Social Engineering
An illegal activity that accounts for 98% of cyber-attacks.
What is social engineering?
This attack redirects your traffic and then passes it on to the destination?
What is a man-in-the-middle attack?
What is Address Resolution Protocol (ARP)?
These threat actors are people you normally trust such as employees.
What are insider threats?
What is pen testing?
Over 70% of data breaches start with this type of attack.
What is phishing? What is social engineering?
This attack can cause a system to be unavailable and may be a smokescreen for another attack.
What is a Denial of Service attack?
This is a hardware address assigned to a network card by the manufacturer and should be unique across all devices.
What is a MAC address?
These threat actors have the backing of government and often operate with high degrees of sophistication.
What are nation states?
This is often the first step of an attack used to gather information needed to carry out the attack.
What is reconnaissance?
When an attacker will register a domain similar to an official one and hope that a targeted user does not notice the misspelling.
What is a spoofed sender address?
When incoming call information is faked.
What is Caller ID spoofing?
This attack can result in a bad actor having access to your domain registration.
What is Domain hijacking?
These are malicious actors that are promoting social change or a political agenda.
What are hacktivists?
This uses information gathered from many publicly available resources. There are automated tools available to help gather information.
What is Open Source Intelligence (OSINT)?
Attackers use text messages and voice-changing software to send SMS messages or robo-call users.
What is Vishing and/or Smishing?
The process of gaining higher-level access to a system.
What is privilege escalation?
This network device allows users to connect to a network wirelessly.
What is an access point?
These actors are not sophisticated and usually run pre-made scripts with limited knowledge of how they work.
What are script kiddies?
Confidentiality, Integrity, Available
What is the CIA Triad?
This form of social engineering attack involves targeting certain groups by infecting websites that the group is likely to visit.
What is a watering hole?
This is a vulnerability has not been detected or published.
What is a zero day attack?
This network protocol allows a device to obtain an IP Address and DNS information without it being manually defined.
What is Dynamic Host Control Protocol (DHCP)?
These malicious actors are professional criminals. They're motivated by money and often use ransomware.
What is organized crime?
All application instances must follow this established standard.
What is a baseline configuration?