Cyber Security Attacks Types

Study Notes

Types of Cyber Security Attacks

Malware Attacks:
- Viruses: self-replicating code that attaches to programs or files
- Worms: self-replicating code that travels from system to system
- Trojans: malicious code disguised as legitimate software
- Ransomware: encryption-based attacks demanding payment
Network Attacks:
- Phishing: social engineering attacks via email or messaging
- Spear Phishing: targeted phishing attacks on specific individuals
- Denial of Service (DoS): overwhelming network traffic
- Distributed Denial of Service (DDoS): coordinated DoS attacks
Password Attacks:
- Brute Force: automated password guessing
- Dictionary Attack: using word lists to crack passwords
- Rainbow Table Attack: precomputed tables for hash cracking
Insider Threats:
- Authorized personnel misusing access
- Negligent employees falling victim to social engineering
Advanced Persistent Threats (APTs):
- Sophisticated, targeted attacks by nation-states or organizations
- Often involve multiple vectors and exploits
Zero-Day Attacks:
- Exploiting previously unknown vulnerabilities
- Attackers have a "window of opportunity" before patches are released

Stages of a Cyber Attack

Reconnaissance: gathering information about the target
Initial Compromise: initial entry point, often via exploit or phishing
Establish Foothold: establishing a persistent presence on the system
Escalation of Privileges: elevating access and control
Lateral Movement: moving laterally within the network
Data Exfiltration: stealing sensitive data
Command and Control: communicating with the attacker's server
Covering Tracks: hiding evidence of the attack

Types of Cyber Security Attacks

Malware Attacks:
- Viruses attach to programs or files and self-replicate
- Worms self-replicate and travel from system to system
- Trojans are malicious code disguised as legitimate software
- Ransomware uses encryption to demand payment in exchange for data
Network Attacks:
- Phishing uses social engineering via email or messaging to trick victims
- Spear Phishing targets specific individuals with personalized attacks
- Denial of Service (DoS) overwhelms network traffic to disrupt systems
- Distributed Denial of Service (DDoS) coordinates multiple DoS attacks
Password Attacks:
- Brute Force attacks use automated password guessing
- Dictionary Attacks use word lists to crack passwords
- Rainbow Table Attacks use precomputed tables for hash cracking
Insider Threats:
- Authorized personnel can misuse access for malicious purposes
- Negligent employees can fall victim to social engineering
Advanced Persistent Threats (APTs):
- Sophisticated, targeted attacks by nation-states or organizations
- Often involve multiple vectors and exploits to achieve a goal
Zero-Day Attacks:
- Exploit previously unknown vulnerabilities
- Attackers have a "window of opportunity" before patches are released

Stages of a Cyber Attack

Initial Attack Stages

- **Reconnaissance**: gather information about the target
- **Initial Compromise**: gain initial entry point via exploit or phishing

Establishing a Presence

- **Establish Foothold**: establish a persistent presence on the system
- **Escalation of Privileges**: elevate access and control

Moving Laterally

- **Lateral Movement**: move laterally within the network
- **Data Exfiltration**: steal sensitive data

Controlling and Covering

- **Command and Control**: communicate with the attacker's server
- **Covering Tracks**: hide evidence of the attack

Description

Learn about different types of cyber security attacks, including malware, network attacks, and more. Understand the differences between viruses, worms, trojans, ransomware, phishing, and denial of service attacks.