Malware
Malware is any malicious software or code that is designed to harm or compromise a computer, network or system. Malware can be delivered through various means, such as phishing emails, malicious links, infected downloads, removable media or software vulnerabilities. Malware can have different purposes and effects, such as:
• Blocking access to key components of the system and demanding a ransom for their release (ransomware)
• Installing additional malware or harmful software on the system (trojan)
• Covertly collecting and transmitting data from the system (spyware)
• Disrupting or destroying certain components or functions of the system (virus, worm)
• Logging and stealing the keystrokes of the user (keylogger)
• Creating a network of infected devices that can be remotely controlled by the attacker (botnet)
• Hijacking the computing resources of the system to mine cryptocurrency (cryptojacking)
Denial-of-service (DoS) attack
A denial-of-service (DoS) attack is an attempt to overwhelm a system or network with more requests or traffic than it can handle, resulting in its slowdown or shutdown. A DoS attack can be launched by a single source or by multiple sources in a coordinated manner (distributed denial-of-service or DDoS attack). A DoS attack can target different layers of a system or network, such as:
• The network layer, by flooding the system with packets that consume its bandwidth or processing power (e.g., SYN flood, UDP flood, ICMP flood)
• The transport layer, by exploiting vulnerabilities in the protocols that establish and maintain connections between systems (e.g., TCP reset attack, TCP SYN cookie attack)
• The application layer, by sending requests that exhaust the resources of the application server or service (e.g., HTTP flood, slowloris attack)
Phishing
Phishing is a form of social engineering that involves sending fraudulent communications that appear to come from a legitimate source, usually via email. The goal of phishing is to trick the recipient into clicking on a malicious link, opening a malicious attachment, or providing sensitive information such as login credentials, credit card details, or personal data. Phishing can be used to:
• Install malware on the recipient’s device
• Steal the recipient’s identity or accounts
• Conduct fraudulent transactions or transfers
• Compromise the recipient’s network or organization
Spoofing
Spoofing is a technique that involves impersonating another person, device, or service on a network or online. Spoofing can be used to:
• Bypass authentication or authorization mechanisms
• Gain access to restricted resources or information
• Manipulate data or traffic
• Launch other attacks such as phishing or man-in-the-middle
Some examples of spoofing are:
• IP spoofing, where an attacker sends packets with a forged source IP address
• Email spoofing, where an attacker sends emails with a forged sender address
• DNS spoofing, where an attacker alters DNS records to redirect traffic to a malicious site
• ARP spoofing, where an attacker associates their MAC address with another IP address on a local network
Identity-based attacks
Identity-based attacks are attacks that exploit the identity and access management (IAM) systems of an organization or service. IAM systems are responsible for verifying the identity and permissions of users and devices on a network or online. Identity-based attacks can involve:
• Credential theft, where an attacker obtains the username and password of a legitimate user
• Credential stuffing, where an attacker tries to use stolen credentials from one service on another service
• Password spraying, where an attacker tries to use common passwords on multiple accounts
• Brute force attack, where an attacker tries to guess passwords by trying different combinations
• Privilege escalation, where an attacker gains higher-level access than they are authorized for
Code injection attacks
Code injection attacks are attacks that involve inserting malicious code into an application or system. The malicious code can then be executed by the application or system, resulting in unauthorized actions or data breaches. Code injection attacks can target different types of code or data formats, such as:
• SQL injection, where an attacker injects SQL commands into a database query
• Cross-site scripting (XSS), where an attacker injects JavaScript code into a web page
• Command injection, where an attacker injects shell commands into an application
• XML injection, where an attacker injects XML elements into an XML document
Supply chain attacks
Supply chain attacks are attacks that target the suppliers or partners of an organization or service. The goal of supply chain attacks is to compromise the products or services that are delivered to the end customers. Supply chain attacks can involve:
• Tampering with hardware components during manufacturing or delivery
• Injecting malware into software updates or patches
• Compromising third-party vendors or providers that have access to customer data or systems
• Exploiting vulnerabilities in third-party libraries or frameworks used by applications
Insider threats
Insider threats are threats that originate from within an organization or service. Insider threats can be caused by:
• Malicious insiders, who intentionally harm their employer or customers for personal gain, revenge, ideology, etc.
• Negligent insiders, who unintentionally expose data or systems due to carelessness, ignorance, error, etc.
• Compromised insiders, who are coerced or manipulated by external actors to act against their employer or customers
Insider threats can result in data theft, sabotage, fraud, espionage, etc.
DNS tunneling
DNS tunneling is a technique that involves using DNS queries and responses to covertly transmit data over a network. DNS tunneling can be used for legitimate purposes such as bypassing firewalls or censorship. However, it can also be used for malicious purposes such as:
• Exfiltrating data from compromised systems
• Establishing command and control channels for malware
• Evading detection and analysis by security tools
IoT-based attacks
IoT-based attacks are attacks that target Internet of Things (IoT) devices such as smart appliances, sensors, cameras, etc. IoT devices are often vulnerable to attacks due to poor security practices such as default passwords, unencrypted communications, outdated firmware, etc. IoT-based attacks can involve:
• Hijacking IoT devices and adding them to botnets for launching DDoS attacks
• Spying on users through IoT cameras and microphones
• Manipulating IoT devices to cause physical damage or harm
