Untitled

Phishing

Phishing is a form of cyber attack where an attacker disguises themselves as a trustworthy entity or organization to trick individuals into revealing sensitive information, such as usernames, passwords, or credit card details. This is usually done through deceptive emails, messages, or websites that mimic legitimate ones.

Smishing

Smishing is a type of phishing attack that occurs through SMS (text messaging) or other messaging platforms. Attackers send fraudulent messages to trick recipients into providing personal information or clicking on malicious links, often posing as a legitimate organization or contact.

Vishing

Vishing, short for "voice phishing," is a social engineering attack that utilizes voice communication, such as phone calls, to deceive individuals into divulging sensitive information. Attackers often impersonate trusted entities, such as banks or government agencies, and manipulate victims into sharing personal or financial details over the phone.

Spam

Spam refers to unsolicited and often unwanted messages sent in bulk, typically via email. These messages are often commercial in nature and aim to promote products, services, or fraudulent schemes. Spam can also occur through other forms of electronic communication, such as instant messaging or comment sections.

Spam over Internet messaging (SPIM)

SPIM is a term used to describe spam messages sent through various instant messaging platforms, including messaging apps, online chat services, or social media messaging features. SPIM is similar to traditional email spam but is delivered through different channels.

Spear phishing

Spear phishing is a targeted phishing attack that focuses on a specific individual, group, or organization. Attackers gather personal information about their targets and tailor their phishing messages or tactics to appear more legitimate and increase the chances of success.

Dumpster diving

Dumpster diving is a physical tactic used to retrieve discarded documents or other materials that may contain sensitive information. Attackers rummage through trash bins, dumpsters, or recycling bins to find items like discarded invoices, bank statements, or confidential documents, which can be used for identity theft or other malicious purposes.

Shoulder surfing

Shoulder surfing refers to the act of covertly observing someone, often in a public place, to gain access to sensitive or confidential information. Attackers may look over someone's shoulder while they are entering passwords, PIN numbers, or other private information on their devices or at physical keypads.

Pharming

Pharming is a type of cyber attack that involves redirecting website traffic to a fraudulent website without the user's knowledge or consent. Attackers exploit vulnerabilities in the DNS (Domain Name System) or compromise routers to redirect users to fake websites that appear genuine, aiming to collect sensitive information.

Tailgating

Tailgating, also known as piggybacking, is a physical security breach where an unauthorized person gains access to a restricted area by following closely behind an authorized individual. This tactic exploits the courtesy or lack of attention of the authorized person to gain entry without proper authentication.

Eliciting information

Eliciting information refers to the act of extracting or obtaining sensitive or confidential data through various means, such as social engineering techniques, manipulation, or deceptive questioning. Attackers may use psychological tactics or impersonation to deceive individuals into revealing valuable information.

Whaling

Whaling is a targeted phishing attack that specifically aims at high-profile individuals, such as CEOs, executives, or high-ranking officials. Attackers tailor their phishing attempts to exploit their targets' positions, authority, or access to valuable information, often seeking financial gain or strategic advantage.

Prepending

Prepending is a technique used in phishing or spoofing attacks where an attacker adds misleading or deceptive text to the beginning of a displayed URL in a web browser or email. This manipulation aims to mislead users into thinking they are accessing a legitimate website when, in reality, they are being directed to a fraudulent one.

Identity fraud

Identity fraud, also known as identity theft, occurs when someone wrongfully obtains and uses another person's personal information, such as their name, Social Security number, or financial details, for fraudulent purposes. The perpetrator often aims to commit financial fraud, make unauthorized purchases, or carry out other illegal activities in the victim's name.

Invoice scams

Invoice scams involve deceiving individuals or organizations into making payments or sharing sensitive information based on fraudulent invoices. Attackers may impersonate legitimate suppliers, vendors, or service providers to trick recipients into wiring funds or revealing confidential data to fraudulent accounts.

Credential harvesting

Credential harvesting is the process of collecting or harvesting usernames, passwords, or other login credentials from unsuspecting individuals. Attackers use various methods, such as phishing, keylogging, or the exploitation of weak authentication systems, to acquire these credentials for unauthorized access to accounts or systems.

Reconnaissance

Reconnaissance, often referred to as "recon," is the preliminary phase of an attack where attackers gather information about their target, such as vulnerabilities, system configurations, or user habits. This data helps them plan and execute a more targeted and successful cyber attack.

Hoax

A hoax is a deliberately deceptive or misleading act or message intended to trick or deceive individuals. Hoaxes often circulate through various mediums, including email, social media, or traditional media, and can range from false rumors and fabricated stories to malicious scams or fake warnings.

Impersonation

Impersonation refers to the act of pretending to be someone else, often with the intention to deceive or defraud others. In the context of cybersecurity, impersonation may involve impersonating a legitimate person, such as a company representative or a trusted contact, to gain access to sensitive information or manipulate individuals.

Watering hole attack

A watering hole attack is a type of cyber attack where the attacker compromises a website or online platform that is frequently visited by a specific target group. By infecting the trusted website with malicious code, the attacker aims to exploit the trust of the target group and infect their devices with malware or gather sensitive information.

Typo squatting

Typo squatting, also known as URL hijacking or domain mimicry, involves registering domain names that closely resemble popular or legitimate websites but contain slight misspellings or typographical errors. Attackers use these deceptive domains to trick users into visiting them unintentionally, potentially leading to phishing attempts or malware infections.

Influence campaigns

Influence campaigns refer to coordinated efforts, often carried out through social media or other online platforms, to shape public opinion, manipulate beliefs, or sway individuals towards a specific ideology or agenda. These campaigns may involve spreading disinformation, propaganda, or engaging in psychological manipulation techniques to achieve their goals.

Hybrid warfare

Hybrid warfare refers to the combination of conventional military tactics with non-military tools and methods, such as cyber attacks, economic warfare, disinformation campaigns, and political manipulation. It involves a comprehensive approach that blurs the lines between traditional warfare and unconventional tactics to gain a strategic advantage.

Social media

Social media refers to online platforms and websites that enable users to create, share, and exchange content and engage in virtual social networking. These platforms allow individuals and organizations to connect, communicate, and share information globally, fostering online communities and facilitating the dissemination of news, opinions, and media content.

________ refers to the power or right to give orders, make decisions, and enforce obedience. It is typically vested in individuals or institutions that hold positions of leadership or control.

Authority

Intimidation

Intimidation relies on instilling fear or using threats to influence behavior or compliance. When individuals feel threatened or fearful, they may be more likely to comply with demands or requests to avoid negative consequences.

Consensus

The principle of consensus, also known as social proof, suggests that individuals are more likely to conform or take certain actions if they see others doing the same. People often look to the behavior and opinions of others to guide their own actions, especially in situations of uncertainty or ambiguity.

Scarcity

Scarcity leverages the perception of limited availability or exclusivity to increase the perceived value or desirability of something. Creating a sense of scarcity can drive individuals to take immediate action or make decisions out of fear of missing out on an opportunity.

Familiarity

The principle of familiarity suggests that people are more likely to trust and favor things that are familiar to them. Familiarity breeds a sense of comfort and reduces uncertainty, leading to increased acceptance or compliance.

Trust

Trust is a fundamental principle that plays a crucial role in influencing behavior and decision-making. When individuals trust a person, organization, or system, they are more likely to follow their recommendations, disclose sensitive information, or engage in transactions.

Urgency

The principle of urgency creates a sense of time pressure or immediate need, motivating individuals to take quick action or make hasty decisions to avoid perceived negative consequences or miss out on time-limited opportunities.

Address Resolution Protocol (ARP) poisoning

ARP poisoning, also known as ARP spoofing, is an attack technique where an attacker manipulates the ARP tables of devices on a local network. By impersonating other devices, the attacker can intercept network traffic, perform eavesdropping, or launch other malicious activities.

Media Access Control (MAC) flooding

MAC flooding is a network attack that aims to overload a switch's MAC address table by sending a large number of fake MAC addresses. This can lead to the switch entering a fail-open mode, allowing the attacker to intercept network traffic or perform other unauthorized actions.

MAC cloning

MAC cloning involves changing the Media Access Control (MAC) address of a network interface to impersonate another device on the network. This can be used to bypass network access controls, perform man-in-the-middle attacks, or evade identification.

Domain Name System (DNS)

The Domain Name System (DNS) is a decentralized naming system used to translate domain names (e.g., www.example.com) into IP addresses that computers understand. DNS is a critical component of internet infrastructure and can be targeted for attacks, such as DNS hijacking or poisoning.

Domain hijacking

Domain hijacking occurs when an attacker gains unauthorized control over a domain name by exploiting vulnerabilities in domain registration systems or stealing the credentials of the legitimate owner. Once hijacked, attackers can redirect website traffic, send malicious emails, or engage in other fraudulent activities.

DNS poisoning

DNS poisoning, also known as DNS cache poisoning, is an attack where attackers manipulate the DNS cache of a DNS server or client to redirect domain name resolutions to malicious IP addresses. This can lead to users being directed to fake websites or unknowingly accessing malicious resources.

Universal Resource Locator (URL) redirection

URL redirection attacks involve manipulating URLs or website links to redirect users to different, often malicious, websites. Attackers can trick users into visiting phishing sites, downloading malware, or divulging sensitive information through deceptive redirection.

Domain reputation

Domain reputation refers to the assessment of a domain's trustworthiness or reputation based on factors such as its history, behavior, email practices, or presence in blacklists. A poor domain reputation can result from malicious activities, leading to reduced email deliverability, blocking, or distrust by security systems.

Distributed Denial of Service (DDoS)

A Distributed Denial of Service (DDoS) attack aims to overwhelm a target system or network with a massive volume of traffic from multiple sources, rendering it inaccessible or significantly degrading its performance. DDoS attacks can be launched using botnets or other distributed resources.

Network-based attacks

Network-based attacks target vulnerabilities in network infrastructure, protocols, or devices. These attacks can include packet sniffing, port scanning, network intrusion, or unauthorized access to network resources.

Application-based attacks

Application-based attacks focus on exploiting vulnerabilities or weaknesses in software applications or web services. Examples include SQL injection, cross-site scripting (XSS), buffer overflows, or remote code execution.

Operational Technology (OT)

Operational Technology refers to the hardware and software systems used to monitor and control physical processes in industries such as manufacturing, energy, or transportation. OT systems can be targeted for attacks that disrupt operations, compromise safety, or cause physical damage.

Malicious code or script execution

Malicious code or script execution involves the execution of unauthorized or malicious code within a system or application. This can lead to unauthorized access, data theft, system compromise, or the execution of unauthorized actions.

PowerShell

PowerShell is a scripting language and automation framework developed by Microsoft. It can be used for both legitimate administrative purposes and by attackers to execute malicious actions, such as running malicious scripts, downloading malware, or performing reconnaissance.

Python

Python is a popular programming language known for its simplicity and versatility. It can be used for legitimate purposes as well as for developing or executing malicious scripts or tools.

Bash

Bash, short for Bourne Again Shell, is a command-line shell and scripting language primarily used in Unix-based systems. Attackers may use Bash scripting to execute malicious commands, automate attacks, or perform unauthorized actions.

Macros

Macros are scripts or sets of commands that can be executed within applications such as Microsoft Office. Attackers often exploit macros to deliver malware, initiate unauthorized actions, or perform malicious activities when unsuspecting users enable macro execution.

Visual Basic for Applications (VBA)

VBA is a programming language used in Microsoft Office applications to automate tasks or enhance functionality. Attackers may use VBA to execute malicious code, deliver malware, or exploit vulnerabilities within the Office suite.

Cloud-based vs. on-premises vulnerabilities

Cloud-based vulnerabilities refer to weaknesses or security risks associated with cloud computing environments, such as misconfigurations, inadequate access controls, or insecure APIs. On-premises vulnerabilities, on the other hand, pertain to weaknesses within locally hosted systems or infrastructure.

Zero-day

A zero-day vulnerability refers to a software vulnerability that is unknown to the software vendor and, therefore, has no patch or fix available. Zero-day vulnerabilities pose a significant risk as they can be exploited by attackers before a patch is developed, increasing the potential for damage or unauthorized access.

Weak configurations

Weak configurations refer to inadequate or insecure settings within systems, applications, or network devices. These can include default passwords, misconfigured access controls, unnecessary services or features, or weak encryption settings, providing opportunities for attackers to exploit the weaknesses.

Open permissions

Open permissions refer to overly permissive access controls or permissions granted to users, applications, or system components. Incorrectly configured permissions can result in unauthorized access, data exposure, or the ability to modify critical resources.

Unsecured root accounts

Root accounts, also known as superuser or administrator accounts, have elevated privileges within systems or networks. If root accounts are left unsecured, with weak passwords or improper access controls, attackers can gain complete control over the system and carry out malicious activities.

Errors

Errors can occur in software, systems, or configurations, and if not properly handled, can lead to vulnerabilities or unintended consequences. Errors can be exploited by attackers to gain unauthorized access, cause system crashes, or extract sensitive information.

Weak encryption

Weak encryption refers to the use of outdated or inadequate encryption algorithms, key sizes, or cryptographic implementations that can be easily bypassed or cracked by attackers. Weak encryption leaves sensitive data vulnerable to unauthorized access or decryption.

Unsecure protocols

Unsecure protocols, such as insecure versions of HTTP, FTP, or Telnet, lack built-in security mechanisms, making data transmitted over these protocols vulnerable to interception, manipulation, or unauthorized access. It is recommended to use secure alternatives, such as HTTPS or SFTP, whenever possible.

Default settings

Default settings are the preconfigured settings used by software or systems when initially installed or deployed. Attackers often target systems with default settings as they may have known vulnerabilities or weak security configurations that are not customized or hardened.

Open ports and services

Open ports and services refer to network ports and services that are actively listening and accessible from the internet or local network. Unnecessary or improperly secured open ports can provide entry points for attackers to gain unauthorized access or launch attacks.

Third-party risks

Third-party risks arise from the use of products, services, or components provided by external vendors or suppliers. If these third-party entities have vulnerabilities, security weaknesses, or compromised systems,Apologies for the cutoff. Here's the continuation of the list

Third-party risks

Third-party risks arise from the use of products, services, or components provided by external vendors or suppliers. If these third-party entities have vulnerabilities, security weaknesses, or compromised systems, they can introduce risks and provide avenues for attackers to access or compromise the target organization's systems.

Vendor management

Vendor management refers to the processes and practices involved in evaluating, selecting, and managing relationships with third-party vendors or suppliers. Effective vendor management includes assessing the security practices of vendors, monitoring their activities, and ensuring they adhere to security requirements.

System integration

System integration involves combining different systems, components, or software to work together cohesively. However, inadequate or insecure system integration can introduce vulnerabilities, misconfigurations, or data leakage points, which can be exploited by attackers.

Lack of vendor support

Lack of vendor support refers to situations where software, hardware, or systems are no longer actively maintained or updated by the vendor. This can leave organizations exposed to known vulnerabilities or unable to receive timely patches, increasing the risk of exploitation.

Supply chain

The supply chain encompasses the processes and entities involved in the production, distribution, and delivery of goods or services. Supply chain attacks target vulnerabilities within this chain, aiming to compromise components, tamper with products, or inject malicious code or hardware at various stages.

Outsourced code development

Outsourced code development refers to the practice of having software or code developed by external parties. If security controls, code reviews, or secure coding practices are not properly implemented or monitored, outsourced code can introduce vulnerabilities or weaknesses into the final product.

Data storage

Data storage refers to the practices and technologies used to store and manage digital information. Inadequate security measures in data storage systems can lead to data exposure, unauthorized access, or data loss, compromising the confidentiality and integrity of sensitive information.

Improper or weak patch management

Patch management involves applying software updates, patches, or fixes to address vulnerabilities and improve the security of systems or applications. Inadequate or weak patch management practices can leave systems vulnerable to known exploits or attacks.

Firmware

Firmware is software embedded in hardware devices that provides low-level control and functionality. Insecure or outdated firmware can contain vulnerabilities that attackers can exploit to gain unauthorized access, control the device, or compromise the system it interacts with.

Operating System (OS)

The operating system is the core software that manages computer hardware and provides services and functionality to applications. Vulnerabilities in the operating system can be targeted by attackers to gain unauthorized access, escalate privileges, or compromise the overall security of the system.

Applications

Applications, including both in-house developed and third-party software, can contain vulnerabilities that attackers can exploit. Application vulnerabilities can lead to unauthorized access, data breaches, or the execution of malicious code.

Legacy platforms

Legacy platforms refer to outdated or unsupported hardware, software, or systems that may no longer receive security updates or vendor support. Legacy platforms can be more vulnerable to attacks as they lack the latest security features and may have known vulnerabilities.

Impacts

Impacts refer to the potential consequences or outcomes resulting from successful cyberattacks or security incidents. Common impacts include data loss, data breaches, data exfiltration, identity theft, financial losses, damage to reputation, and disruptions to availability or operations.

Data loss

Data loss refers to the unintended or accidental deletion, destruction, or corruption of data. It can occur due to hardware failures, software bugs, human error, or malicious activities, leading to the permanent loss of critical or sensitive information.

Data breaches

Data breaches occur when unauthorized individuals gain access to sensitive or confidential data. Breached data may include personally identifiable information (PII), financial records, intellectual property, or other sensitive information, leading to privacy violations, financial losses, or identity theft.

Data exfiltration

Data exfiltration involves the unauthorized extraction or theft of sensitive data from a target organization or system. Attackers may exfiltrate data for various purposes, such as selling it on the black market, using it for identity theft, or leveraging it for competitive advantage.

Identity theft

Identity theft refers to the fraudulent acquisition and use of someone else's personal information, such as Social Security numbers, credit card details, or login credentials. Attackers can use stolen identities for financial gain, impersonation, or to commit other fraudulent activities.

Financial

Financial impacts refer to the losses or damages incurred by organizations or individuals as a result of cyberattacks or security incidents. These can include direct financial losses, costs associated with incident response and recovery, regulatory penalties, legal fees, and damage to business operations or reputation.

Reputation

Reputation impacts refer to the negative perception or loss of trust experienced by organizations or individuals following cyberattacks or security incidents. A damaged reputation can lead to decreased customer confidence, loss of business opportunities, or negative publicity.

Availability loss

Availability loss refers to the disruption or unavailability of systems, networks, or services due to cyberattacks, technical failures, or other incidents. Availability loss can lead to business interruptions, service outages, reduced productivity, or financial losses.

Actors and threats

Actors and threats in the cybersecurity landscape refer to the various individuals, groups, or entities that engage in malicious activities or pose risks to systems, networks, or data.

Advanced Persistent Threat (APT)

Advanced Persistent Threats are highly sophisticated and targeted cyberattacks carried out by skilled and well-resourced adversaries. APTs typically involve long-term campaigns aimed at compromising specific targets

Insider threats

Insider threats refer to the risks posed by individuals within an organization who have authorized access to systems, networks, or data. Insider threats can result from malicious intent, negligence, or unwitting involvement in social engineering attacks, leading to data breaches, sabotage, or unauthorized access.

State actors

State actors are nation-states or government-sponsored entities that engage in cyber activities for political, economic, or military purposes. State-sponsored attacks can involve intelligence gathering, espionage, sabotage, or the disruption of critical infrastructure.

Hacktivists

Hacktivists are individuals or groups who carry out cyberattacks or engage in hacking activities to promote a social or political agenda. Hacktivist attacks can target government organizations, corporations, or other entities perceived as opposing their causes.

Script kiddies

Script kiddies are individuals with limited technical skills who use existing hacking tools, scripts, or exploits to carry out cyberattacks without fully understanding the underlying mechanisms. Script kiddies often target vulnerable systems for personal gain or to showcase their abilities.

Criminal syndicates

Criminal syndicates are organized groups or networks that engage in cybercriminal activities, such as financial fraud, data theft, or ransomware attacks, for financial gain. These syndicates often operate globally and may specialize in specific types of cybercrime.

Hackers

Hackers are individuals who possess advanced computer skills and knowledge of software, networks, and systems. They can use their skills for various purposes, ranging from ethical hacking to uncover vulnerabilities to malicious activities such as unauthorized access, data breaches, or disruption of services.

White hat

White hat hackers, also known as ethical hackers or security researchers, use their skills to identify vulnerabilities and strengthen the security of systems. They typically work within legal and ethical boundaries, often performing penetration testing or vulnerability assessments with the owner's permission.

Black hat

Black hat hackers are individuals who engage in hacking activities for malicious purposes. They exploit vulnerabilities, steal data, disrupt systems, or engage in other illegal activities for personal gain or harm to others.

Gray hat

Gray hat hackers fall somewhere between white hat and black hat hackers. They may identify and exploit vulnerabilities without explicit permission, but their intentions are not necessarily malicious. Gray hat hackers may notify organizations of the vulnerabilities they discover but may also demand payment or recognition for their findings.

Shadow IT

Shadow IT refers to the use of technology or software within an organization that is not approved, supported, or managed by the organization's IT department. Shadow IT can introduce security risks as it often lacks proper security controls, updates, or oversight.

Competitors

Competitors refer to other organizations or entities operating in the same industry or market. In the context of cybersecurity, competitors can pose risks as they may engage in espionage, intellectual property theft, or sabotage to gain a competitive advantage.

Attributes of actors

Attributes of actors refer to characteristics or traits that define individuals, groups, or entities engaged in cyber activities. These attributes include factors such as whether the actor is internal or external to the organization, their level of sophistication or capability, available resources or funding, and their intent or motivation.

Vectors

Vectors, in the context of cybersecurity, are the means or methods used by attackers to exploit vulnerabilities and gain unauthorized access to systems or networks. Vectors can include direct access through physical means, wireless communication, email-based attacks, supply chain compromises, social media manipulation, or the use of removable media or cloud services.

Threat intelligence sources

Threat intelligence sources refer to the various channels or platforms from which organizations gather information about potential threats, vulnerabilities, or malicious activities. These sources can include open-source intelligence (OSINT), closed/proprietary information sharing centers, vulnerability databases, dark web monitoring, threat feeds, and other research sources.

Indicators of compromise

Indicators of compromise (IOCs) are pieces of evidence or artifacts that indicate a security incident has occurred or is ongoing. IOCs can include IP addresses, domain names, file hashes, patterns of network traffic, or other signatures that suggest malicious activity.

Automated indicator sharing (AIS)

Automated Indicator Sharing is a mechanism for organizations to automatically exchange IOCs, threat intelligence, or security-related information with trusted partners or entities. AIS enables faster detection and response to threats by automating the sharing and dissemination of relevant information.

Structured Threat Information Exchange (STIX)/Trusted Automated Exchange of Indicator Information (TAXII)

STIX is a standardized language and format for representing and sharing cyber threat intelligence. TAXII is a protocol that enables the exchange of threat information using STIX. Together, STIX and TAXII facilitate the structured and automated sharing of threat intelligence.

Predictive analysis

Predictive analysis involves using historical data, statistical modeling, machine learning, or other techniques to predict future cyber threats, trends, or patterns. Predictive analysis helps organizations proactively identify potential risks and take preemptive security measures.