Cybersecurity Threats, Vulnerabilities, and Attacks The Art of Deception

Types of Malware • Social Engineering - Social engineering is a completely

Cyber criminals target user’s end devices through the non-technical means for a criminal to gather information
installation of malware. on a target. Social engineering is an attack that attempts to
• Viruses - malicious executable code attached to another manipulate individuals into performing actions or divulging
executable file, such as a legitimate program. confidential information.
• Worms - replicates by independently exploiting • Social engineers often rely on people’s willingness to be
vulnerabilities in network and usually slow down networks. helpful but also prey on people’s weaknesses. These are
• Trojan horse - carries out malicious operations under the some types of social engineering attacks:
guise of a desired operation such as playing an online • Pretexting - This is when an attacker calls an individual
game. and lies to them in an attempt to gain access to privileged
• Logic Bomb - uses a trigger to awaken the malicious code. data. An example involves an attacker who pretends to
For example, triggers can be dates, times, other programs need personal or financial data in order to confirm the
running, or the deletion of a user account. identity of the recipient.
• Ransomware - holds a computer system, or the data it • Something for Something (Quid pro quo) - This is when
contains, captive until the target makes a payment. Usually an attacker requests personal information from a party in
works by encrypting data in the computer with a key exchange for something, like a gift. Shoulder Surfing and
unknown to the user. Dumpster Diving – refers to picking up PINs, access codes
• Backdoors and Rootkits - known as rootkit refers to the or credit card numbers. An attacker can be in close
program or code introduced by a criminal who has proximity to his victim or the attacker can use binoculars or
compromised a system. The backdoor bypasses the normal closed circuit cameras to shoulder surf.
authentication used to access a system. • Impersonation and Hoaxes - Impersonation is the action
Email and Browser Attacks of pretending to be someone else. For example, a recent
• Email is a universal service used by billions worldwide phone scam targeted taxpayers. A criminal, posing as an
and become a major vulnerability to users and IRS employee, told the victims that they owed money to
organizations. the IRS.
• Spam - known as junk mail, is unsolicited email. a method • Piggybacking and Tailgating - Piggybacking occurs when a
of advertising and can send harmful links, malware, or criminal tags along with an authorized person to gain entry
deceptive content. into a secure location or a restricted area. Tailgating is
• Spyware - enables a criminal to obtain information about another term that describes the same practice.
a user’s computer activities. includes activity trackers, • Online, Email, and Web-based Trickery - Forwarding hoax
keystroke collection, and data capture emails and other jokes, funny movies, and non-work-
Adware - Adware typically displays annoying pop-ups to related emails at work may violate the company's
generate revenue for its authors. The malware may analyze acceptable use policy and result in disciplinary actions.
user interests by tracking the websites visited. It can then
send pop-up advertising pertinent to those sites.
• Scareware - persuades the user to take a specific action
based on fear. Scareware forges pop-up windows that
resemble operating system dialogue windows.
Vishing - Vishing is phishing using voice communication
technology. Criminals can spoof calls from legitimate
sources using voice over IP(VoIP) technology. Victims may
also receive a recorded message that appears legitimate.
• Pharming - Pharming is the impersonation of a legitimate
website in an effort to deceive users into entering their
credentials.
• Whaling - Whaling is a phishing attack that targets high
profile targets within an organization such as senior
executives.
Plugins - The Flash and Shockwave plugins from Adobe
enable the development of interesting graphic and cartoon
animations that greatly enhance the look and feel of a web
page. Plugins display the content developed using the
appropriate software.
• SEO Poisoning - Search engines such as Google work by
ranking pages and presenting relevant results based on
users’ search queries. Depending on the relevancy of web
site content, it may appear higher or lower in the search
result list. SEO, short for Search Engine Optimization, is a
set of techniques used to improve a website’s ranking by a
search engine. While many legitimate companies specialize
in optimizing websites to better position them, SEO
poisoning uses SEO to make a malicious website appear
higher in search results.
• Browser Hijacker - A browser hijacker is malware that
alters a computer's browser settings to redirect the user to
websites paid for by the cyber criminals' customers.
Browser hijackers usually install without the user's
permission and is usually part of a drive-by download.