p3 q1 Flashcards
is the term used for a broad range of malicious
activities accomplished through human interactions. It uses
psychological manipulation to trick users into making security
mistakes or giving away sensitive information
social engineering
social engineering attack lifecycle
- investigation
- hook
- play
- exit
What makes social engineering especially dangerous is that_______, rather than vulnerabilities in software
and operating systems.
it relies on human error
social engineering attack techniques
- baiting
- scareware
- pretexting
- phishing
- spear phishing
- quid pro quo (something for something)
- honey traps
attacks are a bundle of false
promises to exasperate a sufferer’s cupidity or curiosity
baiting
involves victims being bombarded with false alarms and
fictitious threats.
scareware
Here an attacker obtains information through a series of
cleverly crafted lies.
pretexting
are email and text message campaigns aimed
at creating a sense of urgency, curiosity or fear in victims. It then
tricks them into revealing sensitive information, clicking on links to
malicious websites, or opening attachments that contain malware.
phishing
whereby an attacker chooses specific individuals or enterprises.
spear phishing
the attackers promise a
reward in exchange for information.
quid pro quo
attackers usually target the
person who likes to get involved romantically or sexually
with someone online
honey traps
it typically refers to an individual who uses his or her skills
to achieve unauthorized access to systems or networks so as to
commit crimes
hackers
types of hackers
- black hat
- white hat
- grey hat
- green hat
- blue hat
- red hat
are groups of hackers,
programmers and other tech bandits who combine their skills
and resources to commit major crimes that might not otherwise
be possible
organized hackers
types of organized hackers
- hacktivist
- terrorists
- state-backed hackers
- internet stalkers
- disgruntled employees
driven by a particular political or social agenda.
hacktivists
the unlawful use of violence and intimidation,
especially against civilians, in the pursuit of political aims.
terrorists
are carried out by cyber criminals
directly linked to a nation-state to exploit infrastructure
vulnerabilities
state-backed hackers
are people who maliciously monitor the web
activity of their victims to acquire personal data.
internet stalkers
become
hackers with a particular motive and also commit cyber crimes
disgruntled employees
a kind of information gathering on
network system and services. This enables the attacker to
discover vulnerabilities or weaknesses on the network
reconnaissance
type of network attacks
- ping sweeps
- port scans
- packet sniffing
- access attacks
is a network scanning technique you can use to find
out which IP addresses map to live hosts.
ping sweeps
ping sweeps also known as
ICMP (internet control message protocol)
