Vol 2: A Beginner’s Guide to Cybersecurity Lingo
We are diving into our second installment of the cybersecurity terms you need to know in order to protect your operation from a cyber attack.
Outlined below are various types of cyber attacks and how the hacker operates them. Understanding these types of attacks will help you mitigate risks. Make sure to bookmark this page so you can reference it whenever you find yourself asking “what does that mean again?”
Types of Cyber Attacks
- Brute Force Attacks – In this type of attack, a cybercriminal will try as many passwords or passphrases with the hope of eventually guessing a combination correctly and gaining access to private information. The attack may systematically check all password combinations until the correct one is found.
- Consent Phishing – A type of social engineering attack that tricks a victim into granting a malicious app access to sensitive data or other resources. This attack happens frequently via email and can be hard to decipher as spam.
- Cross-Site Scripting – Cross-Site Scripting (XSS) is a type of security vulnerability found in web applications. The attack usually consists of a malicious script in data sent to an end-user from a web search or a contact form. Flaws that allow these types of attacks are widespread and occur anywhere a web application uses input from a user.
- Data Breach – A data breach exposes personal, confidential, or protected information to an unauthorized threat. The files in a data breach are retrieved, viewed, and/or shared without permission.
- DDoS – Distributed Denial of Service Attack (DDoS) is when a perpetrator seeks to make a machine or network resource unavailable to its users. It disrupts its targets, like a server, website, or other networks by flooding them with an excessive number of requests.
- DNS Hijacking – Also referred to as DNS redirection, this type of attack redirects visitors away from a reputable domain or URL. Instead of sending the visitor to the website they intended, hackers can intercept and redirect them to another malicious place.
- Drive-By Attack – This type of attack refers to the unintentional download of malicious code that exposes a user to different types of threats. Cybercriminals may steal and collect personal information, inject banking trojans or introduce other types of malware. This attack does not require a user to click on anything to initiate the download, instead simply accessing or browsing a website can activate this attack.
- Golden Ticket Attack – When an attacker has complete and unrestricted access to an entire domain including files, folders, and access control is a Golden Ticket attack. It is particularly negative because it allows attackers to gain access to many parts of a network.
- Web Shell – A web shell attack happens when a cyber attacker can inject their file into the web server’s directory so they can later instruct the webserver to execute that file. This attack can be as simple as a single line of code added to a legitimate page and can wreak havoc at a later date.
- Ransomware – Ransomware is a type of malware that threatens to publish a victim’s data or perpetually block access until a ransom is paid. The most recent and publicized case was the Colonial Pipeline, which paid a controversial $4 million ransom the day after discovering ransomware on its systems in early May 2021.
- Security Misconfigurations – These are security controls that are inaccurately configured or left without protection, putting data at risk. Any poorly defined or undocumented changes, default settings, or technical issues across any component could lead to a misconfiguration.
- Social Engineering – What differentiates social engineering from other cyberattacks is the human-centered approach. These attacks feed into human nature, using principles of influence, manipulation, or deceit to gain access to information. Social engineering is sophisticated because of the deception necessary to invoke a person into disclosing information.
While this might seem a little overwhelming at first, familiarizing yourself with the most common cyber attacks is essential. Knowing these terms can save your company, employees, clients, and more. Stay tuned for Vol 3: A Beginner’s Guide to Cybersecurity Lingo in 2022, where we dive into more terms you need to know.
Click here to learn more about how Secuvant’s superior cybersecurity services can benefit your organization and to talk with a Secuvant expert today.