Types of Attack Flashcards
Ransomware
Malicious software that encrypts files and demands payment for their release.
Trojans
Programs that appear legitimate but contain malicious code.
Malicious software that encrypts files and demands payment for their release.
Ransomware
Programs that appear legitimate but contain malicious code.
Trojans
Worms
Self-replicating malware that spreads across networks.
Self-replicating malware that spreads across networks.
Worms
Potentially Unwanted Programs (PUPs)
Software that may have unwanted effects, often bundled with legitimate applications
What term refers to software applications that exhibit undesirable behavior?
Potentially Unwanted Programs (PUPs)
Describe a fileless virus.
A fileless virus is a type of malware that operates in memory without leaving traces on disk, making detection challenging for traditional antivirus software.
What type of malware operates in memory without leaving traces on disk?
Fileless virus
What is Command and Control (C&C) ?
Command and control refers to the communication channel used by attackers to control compromised devices and exfiltrate data from targeted systems.
What term describes the communication channel used by attackers to control compromised devices?
Command and control
Define bots in cybersecurity.
Bots are automated software agents that perform tasks, often maliciously, without human intervention, such as spreading malware or launching DDoS attacks.
What are automated software agents that perform tasks, often maliciously?
Bots
Explain cryptomalware.
Cryptomalware is a type of malware that encrypts files or systems and demands ransom for decryption, often using strong encryption algorithms.
What type of malware encrypts files and demands ransom for decryption?
Cryptomalware
What are logic bombs?
Logic bombs are code snippets inserted into systems to execute a malicious action at a specific time or after a triggering event, often causing system disruptions or data loss.
What type of code is inserted into systems to execute a malicious action at a specific time or event?
Logic bombs
Define spyware.
Spyware is a type of malware that secretly gathers information about a user’s activities without their consent, often for advertising or espionage purposes.
What type of malware secretly gathers information about a user’s activities?
Spyware
Describe keyloggers.
Keyloggers are software or hardware devices designed to record keystrokes, capturing sensitive information such as passwords or credit card numbers.
What software or hardware devices record keystrokes?
Keyloggers
What is a Remote Access Trojan (RAT)?
A Remote Access Trojan is a type of malware that provides unauthorized access to a victim’s system, allowing remote control by an attacker.
What type of malware provides unauthorized access to a victim’s system for remote control?
Remote Access Trojan (RAT)
Define rootkit.
A rootkit is a type of malware that is designed to conceal its presence or the presence of other malware on a system, often granting privileged access to attackers.
What type of malware is designed to conceal its presence on a system?
Rootkit
What is a backdoor?
A backdoor is a hidden entry point into a system or software application that allows unauthorized access to attackers.
What term describes a hidden entry point into a system or software application?
Backdoor
What is password spraying?
Password spraying is a technique used by attackers to attempt a few common passwords against many accounts, reducing the risk of detection by avoiding multiple failed login attempts.
What technique involves trying a few common passwords against many accounts?
Password spraying
Describe a dictionary attack.
A dictionary attack is a type of password attack where an attacker uses a precompiled list of common passwords or dictionary words to attempt unauthorized access to user accounts.
What type of password attack uses a precompiled list of common passwords or words?
Dictionary attack
What is a brute force attack?
A brute force attack is a password attack method where attackers systematically try all possible combinations of characters until the correct password is found.
What password attack method involves trying all possible combinations of characters?
Brute force attack
Explain a rainbow table attack.
A rainbow table attack is a type of password attack where attackers use precomputed tables of hash values to quickly crack hashed passwords.
What type of password attack uses precomputed tables of hash values?
Rainbow table attack
Describe plaintext/unencrypted password attacks.
Plaintext/unencrypted password attacks involve intercepting passwords sent over a network or stored in a system without encryption, allowing attackers to obtain them easily.
What type of password attack involves intercepting passwords without encryption?
Plaintext/unencrypted password attack
What is a physical attack involving USB cables?
A physical attack using a malicious USB cable involves using specially modified USB cables to compromise devices when connected.
What type of physical attack involves using specially modified USB cables?
Malicious Universal Serial Bus (USB) cable attack
Define a physical attack using a flash drive.
A physical attack using a malicious flash drive involves infecting a USB flash drive with malware and leaving it in a public place for unsuspecting victims to plug into their devices.
What type of physical attack involves infecting USB flash drives with malware?
Malicious flash drive attack
What is card cloning?
Card cloning is a physical attack where attackers create duplicate copies of credit or debit cards, typically by skimming information from legitimate cards.
What physical attack involves creating duplicate copies of credit or debit cards?
Card cloning
Describe skimming in terms of physical attacks.
Skimming is a physical attack where attackers use devices to capture data from the magnetic stripe of credit or debit cards during legitimate transactions.
What physical attack involves capturing data from the magnetic stripe of cards?
Skimming
What is tainted training data in adversarial AI?
Tainted training data refers to maliciously modified or manipulated data used to train machine learning models, leading to biased or compromised results.
What term describes maliciously modified data used to train machine learning models?
Tainted training data
Describe the security aspect of machine learning algorithms.
The security of machine learning algorithms refers to protecting models from adversarial attacks, ensuring they are robust and resistant to manipulation or exploitation.
What aspect of machine learning involves protecting models from adversarial attacks?
Security of machine learning algorithms
What are supply-chain attacks?
Supply-chain attacks are cyberattacks that target vulnerabilities in the software supply chain, aiming to compromise products or services before they reach end-users.
What type of cyberattacks target vulnerabilities in the software supply chain?
Supply-chain attacks
Compare cloud-based and on-premises attacks.
Cloud-based attacks target resources and data hosted in cloud environments, while on-premises attacks target resources and data stored within an organization’s physical infrastructure.
What type of attacks target resources and data hosted in cloud environments?
Cloud-based attacks
What is a Birthday cryptographic attack?
The Birthday cryptographic attack exploits the birthday paradox to find collisions in hash functions more efficiently than brute force methods.
What type of cryptographic attack exploits the birthday paradox?
Birthday cryptographic attack
Describe a collision cryptographic attack.
A collision cryptographic attack aims to find two different inputs that produce the same hash value, compromising the integrity of hash functions.
What type of cryptographic attack aims to find two inputs producing the same hash value?
Collision cryptographic attack
Explain a cryptographic downgrade attack.
A cryptographic downgrade attack exploits weaknesses in cryptographic protocols to force communication partners to use older, less secure encryption algorithms.
What type of attack exploits weaknesses in cryptographic protocols to force the use of less secure encryption algorithms?
Cryptographic downgrade attack
