Identify: Methods of attack

Malware

A software designed to harm devices or networks

Virus

A malware program that modifies other computer programs by inserting its own code to damage and/or destroy data

Worm

Malware that self-replicates, spreading across the network and infecting computers

Ransomware

A malicious attack during which threat actors encrypt an organization's data and demand payment to restore access

Spyware

Malicious software installed on a user’s computer without their permission, which is used to spy on and steal user data

Phishing

The use of digital communications to trick people into revealing sensitive data or deploying malicious software

Spear phishing

A malicious email attack targeting a specific user or group of users that appears to originate from a trusted source

Whaling

A form of spear phishing during which threat actors target executives in order to gain access to sensitive data

Business Email Compromise (BEC)

An attack in which a threat actor impersonates a known source to obtain a financial advantage

Vishing

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Social Engineering

A manipulation technique that exploits human error to gain unauthorized access to sensitive, private, and/or valuable data

Social Media Phishing

An attack in which a threat actor collects detailed information about their target on social media sites before initiating an attack

Watering hole attack

An attack in which a threat actor compromises a website frequently visited by a specific group of users

Physical Social Engineering

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

USB baiting

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and unknowingly infect a network