These Attacks are all deliberate and specific attempts by malicious individuals, groups, and/or organizations to illegally obtain, encrypt, or delete confidential data via unauthorized methods.
Attackers will use various avenues to achieve their goals such as cyber attacks which may include emails, text messages, and phone calls; and or physical attacks including infiltration and social engineering.
A Cyber attack can be initiated off-site remotely via emails, text messages, telephone, and/or voicemails.
A Physical attack method would require some form of physical proximity and/or contact with a target.
TYPES OF CYBER ATTACKS:
Malware refers to MALicious SoftWARE that is used to breach a network which includes spyware, adware, ransomware, viruses, trojans, and worms. Advanced malware attacks use a Command-and-Control [C2] server in order to communicate with the now infected network to gain persistent, and future undetected remote access.
Phishing is a method of coercing users to click on links within emails which may activate or install a form of malware in order to gain access to data, information, and networks.
Types of phishing:
- SMSishing is phishing via Short Message Service [SMS] text messages.
- Vishing is phishing via a telephone or via instructional voice mails.
- Spear-Phishing is targeted phishing aimed at a specific industry, field, company or deparment.
- Quishing is using a Quick Response [QR] Code to phish someone into scanning it to lead them to malicious sites and/or files.
- Whaling is an even more targeted form of phishing where they target the CEO and CFO of an organization.
- Business Email Compromise [BEC] is when an attacker gains access to a business email account of a high ranking executive like a CEO, to coerce an employee to fraudulently wire money via fake accounts and invoices.
TYPES OF PHYSICAL ATTACKS:
Social Engineering is an art form of the manipulation of people in order to have them unknowingly divulge and/or provide unauthorized access to confidential information and/or locations. Attackers can use Open Source Intelligence [OSINT]’s Reconnaissance [Recon] to create a Pretext to exploit whatever possible in order to gain a person’s trust and confidence.
Types of social engineering:
- Baiting simply offers & promises a victim a reward if they do as instructed.
- Pretext is a fabricated false identity complete with backstory and situation used to convince a target to divulge information.
Physical Security Risks are opportunities where an attacker can leverage illegal unrestricted access to a secured building, department, room and/or confidential information by coercing a person and/or situation.
Types of physical security risks:
- Tailgating
- Shoulder Surfing
- Impersonation
An excellent resource to use is the MITRE ATT&CK Framework which outlines tactics used in real life and how to mitigate them.
FAMOUS HACKERS:
Kevin Mitnick was called “The Most Famous Hacker” adding him to the FBI’s Most Wanted list for a plethora of cyber crimes, breaches, and hacks.
In 1982, as a teenager, he hacked the North American Defense Command (NORAD), an achievement that inspired the infamous 1983 film “War Games”.
• Mitnick Security
• How the greatest hacker manipulated everyone.
Anonymous began in 2003 concentrating on Social Justice. In 2008 they disabled various Church of Scientology websites, impacting their global search engine results, overwhelming their fax machines with all-black images and marched by Scientology centers wearing their iconic Guy Fawkes masks.
The FBI and other law enforcement agencies have tracked down some of the group’s more prolific members, the lack of any real hierarchy makes it almost impossible to identify or eliminate Anonymous as a whole.