Cyber security
Practice of protecting systems, networks, and programs from digital attacks to ensure confidentiality, integrity, and availability of data.
Malware
Malicious software disrupting, damaging, or gaining unauthorized access to computer systems. Types include viruses, worms, trojans, spyware, and adware.
Phishing
Fraudulent attempts to obtain sensitive information by posing as a trustworthy entity in electronic communications. Types include email phishing, spear phishing, smishing, and vishing.
Ransomware
Type of malware encrypting victim's files and demanding payment for decryption key. Examples include WannaCry, CryptoLocker, and NotPetya.
Insider Threats
Security risks from within the organization, involving malicious insiders, negligent insiders, and compromised insiders.
Vulnerabilities
Weaknesses in a system that can be exploited by threats, such as software bugs like buffer overflows, code injection, privilege escalation, weak passwords, and unpatched software.
Buffer Overflows
Errors occurring when a program writes more data to a buffer than it can hold, potentially allowing execution of arbitrary code.
Code Injection
Flaws enabling attackers to inject malicious code into a program, often through input fields.
Privilege Escalation
Vulnerabilities allowing attackers to gain elevated access to resources that are normally protected.
Weak Passwords
Easily guessable passwords providing an easy entry point for attackers due to common words or phrases, short length, and lack of complexity.
Unpatched Software
Outdated software lacking the latest security patches, making it vulnerable to attacks by exploiting known vulnerabilities.
Types of Cyber Attacks
Include malware (viruses, worms, trojans, spyware), which disrupt, damage, or gain unauthorized access to computer systems.
Viruses
Attach to legitimate programs or files, spread between computers, and can cause damage by deleting files, corrupting data, or slowing down system performance.
Worms
Self-replicating malware spreading without user intervention, exploiting network vulnerabilities to infect systems and cause disruption.
Trojans
Disguised as legitimate software but contain malicious code to create backdoors, steal information, or install additional malware.
Spyware
Secretly monitors and collects user information, tracking online activities, capturing keystrokes, and harvesting personal data for identity theft or espionage.
Adware
Automatically displays or downloads advertising material. Can track user behavior to deliver targeted ads. Can degrade system performance and invade privacy.
Email Phishing
Deceptive emails that appear to come from a legitimate source, requesting personal information or prompting the user to click on a malicious link.
Spear Phishing
Targeted phishing attempts aimed at specific individuals or organizations. Use personalized information to increase credibility and likelihood of success.
Smishing
Phishing attacks conducted through SMS text messages. Messages often contain links to malicious websites or prompt users to provide personal information.
Vishing
Phishing attacks conducted through voice calls. Attackers impersonate trusted entities to extract sensitive information, such as bank details.
Man-in-the-Middle (MitM)
Attacks where the attacker intercepts and potentially alters communication between two parties who believe they are directly communicating with each other.
Eavesdropping
Attacker secretly listens to communication between two parties. Can capture sensitive information, such as login credentials or personal data.
Session Hijacking
Attacker takes over a valid session between a user and a server. Can impersonate the user, steal information, or perform unauthorized actions.
SSL Stripping
Attacker downgrades a secure HTTPS connection to an unencrypted HTTP connection. Can intercept and modify data transmitted between the user and the website.
Denial-of-Service (DoS)
Attacks intended to make a system or network resource unavailable to its intended users by overwhelming it with traffic.
Basic DoS
Overloads the target with excessive traffic, causing it to crash or become unresponsive. Can be launched from a single source.
Distributed Denial-of-Service (DDoS)
Similar to DoS but launched from multiple sources, often using a botnet. Harder to mitigate due to the distributed nature of the attack.
Application Layer DoS
Targets specific applications or services rather than the entire network. Can exhaust resources by sending a high volume of requests to a particular application.
SQL Injection
Code injection technique that exploits vulnerabilities in an application's software to execute malicious SQL statements.
Cyber Security Measures
Various controls and practices implemented to enhance security in digital environments.
Firewalls
Devices or software that block unauthorized access to a network.
Antivirus Software
Programs that detect and remove malicious software.
Encryption
The process of converting data into a code to prevent unauthorized access.
Intrusion Detection Systems (IDS)
Systems that monitor network traffic for suspicious activity.
Multi-Factor Authentication (MFA)
Requires more than one method of authentication to verify the user's identity.
Security Policies and Procedures
Formalized rules and guidelines that govern the organization's security practices.
Securing Hardware
Physical security measures to protect computer hardware from theft or damage.
Access Control
Restricting physical access to facilities and sensitive areas to authorized personnel only.
Regular Updates and Patch Management
Ensuring all systems and software are up-to-date with the latest security patches.
Strong Password Policies
Using complex and unique passwords and changing them regularly.
User Education and Awareness
Training employees to recognize and respond to potential threats like phishing.
Regular Data Backups
Ensuring that data is regularly backed up and can be restored in case of an attack.
Incident Response Planning
Having a structured approach to handle and manage the aftermath of a security breach or cyberattack.