[CERTMaster]
SMiShing - a phishing technique that uses SMS text communications as the attack vector. May include a link to a fake website
asking a user to log in.
Spam - unsolicited messages, like email, are sent in bulk to users for advertisements or to deliver malware
SPIM - a spam (or mass unsolicited messages) but over instant messaging or Internet messaging services
Phising - a type of email-based social engineering attack. The attacker sends an email from a supposedly reputable source, such
as a bank, to try to elicit private information from the victim.
Spear phishing - refers to a phishing scam where the attacker has some information that makes an individual target more likely
to be fooled by the attack. The attacker might know the details that help convince the target that the communication is genuine.
Vishing - A phising attack conducted through a voice channel (telephone or VoIP, for instance). Someone may attempt to
represent a bank and ask the target to verify information over the phone.
Hoax attack - an email alert or web pop-up will claim to have identified some sort of security problem, such as a virus infection,
and offer a tool to fix the problem. The tool, of course, will be some sort of Trojan application.
Typosquatting -
Scarcity and urgency - creating a false sense of urgency can disturb people's ordinary decision-making process. The social
engineer can try to pressure his or her target by demanding a quick response.
Consensus/Social Proof - an attacker fools users into believing that a malicious website is legitimate by posting fake reviews. The
victims believe the reviews and place their trust in the website.
Familiarity/liking - one of the basic tools of an attacker is to be likeable and to present the requests they make as completely
reasonable and unobjectionable.
Authority - Social engineers can try to intimidate their target by pretending to be someone else, such as someone of authority, or
superior rank or expertise.
Pharming -
Whaling - an attack directed specifically against upper levels of management
Trust - to be convincing (or to establish trust). Usually depends on the attacker obtaining privileged information. An impersonation
attack is more effective if the attacker knows the information about the employee.
Dumpster Diving -
Tailgating and Lunchtime Attacks - Tailgating is getting unauthorized access to a building by following someone. A lunchtime
attack refers to an attack on a user who leaves a workstation unattended while logged on.
Spyware- a program that monitors user activity and sends the information to someone else. This can occur with or without the user's
knowledge
Rogueware - a fake antivirus web pop-up that claims to have detected viruses on the computer and prompts the user to initiate a full
scan, which installs the attacker's Trojan.
[CLC website]
Social Engineering Attacks:
- Impersonation & Hoaxing
- Tailgating and Piggybacking
- Shoulder Surfing
- Dumpster Diving
- Phising, Spear phising, and Whaling
- Watering Hole Attacks (Social Networks)
- Vishing and Smishing
Hijacking and Related Attacks:
- Click Jacking
- Session Hijacking
- URL Hijacking
- Typosquatting
Driver Manipulation Attacks:
- Shimming dfsa
- Refactoring
[CERTMaster]
- logic bomb- a malicious program or script set to run under particular circumstances or in response to a
defined event, such as the admin's account becoming disabled.
- a worm - a type of virus that spreads through memory and network connections, rather than infecting files.
Also defined as memore-resident viruses that replicate over network resources. **Note: the primary
effect of a worm infestation is to rapidly consume network bandwidth as the worm replicates.
- Remote access trojan (RAT) - functions as a backdoor and allows the attacker to access the PC, upload files,
and install software on it. **Also referred to as Rat backdoor applications - see CLC definition for more
- Mine - a scripted trap that runs in the event an account gets deleted or disabled. Anti-virus software is unlikely
to detect this kind of malicious script or program, so the security specialist would not be able to discover the
script during an investigation. The security specialist would uncover the mine once it gets executed and
causes damage.
- Rootkit - a backdoor malware that changes core system files and programming interfaces so that local shell
processes no longer reveal their presence.
- Trojan - a malicious program hidden within an innocuous-seeming piece of software. Usually, the
Trojan tries to compromise the security of the target computer.
- Adware - this software type can have a negative impact on performance & can include accepting a long
license agreement.
- Crypto-malware - a class of ransomware that attempts to encrypt data files. The user will be unable to access
the files without obtaining the private encryption key, held by the attacker.
- Spyware- a program that monitors user activity and sends the information to someone else. This can occur with
or without the user's knowledge
- Smurf Attack - the adversary spoofs the victim's IP address and pings the broadcast address of a third-party
network. Each host directs its echo responses to the victim server.
DDoS attack- a DoS launched from multiple, compromised computers. Handlers compromise multiple zombie
(agent) PC's with DoS tools (bots), forming a botnet.
mass-mail spam attack -
Trojan Horse Malware -
Skimming - using a counterfeit card reader to capture card details, which can then program a duplicate
Password spraying - a horizontal brute-force online attack. This means that the attacker chooses one
or more common passwords (for example, "password" or 123456) and tries to use them in conjunction with
multiple usernames.
Card cloning - refers to making one or more copies of an existing card.
Malicious charging - an attacker can place a malicious plug or charging cable in public locations to gain access to
a device connected to it.
Birthday attack - a type of brute force attack aimed at exploiting collisions in hash functions. A collision is where
a function produces the same hash value for 2 different plaintexts.
How to protect against birthday attacks:
- Encryption algorithms
- demonstrating collision avoidance
Pass-the-Hash attack - If an attacker obtains the hash of a user's password, it is possible to authenticate with
the hash, without cracking it.
Man-in-the-Middle (MitM) - a form of eaves dropping in which the attacker makes an independent connection
between two victims and steals information to use fraudently.
a downgrade attack - can facilitate a MitM by requesting that the serves use a lower specification protocol with
weaker ciphers and key lengths.
Computer Bots - those computers that the attacker has infected with a backdoor exploit with a connection to
the C2 host or network. These bots can work individually or in unison.
Command & Control (C2 or C&C) - a host or network that can manage and control the various bots remotely.
a rainbow table attack - a password attack that allows an attacker to use a set of plaintext passwords and
their hashes to crack passwords. **passwords not "Salted" with a random value make the ciphertext
vulnerable to this type of attack.
Dictionary attack - when software enumerates values in a dictionary wordlist. Enforcing password complexity
makes passwords difficult to guess and copromise. Varying the characters in the password makes it more
resistant to these attacks.
A hybrid password - will target against naively strong passwords. The password cracking algorithm tests
dictionary words and names in combination with numeric prefixes and/or suffixes.
Potentially Unwanted Program (PUP) - also called potentially unwanted applications (PUA). Software installed
alongside a package or from a computer store that the user did not request
virus - Malware that is not necessarily hidden and very noticeable by virus scanners. These usually come in the
form of (.exe) or Dynamic-link Library (DLL) files.
[CLC website: Types of Malware]
- Viruses
- worms
- trojans
- RATS - remote access trojans
- Common Vulnerabilites:
- national vulnerability database: nvd.nist.gov
- Ransomeware
- Cryptomalware
- Bots and Botnets
- Backdoors
- Rootkits
- Logic Bombs
- Keyloggers
- Stegomalware
- Polymorphic Packers
