Types of Attacks - CompTIA Security+

 Types of Attacks

Social Engineering

            There are several “principles” (reasons for effectiveness) of Social Engineering:

      • Authority
      • Intimidation
      • Scarcity
      • Urgency
      • Familiarity/liking
      • Trust        
             Any of these principles could help an attacker trick a victim into divulging information or unwittingly aiding in an attack.

Phishing
            Phishing is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.
            User training needs to happen in order to be effective in stopping phishing attempts.

Vishing
            Vishing (Voice Phishing or VoIP Phishing) is phishing using the telephone as a means to find a target.
            The hacker will typically use a war dialer to send a recorded message stating that there is an error with a victims credit card or bank account and leave a number to call back.
            If the victim calls back, they will usually be asked personal information, such as SS# or account numbers.

Spear Phishing
            Spear phishing is an email spoofing fraud attempt that targets a specific organization in order to seek unauthorized access to confidential data.
            Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain, trade secrets, or military information.
            Spear phishing targets specific employees of a company.

Whaling
            Whaling is a type of spear-phishing that targets executives and high-profile targets (the “big fish”).
            For example, a company may have bios of its executive officers on a corporate website. This information may be used by a social engineer to create a targeted spear phishing attack to the corporate officer.

Piggybacking
            Piggybacking is when an authorized person allows (intentionally) others to pass through on their security principles.
            Double entry doors, security guards, and turnstiles would be used to deter piggybacking.
            Tailgating is the act of an unauthorized, or authorized, person who follows someone to a restricted area without the consent of the authorized person.
        
Impersonating
            Impersonating is when someone tries to pass themselves off as someone else.
            A simple strategy used to obtain information and/or access for a future attack.
• “This is X website you’re subscribed to and we need you to tell us your password.”

Shoulder Surfing
            Shoulder surfing refers to using direct observation techniques, such as looking over someone's shoulder, to get information.
            Using password masking, privacy screens, and proximity readers instead of key-punch locks are ways to mitigate shoulder surfing.
            Using password masking, privacy screens, and proximity readers instead of key-punch locks are ways to mitigate shoulder surfing.
            Use a shredder or shredding service to prevent this.

Watering Hole Attack
            A Watering Hole Attack is when an attacker finds a website or service frequented by whichever specific group that the attacker is targeting.
            The associated malware is usually some form of spyware to collect information of the target group.
            Usually effective against targets even if they are trained against social engineering attacks, as it exploits an otherwise trusted website.

Comments

Popular posts from this blog

How to Install Java JDK on Linux using terminal commands

INSTALLING SUBLIME TEXT 3 ON UBUNTU OR OTHER LINUX DISTROS

INFORMATION SECURITY

7 DOMAINS of IT

HOW TO INSTALL CISCO PACKET TRACER ON UBUNTU 16.04 LTS Or NEW Versions of Ubuntu