attacks

These Attacks are all deliberate and specific attempts by individuals, groups, and/or organizations to illegally obtain, encrypt, or delete confidential data via unauthorized and malicious methods.

Attackers will use various avenues to achieve their goals such as cyber attacks which may include emails, text messages, and phone calls; and or physical attacks including infiltration and social engineering.

A Cyber attack can be initiated off-site remotely via emails, text messages, telephone, and/or voicemails. A Physical attack method would require some form of physical proximity and/or contact with a target.

TYPES OF CYBER ATTACKS:

Malware refers to MALicious SoftWARE that is used to breach a network which includes spyware, adware, ransomware, viruses, trojans, and worms. Advanced malware attacks use a Command-and-Control [C2] server in order to communicate with the now infected network to gain persistent, and future undetected remote access.

Phishing is a method of coercing users to click on links within emails which may activate or install a form of malware in order to gain access to data, information, and networks.

Types of phishing:

  • SMSishing is phishing via Short Message Service [SMS] text messages.
  • Vishing is phishing via a telephone or via instructional voice mails.
  • Spear-Phishing is targeted phishing aimed at a specific industry, field, company or deparment.
  • Quishing is using a Quick Response [QR] Code to phish someone into scanning it to lead them to malicious sites and/or files.
  • Whaling is an even more targeted form of phishing where they target the CEO and CFO of an organization.
  • Business Email Compromise [BEC] is when an attacker gains access to a business email account of a high ranking executive like a CEO, to coerce an employee to fraudulently wire money via fake accounts and invoices.

TYPES OF PHYSICAL ATTACKS:

Social Engineering is an art form of the manipulation of people in order to have them unknowingly divulge and/or provide unauthorized access to confidential information and/or locations. Attackers can use Open Source Intelligence [OSINT]’s Reconnaissance [Recon] to create a Pretext to exploit whatever possible in order to gain a person’s trust and confidence.

Types of social engineering:

  • Baiting simply offers & promises a victim a reward if they do as instructed.
  • Pretext is a fabricated false identity complete with backstory and situation used to convince a target to divulge information.

Physical Security Risks are opportunities where an attacker can leverage illegal unrestricted access to a secured building, department, room and/or confidential information by coercing a person and/or situation.

Types of physical security risks:

  • Tailgating
  • Shoulder Surfing
  • Impersonation

An excellent resource to use is the MITRE ATT&CK Framework which outlines tactics used in real life and how to mitigate them.