1/30
Flashcards covering threat actors classifications, various attack vectors, and the impacts of cyberattacks based on lecture notes.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
Threat actor
An individual or entity responsible for cyber incidents against the technology equipment of enterprises and users.
Black hat hackers
Individuals with high computer skills who violate computer security and may cause damage for personal gain.
White hat hackers
Individuals with high computer skills who take permission to probe an organization's system for weaknesses and report the findings.
Gray hat hackers
Attackers who attempt to break into a system without permission to disclose the results to cause embarrassment and push for action, rather than for personal advantage.
Script kiddies
Individuals who perform attacks using freely available tools because they lack the technical knowledge to create their own.
Hacktivists
Attackers strongly motivated by ideology, principles, or beliefs who aim to make a political statement or push for change.
Insiders
A trusted employee, contractor, or business partner who may cause damage to an organization.
Industrial espionage
A category of threat actor where competitors launch attacks against their opponents.
Criminal syndicates
Groups of hackers, developers, and tech outlaws who collaborate to perform massive crimes such as heists, blackmail, and cyber terrorism.
State actors
Attackers sponsored by governments to launch cyberattacks against enemies, often equipped with state-of-the-art technology.
Advanced Persistent Threat (APT)
The deadliest type of attack, associated with state actors, involving multiyear intrusion campaigns targeting sensitive economic or national security information.
Attack vector
A pathway used by a threat actor to penetrate a system.
Supply chain
A network of vendors, manufacturers, warehouses, and retailers; an attack on its weakest link can propagate to other parts of the network.
Data loss
An impact of an attack where data is destroyed beyond recovery.
Data exfiltration
Stealing data for the purpose of distributing it to other parties, such as selling customer lists to competitors.
Data breach
Stealing data to disclose it without authorization, such as dumping account information on the public internet.
Identity theft
Taking personally identifiable information (PII) to impersonate someone else.
Social engineering
A means of gathering data by relying on the psychological weaknesses of individuals to affect them mentally and emotionally.
Impersonation
A psychological approach where an attacker pretends to be someone else, such as an employee calling IT support.
Phishing
Sending an email to trick a user into providing private information like passwords or bank account numbers.
Spear phishing
A variation of phishing that targets specific users.
Whaling
A phishing attack that targets wealthy individuals or executives in higher positions.
Vishing
A social engineering attack that uses phone calls instead of emails.
Smishing
A social engineering attack that uses texting or short message services (SMS).
Redirection
Directing a user to a fake site that looks like the original to generate profit from traffic and ads.
Spam
Unsolicited email sent to a large number of recipients, usually advertising fake or overpriced products.
Hoax
A false warning, such as a fake malware alert, intended to trick a user into deleting files or changing configurations.
Watering hole
An attack targeting a small group by infecting a common website they frequently visit, such as a supplier website.
Dumpster diving
A physical social engineering approach where an attacker looks through trash to find useful information.
Tailgating
A physical approach where an attacker follows an authorized employee into a building during a gate opening.
Shoulder surfing
Observing someone as they enter secret information, such as a password or an ATM PIN.