Cyber Attack Methods

This just in: Cyber criminals are planting chips in electric irons and kettles to launch spam attacks.  A Russian TV channel had footage of an iron being opened up to reveal a “spy chip” with a small microphone that could be used to spread viruses by connecting to any computer withing 656 feet using an unprotected Wi-Fi network.  Mobile phones, car dashboard cameras, and other devices were also found to have “spy chips” as well.  A customs brokerage professional said the hidden chips had been used to infiltrate company networks, sending out spam without administrators’ knowledge.

Cross-site scripting. An attack that uses third-party web resources to run script within the victim’s web browser or scriptable application. This occurs when a browser visits a malicious website or clicks a malicious link. The most dangerous consequences occur when this method is used to exploit additional vulnerabilities that may permit an attacker to steal cookies (data exchanged between a web server and a browser), log key strokes, capture screen shots, discover and collect network information, and remotely access and control the victim’s machine.

Denial-of-service. An attack that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources.

Distributed denial-of-service. A variant of the denial-of-service attack that uses numerous hosts to perform the attack.

Logic bombs.  A piece of programming code intentionally inserted into a software system that will cause a malicious function to occur when one or more specified conditions are met.

Phishing. A digital form of social engineering that uses authentic looking, but fake, e-mails to request information from users or direct them to a fake website that requests information.

Passive wiretapping. The monitoring or recording of data, such as passwords transmitted in clear text, while they are being transmitted over a communications link. This is done without altering or affecting the data.

Structured Query Language (SQL) injection. An attack that involves the alteration of a database search in a web-based application, which can be used to obtain unauthorized access to sensitive information in a database.

Trojan horse. A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms by, for example, masquerading as a useful program that a user would likely execute.

Virus. A computer program that can copy itself and infect a computer without the permission or knowledge of the user. A virus might corrupt or delete data on a computer, use email programs to spread itself to other computers, or even erase everything on a hard disk. Unlike a computer worm, a virus requires human involvement (usually unwitting) to propagate.

War driving. Driving through cities and neighborhoods with a wireless-equipped computer—sometimes with a powerful antenna—searching for unsecured wireless networks.

Worm.  A self-replicating, self-propagating, self-contained program that uses network mechanisms to spread itself. Unlike computer viruses, worms do not require human involvement to propagate.

Zero-day exploit. An exploit that takes advantage of a security vulnerability previously unknown to the general public. In many cases, the exploit code is written by the same person who discovered the vulnerability. By writing an exploit for the previously unknown vulnerability, the attacker creates a potent threat since the compressed time frame between public discoveries of both makes it difficult to defend against.

This entry was posted in CyberAttacks. Bookmark the permalink.

One Response to Cyber Attack Methods

  1. Bruce S. says:

    Thanks for the glossary! These definitions are correct and accurate.