Threats attacks vulnerability Flashcards
Eliciting information
the act of drawing out or calling forth information or a response. It can be used in a variety of contexts, including social work, questioning, and social engineering.
Prepending
the technique where malicious characters or code are added at the beginning of a legitimate file, string, or command
Invoice scams
a type of phishing scam that involve sending an invoice or bill to an individual or company to request payment for goods or services
Identity fraud
when someone tries to steal and use your personally identifiable information to defraud or harm you.
Credential harvesting
is a cyberattack technique that involves stealing personal or financial data from users
Reconnaissance
a critical phase in the cyber attack lifecycle where threat actors gather information about potential targets and vulnerabilities to help them find attack paths
Hoax
take the form of false virus alerts (such as the “Good Times” hoax), chain letters, or attempts to spread false information about some issue (such as warnings that the Federal Government is about to tax e-mail).
Impersonation
is an act of fraudulently or dishonestly making use of the electronic signature, password or any other unique identification feature of any other person.
Hybrid warfare
combine military and non-military as well as covert and overt means, including disinformation, cyber attacks, economic pressure, deployment of irregular armed groups and use of regular forces.
Authority
is the process of giving a user permission to access a resource, such as a document, application, website, or physical location
Intimidation
when a social engineer attempts to intimidate a victim by trying to appear superior to the victim
Consensus
when a social engineer convinces victims they can be trusted.
Scarcity
a psychological manipulation technique that uses scarcity to create a false sense of urgency and make a victim feel they must act quickly
Familiarity
when a social engineer attempts to use charisma or likeability to get a victim to complete a request
Trust
the phrase used to describe the many actions involved when an individual or group engages in lying and using technology to manipulate trust relationships.
Urgency
make victims act quickly without noticing suspicious signs.
State actors
government-affiliated hackers or other groups that are funded or directed by a nation-state to conduct malicious cyber activities.
Hacktivists
the use of cyber space to perform hacking activities to achieve social or political goals
Criminal syndicates
Cybercriminal groups are made up of hackers, developers, and other tech professionals who work together to carry out large-scale online heists.
Advanced persistent threat (APT)
a covert cyber attack on a computer network where the attacker gains and maintains unauthorized access to the targeted network and remains undetected for a significant period.
Insider threats
a cyber security risk that originates from within an organization. It typically occurs when a current or former employee, contractor, vendor or partner with legitimate user credentials m
