Threats and attacks Flashcards
What is a threat in the context of security?
A threat represents a potential security harm to an asset.
What happens when a threat succeeds
The threat materializes
Define an attack.
An attack is a threat that is carried out and if successful, leads to an undesirable violation of security.
What is an active attack?
An attempt to alter system resources or affect their operation.
What is a passive attack?
An attempt to learn or make use of information from the system that does not affect system resources.
List types of active attacks on communication lines and networks.
- Masquerade - One entity pretends to be another
- Modify messages
- Denial of service
What is a buffer overflow?
A programming error that occurs when a program writes more data to a buffer (a temporary storage location in memory) than it can hold.
What can happen when a buffer overflows?
The excess data can overwrite adjacent memory locations, leading to unpredictable behavior, data corruption, crashes, or vulnerabilities that attackers can exploit.
What can attackers do with a buffer overflow?
They can crash a system or insert specially crafted code to gain control of the system.
What are scripting attacks?
A type of cyber attack that exploits vulnerabilities in web applications through malicious scripts. These attacks typically involve injecting harmful code into a web application, which is then executed by a user’s browser
What is SQL injection?
A web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database.
Define malware.
A program that is inserted into a system with the intent of compromising confidentiality, integrity, or availability.
What is a virus?
A piece of malicious code that replicates by attaching itself to another piece of executable code. When the other executable code is run, the virus also executes and has the opportunity to infect other files and perform any other nefarious actions it was designed to do (the payload). Infection can be through exchange programs or carrier files on disk or USB stick; or over a network
How do worms differ from viruses?
Worms penetrate networks and systems without needing to attach to other code; they can reproduce independently.
What is a Trojan horse?
A piece of software that appears to do one thing but hides some other functionality.
What is ransomware?
A type of malware that encrypts user data and demands payment to access the key for recovery.
What are logic bombs?
Malicious software that sits dormant until an event invokes its payload.
What is a botnet?
A network of compromised computers controlled remotely by an attacker. These infected devices, called bots or zombies, are used to perform malicious activities without the owner’s knowledge
Can be used for ddos, spamming, spreading malware, etc.
Define spyware.
A type of malware that secretly gathers information from a user’s device.
What is a keylogger?
A type of malware that records every keystroke a user types on a keyboard.
What is phishing?
A cyber attack where attackers impersonate legitimate entities to deceive individuals into revealing sensitive information.
What distinguishes spear phishing from regular phishing?
Spear phishing is a targeted form of phishing that customizes messages for specific individuals or organizations.
What is a backdoor?
A method of bypassing normal authentication procedures to gain unauthorized access to a system.
Define a rootkit.
A type of malware designed to gain unauthorized access while hiding its presence. Rootkits allow attackers to maintain control over a system and evade detection, often functioning at a low level within the operating system.
What is an attack surface?
The reachable and exploitable vulnerabilities in a system.
List the categories of attack surfaces.
- Network attack surface - Refers to vulnerabilities over a network or the internet. Included here are network protocol vulnerabilities such as denial-of-service attacks, disruption of communications links, etc.
- Software attack surface - This refers to vulnerabilities on application, utility, or operation system code. A focus in this category is Web server software.
- Human attack surface - Refers to vulnerabilities created by personal or outsiders, such as social engineering, human errors, and trusted insiders.
What is an attack tree?
A branching, hierarchical data structure that represents a set of potential techniques for exploiting security vulnerabilities.