Threat, attacks, and vulnerabilities Flashcards
Smishing
Smishing is a cyber-attack that targets individuals through SMS (Short Message Service) or text messages.
In a smishing attack, cybercriminals send deceptive text messages to lure victims into sharing personal or financial information, clicking on malicious links, or downloading harmful software or applications. Just like email-based phishing attacks, these deceptive messages often appear to be from trusted sources, and they use social engineering tactics to create a sense of urgency, curiosity, or fear to manipulate the recipient into taking an undesired action.
Dumpster diving
where bad guys physically look through the recycle bin and trash cans of the office to look for sensitive information. This info could include passwords, usernames, court documents. Dumpster diving is a form of social engineering as it exploits the human factor.
Pharming
is a cyber-attack where the bad guy compromises the DNS server (dns spoofing or cache poisoning) of the site the user wants to visit by resolving the web site to a different IP (malicious server), or their host file was manipulated. Sometimes, attackers may compromise a router by modifying its DNS to redirect the victim to a fictious site. Url redirection.The attacker may also modify the host file of the user’s computer.
Tailgaiting
it’s a physical threat where a person gains unlawful access to secure areas by following someone. It’s a social engineering thing where it exploits kindness. Tailgating is a physical approach.
Should surfing
the practice of obtaining unauthorized information by directly observing or spying on someone as they are entering information. It’s a form of social engineering where the attacker does not have to rely on sophisticated techniques.
Eliciting information
a social engineering technique where attackers gather information about the victim through these various means:
Pretexting – creating a fabricated scenario, for example, Hello, sir. My name is Wendy. And I’m from Microsoft Windows. This is an urgent check-up call for your computer, as we have found several problems with it. Obviously, they’re not calling from Microsoft Windows. And Wendy is not a representative of Microsoft. This is someone who is trying to either gain access to your computer to convince you there is something wrong with it and to pay them to fix it or to gain access to your computer so that it can then participate in a botnet.
Phishing – using deceptive emails, web sites to trick the user.
Impersonation
Baiting – offering free software – enticing.
Quid pro quo – offering something for something
Whaling
A whaling attack is a kind of phishing scam and CEO fraud that targets high profile executives with access to highly valuable information. In a whaling attack, hackers use social engineering to trick users into divulging bank account data, employee personnel details, customer information or credit card numbers, or even to make wire transfers to someone they believe is the CEO or CFO of the company. Whale phishing is generally more difficult to detect than standard phishing attacks, as these attacks often do not use malicious URLs or weaponized attachments.
Prepending
Prepending is adding something to an exchange that furthers a threat actors goals. An example would be adding ‘URGENT’ or ‘RESPONSE REQUIRED’ to the subject of an email message (in which I want the victim to select a button to initiate some action). In these examples I’m trying top create a sense of urgency so my victim won’t fully think through their response and just do what I want them to do (press the button).
reconnaissance
Active reconnsaissance
Actively gathering information or probing, where the tester is actively interacts with the system to gather information. This may be through automated scanning or manual testing using various tools like ping, traceroute, netcat etc
Passive reconnaissance
This is when testers gather information about a system without actively interacting with the system. It does not require direct communication with the target. They collect information from publicly available sources like web sites and public databases. Some of the most common tools used in passive reconnaissance include social engineering, whois records, and search engines.
Phishing
The fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
The most common examples of phishing emails are:
The fake invoice scam.
Email account upgrade scam.
Advance-fee scam.
Google Docs scam.
PayPal Scam.
Message from HR scam.
Dropbox scam.
The council tax scam.
watering hole attack
a cyberattack targeting a particular organization, in which malware is installed on a website or websites regularly visited by the organization’s members in order to infect computers used within the organization itself.
What are some of the techniques that the threat actors use for watering hole attacks?
What techniques do hackers use in watering hole attacks?
Cross-site scripting (XSS): With this injection attack, a hacker can insert malicious scripts into a site’s content to redirect users to malicious websites.
SQL Injection: Hackers can use SQL injection attacks to steal data.
DNS cache poisoning: Also known as DNS spoofing, hackers use this manipulation technique to send targets to malicious pages.
Drive-by downloads: Targets at a watering hole may download malicious content without their knowledge, consent, or action in a drive-by download.
Malvertising: Known as malvertising, hackers inject malicious code in advertisements at a watering hole to spread malware to their prey.
Zero-day exploitation: Threat actors can exploit zero-day vulnerabilies in a website or browser that watering hole attackers can use.
Typosquatting
attackers registering domain names that are like the legitimate ones.
Influence campaigns
A phishing technique. A coordinated effort by different communication channels with the aim of shaping the perception and opinion, spreading propaganda or misinforming the target audience. These campaigns are from political groups or nation states. These acts can even be conducted in person.
Hybrid warfare
using military tactics, cyber tactics with non-traditional and unconventional means to influence operations. It operates in multiple domains such land, air, sea, and cyberspace. It uses propaganda and disinformation while executing the attack.
