Testout Security Pro Chapter 2 - Threats, Attacks, and Vulnerabilities

studied byStudied by 1 person
5.0(1)
get a hint
hint

Targeted attack

1 / 64

Tags and Description

Notecards for Testout Security Pro Chapter 2 - Threats, Attacks, and Vulnerabilities, 2023.

65 Terms

1

Targeted attack

A type of threat in which threat actors actively pursue and compromise a target entity's infrastructure while maintaining anonymity

New cards
2

Opportunistic attack

An attack in which the threat actor is almost always trying to make money as fast as possible and with minimal effort

New cards
3

Insider

A threat agent who has authorized access to an organization and either intentionally or unintentionally carries out an attack

New cards
4

Competitor

A threat agent who carries out attacks on behalf of an organization and targets competing companies

New cards
5

Hacker

Any threat agent who uses technical knowledge to bypass security, exploit a vulnerability, and gain access to protected information

New cards
6

Cybercriminal

A subcategory of hacker threat agents. They are willing to take more risks and use more extreme tactics for financial gain

New cards
7

Nation state

A sovereign state threat agent that may wage an all-out war on a target and have significant resources for the attack

New cards
8

Internal threat

A threat from authorized individuals (insiders) who exploit assigned privileges and inside information to carry out an attack

New cards
9

External threat

A threat from individuals or groups not associated with the organization, who seek to gain unauthorized access to data

New cards
10

Persistent threat

A threat that seeks to gain access to a network and remain there undetected

New cards
11

Non-persistent threat

A threat that focuses on getting into a system and stealing information. It is usually a one-time event, so the attacker is not concerned with detection

New cards
12

Open-source intelligence (OSINT)

Information that is readily available to the public and doesn't require any type of malicious activity to obtain

New cards
13

White hat

A skilled hacker who uses skills and knowledge for defensive purposes only. This hacker interacts only with systems for which express access permission is given

New cards
14

Black hat

A skilled hacker who uses skills and knowledge for illegal or malicious purposes

New cards
15

Gray hat

A skilled hacker who falls in the middle of white hat and black hat hackers. They may cross the line of what is ethical, but usually has good intentions and isn't malicious like a black hat hacker

New cards
16

Malware

Software designed to take over or damage a computer without the user's knowledge or approval

New cards
17

Virus

A program that attempts to damage a computer system and replicate itself to other computer systems

New cards
18

Worm

A self-replicating malware program

New cards
19

Trojan horse

A malicious program that is disguised as legitimate or desirable software

New cards
20

Zombie

A computer that is infected with malware and is controlled by a command and control center called a zombie master

New cards
21

Botnet

A group of zombie computers that are commanded from a central control infrastructure

New cards
22

Rootkit

A set of programs that allows attackers to maintain hidden, administrator-level access to a computer

New cards
23

Logic bomb

Malware designed to execute only under predefined conditions. It is dormant until the predefined condition is met

New cards
24

Spyware

Software installed without the user's consent or knowledge and is designed to intercept or take partial control of the user's computer

New cards
25

Adware

Malware that monitors a user's personal preferences and sends pop-up ads that match those preferences

New cards
26

Ransomware

Malware that denies access to a computer system until the user pays a ransom

New cards
27

Scareware

A scam to fool a user into thinking there is some form of malware on the system

New cards
28

Crimeware

Malware designed to perpetrate identity theft. It allows a hacker access to online accounts at financial services, such as banks and online retailers

New cards
29

Crypto-malware

Ransomware that encrypts files until a ransom is paid

New cards
30

Remote access Trojan (RAT)

Malware that includes a back door to allow a hacker administrative control over the target computer

New cards
31

Hacker

A person who commits crimes through gaining unauthorized access to computer systems

New cards
32

Cracker

A person actively engaged in developing and distributing worms, Trojans, and viruses; engaging in probing and reconnaissance activities; creating toolkits so that others can hack known vulnerabilities; and/or cracking protective measures

New cards
33

Script kiddy

A less-skilled hacker who often relies on automated tools or scripts written by crackers to scan systems and exploit weaknesses

New cards
34

Potentially unwanted program (PUP)

…is a software inadvertently installed that contains adware, installs toolbars, or has other objectives

New cards
35

Fileless virus

…uses legitimate programs to infect a computer

New cards
36

Social engineering

An attack involving human interaction to obtain information or access

New cards
37

Footprinting

Uses social engineering to obtain as much information as possible about an organization

New cards
38

Pretexting

A fictitious scenario to persuade someone to perform an action or give information

New cards
39

Elicitation

A technique to extract information from a target without arousing suspicion

New cards
40

Preloading

Influencing a target thoughts, opinions, and emotions before something happens

New cards
41

SMiShing

Doing phishing through an SMS message. Tricking a user to download a virus, Trojan horse, or malware onto a cell phone

New cards
42

Impersonation

Pretending to be somebody else and approaching a target to extract information

New cards
43

SPIM

…is similar to spam, but the malicious link is sent to the target over instant messaging instead of email

New cards
44

Hoax

A type of malicious email with some type of urgent or alarming message to deceive the target

New cards
45

Hacktivist

A hacker with a political motive

New cards
46

Ignorance

…means the target is not educated in social engineering tactics and prevention, so the target doesn't recognize social engineering when it is happening

New cards
47

Shoulder surfing

Looking over someone's shoulder while that person works on a computer or reviews documents

New cards
48

Eavesdropping

An unauthorized person listening to private conversations between employees or other authorized personnel when sensitive topics are being discussed

New cards
49

Keyloggers

A device used to steal data through by capturing what the user types

New cards
50

Feigning ignorance

Make a wrong statement and then admit to not knowing much about the subject in hopes the target will reveal the needed information

New cards
51

Spear phishing

Gathers information about the victim, such as the online bank

New cards
52

Whaling

…is another form of phishing. It targets senior executives and high-profile victims

New cards
53

Vishing

…is like phishing, but instead of an email, the attacker uses Voice over IP (VoIP) to gain sensitive information. The term is a combination of voice and phishing

New cards
54

Pharming

Executing malicious programs on the target's computer so that any URL traffic redirects to the attacker's malicious website

New cards
55

Social networking

Many attackers are turning to applications such as Facebook, Twitter, Instagram, to steal identities and information. Also, many attackers use social media to scam users. These scams are designed to entice the user to click a link that brings up a malicious site the attacker controls. Usually, the site requests personal information and sensitive data, such as an email address or credit card number

New cards
56

Zero-day vulnerability

…is a software vulnerability that is unknown to the vendor

New cards
57

Data loss

The loss of files and documents either accidentally or through malicious acts

New cards
58

Data breach

The exposure of confidential or protected data, either accidentally or through malicious acts

New cards
59

Data exfiltration

The unauthorized transfer of information or files from a computer

New cards
60

Identity theft

A crime in which an attacker commits fraud by using someone else's name or existing accounts to obtain money or to purchase items

New cards
61

Availability loss

Loss of access to computer resources due to the network being overwhelmed or crashing

New cards
62
New cards
63
New cards
64
New cards
65
New cards

Explore top notes

note Note
studied byStudied by 58 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 3 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 43 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 39 people
Updated ... ago
5.0 Stars(2)
note Note
studied byStudied by 72 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 6 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 27 people
Updated ... ago
4.0 Stars(1)
note Note
studied byStudied by 726 people
Updated ... ago
5.0 Stars(4)

Explore top flashcards

flashcards Flashcard44 terms
studied byStudied by 7 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard52 terms
studied byStudied by 2 people
Updated ... ago
4.0 Stars(1)
flashcards Flashcard102 terms
studied byStudied by 7 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard60 terms
studied byStudied by 7 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard269 terms
studied byStudied by 39 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard70 terms
studied byStudied by 11 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard48 terms
studied byStudied by 25 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard20 terms
studied byStudied by 6 people
Updated ... ago
5.0 Stars(1)