting (XSS)
a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites
Insider threat
a potential for someone within an organization to harm its security, either intentionally or accidentally
Social-engineering vulnerabilities
Non-compliant systems.
Unpatched systems.
Unprotected systems:
Missing antivirus.
Missing firewall.
End-of-life operating systems.
Bring your own device (BYOD).
