30/08/2024
Spoofing: This is an attack to gain access to a target system through the use of a falsified identity. Spoofing can be used against IP addresses, MAC addresses, usernames, system names, wireless network SSIDs, email addresses, and many other
types of logical identification.
DOS/DDOS: A denial-of-service (DoS) attack is a network resource consumption attack that has the primary goal of preventing legitimate activity on a victimized system. Attacks involving numerous unsuspecting secondary victim
systems are known as distributed denial-of-service (DDoS) attacks. Worms pose a significant risk to network security. They contain the same destructive potential as other malicious code objects with an added twist—they propagate themselves without requiring any human intervention.
on-path attack: In an on-path attack, attackers place themselves between two devices, often between a web browser and a web server, to intercept or modify information that is intended for one or both of the endpoints. On-path attacks are also known as man-in-the-middle (MITM) attacks.
Advanced persistent threat (APT): refers to threats that demonstrate an unusually high level of technical and operational sophistication spanning months or even years. APT attacks are often conducted by highly organized groups of attackers. A, that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating systems or
otherwise annoying or disrupting the victim.
Virus: The computer virus is perhaps the earliest form of malicious code to plague security administrators. As with biological viruses, computer viruses have two main
functions—propagation and destruction. A virus is a self-replicating piece of code that spreads without the consent of a user, but frequently with their assistance—for example, a user must click on a link or open a file.
Trojan: Named after the ancient story of the Trojan
horse, the Trojan is a software program that appears benevolent but carries a malicious, behind-the-scenes payload that has the potential to wreak havoc on a system or network. For example, ransomware often uses a Trojan to infect a target machine and
then uses encryption technology to encrypt documents, spreadsheets, and other files stored on the system with a key known only to the malware creator.
Side-channel: A side-channel attack is a passive, noninvasive attack to observe the operation of a device. Methods
include power monitoring, timing, and fault analysis attacks.
Insider threats: are threats that arise from individuals who are trusted by the organization. These could be disgruntled
employees or employees involved in espionage. Insider threats are not always willing participants. A trusted user who
falls victim to a scam could be an unwilling insider threat.
Ransomware: Malware used to facilitate
a ransom attack. Ransomware attacks often use cryptography to “lock” the files on an affected computer and
require the payment of a ransom fee in return for the “unlock” code.
