Security+ Attack Types and Terms!!
Phishing - Answer : In This attack, the attacker sends an email that seems to come from
a respected bank or other financial institution, claiming that the recipient needs to
provide an account number, Social Security number, or other private information to the
sender in order to verify an account
Spear Phishing - Answer A phishing technique when attackers target a specific
individual or institution
Whaling - Answer is a form of spear phishing that targets individuals or organizations
that are known to possess a good deal of wealth
Vishing - Answer is a human-based attack where the goal is to extract personal,
financial, or confidential
information from the victim by using services such as the telephone system and IP-
based voice
messaging services as the communication medium. This is also called voice phishing
Tailgating - Answer This is a human-based attack where the attacker enters a secure
area by following a legitimate employee without the employee's knowledge or
permission
Piggy Backing - Answer Similar to tailgating, this is a situation where the attacker enters
a secure area with an employee's permission
Impersonation - Answer is a human-based attack where an attacker pretends to be
someone they are not. A
common scenario is when the attacker calls an employee and pretends to be calling
from the help desk.
Dumpster Diving - Answer A human-based attack where the goal is to
reclaim important information by inspecting
the contents of trash containers
Shoulder Surfing - Answer This is an attack where the goal is to look over the shoulder
of an individual as he or she enters password information or a PIN
Hoax - Answer is an email-based, IM-based, or web-based attack that is intended to
trick the user into performing unnecessary or undesired actions, such as deleting
important system files in an attempt
to remove a virus. It could also be a scam to convince users to give up important
information or
money for an interesting offer
Watering Hole Attack - Answer is when the attacker targets specific groups or
organizations, discovers which websites they frequent, and injects malicious code into
those sites
, Security+ Attack Types and Terms!!
DoS - Answer is a type of network attack in which an attacker attempts to disrupt or
disable systems that provide network services by various means, including:
• Flooding a network link with data to consume all available bandwidth.
• Sending data designed to exploit known flaws in an application.
• Sending multiple service requests to consume a system's resources.
• Flooding a user's email inbox with spam messages, causing the genuine messages to
get bounced back to the sender
DDoS - Answer is a type of DoS attack that uses multiple
computers on disparate networks to launch the attack from many simultaneous sources.
The
attacker introduces unauthorized software that turns the computer into a zombie/drone
that directs the computers to launch the attack
Slashdot Effect - Answer is a sudden, temporary surge in traffic to a website that occurs
when another website or other source posts a story that refers visitors to the victim
website. This effect is more noticeable on smaller websites, and the increase in traffic
can slow a website's response times or make it impossible to reach altogether
MITM (Man-in-the-Middle) - Answer is a form of eavesdropping where the attacker
makes an independent connection between two victims (two clients or a client and a
server) and relays information between the two victims as if they are directly talking to
each other over a closed connection, when in reality the attacker is controlling the
information that travels between the two victims
Buffer Overflow - Answer An attack in which data goes past the boundary of the
destination buffer
and begins to corrupt adjacent memory. This causes an app to crash or reboot, and
may execute rogue code on a system or result in loss of data
Injection - Answer A broad field of attacks involving a hacker forcing additional input into
a program, which is then processed by a user
Cross-site scripting (XSS) Attack - Answer A web application attack that is directed
toward sites with dynamic content. This is done by introducing malicious scripts into a
trusted website. Since the website is trusted, the victim's browser grants the script the
same permissions as the rest of site, and its malicious code is able to
run. XSS attacks are similar to watering hole attacks
Cross-Site Forgery Request (CSFR) - Answer A web application attack that takes
advantage of the trust established between an authorized user of a website and the
website itself. This type of attack exploits a web browser's trust in a user's unexpired
browser cookies
Phishing - Answer : In This attack, the attacker sends an email that seems to come from
a respected bank or other financial institution, claiming that the recipient needs to
provide an account number, Social Security number, or other private information to the
sender in order to verify an account
Spear Phishing - Answer A phishing technique when attackers target a specific
individual or institution
Whaling - Answer is a form of spear phishing that targets individuals or organizations
that are known to possess a good deal of wealth
Vishing - Answer is a human-based attack where the goal is to extract personal,
financial, or confidential
information from the victim by using services such as the telephone system and IP-
based voice
messaging services as the communication medium. This is also called voice phishing
Tailgating - Answer This is a human-based attack where the attacker enters a secure
area by following a legitimate employee without the employee's knowledge or
permission
Piggy Backing - Answer Similar to tailgating, this is a situation where the attacker enters
a secure area with an employee's permission
Impersonation - Answer is a human-based attack where an attacker pretends to be
someone they are not. A
common scenario is when the attacker calls an employee and pretends to be calling
from the help desk.
Dumpster Diving - Answer A human-based attack where the goal is to
reclaim important information by inspecting
the contents of trash containers
Shoulder Surfing - Answer This is an attack where the goal is to look over the shoulder
of an individual as he or she enters password information or a PIN
Hoax - Answer is an email-based, IM-based, or web-based attack that is intended to
trick the user into performing unnecessary or undesired actions, such as deleting
important system files in an attempt
to remove a virus. It could also be a scam to convince users to give up important
information or
money for an interesting offer
Watering Hole Attack - Answer is when the attacker targets specific groups or
organizations, discovers which websites they frequent, and injects malicious code into
those sites
, Security+ Attack Types and Terms!!
DoS - Answer is a type of network attack in which an attacker attempts to disrupt or
disable systems that provide network services by various means, including:
• Flooding a network link with data to consume all available bandwidth.
• Sending data designed to exploit known flaws in an application.
• Sending multiple service requests to consume a system's resources.
• Flooding a user's email inbox with spam messages, causing the genuine messages to
get bounced back to the sender
DDoS - Answer is a type of DoS attack that uses multiple
computers on disparate networks to launch the attack from many simultaneous sources.
The
attacker introduces unauthorized software that turns the computer into a zombie/drone
that directs the computers to launch the attack
Slashdot Effect - Answer is a sudden, temporary surge in traffic to a website that occurs
when another website or other source posts a story that refers visitors to the victim
website. This effect is more noticeable on smaller websites, and the increase in traffic
can slow a website's response times or make it impossible to reach altogether
MITM (Man-in-the-Middle) - Answer is a form of eavesdropping where the attacker
makes an independent connection between two victims (two clients or a client and a
server) and relays information between the two victims as if they are directly talking to
each other over a closed connection, when in reality the attacker is controlling the
information that travels between the two victims
Buffer Overflow - Answer An attack in which data goes past the boundary of the
destination buffer
and begins to corrupt adjacent memory. This causes an app to crash or reboot, and
may execute rogue code on a system or result in loss of data
Injection - Answer A broad field of attacks involving a hacker forcing additional input into
a program, which is then processed by a user
Cross-site scripting (XSS) Attack - Answer A web application attack that is directed
toward sites with dynamic content. This is done by introducing malicious scripts into a
trusted website. Since the website is trusted, the victim's browser grants the script the
same permissions as the rest of site, and its malicious code is able to
run. XSS attacks are similar to watering hole attacks
Cross-Site Forgery Request (CSFR) - Answer A web application attack that takes
advantage of the trust established between an authorized user of a website and the
website itself. This type of attack exploits a web browser's trust in a user's unexpired
browser cookies
