Social Engineering
This attack tricks a user with a fake email or message that appears to come from a trusted source.
What is phishing?
If student medical records are stolen from a school database, this part of the CIA triad has been violated.
What is confidentiality?
In a phishing attack, when the attacker steals a victim’s password, the AAA function they are trying to defeat first is this one.
What is authentication?
A person who already has authorized access to a system, such as an employee or contractor, fits this threat-actor type.
What is an internal threat actor or insider threat?
Leaving infected USB drives in a parking lot or lobby in hopes someone plugs one in is this kind of lure-based attack.
What is a USB drop attack?
This social engineering method uses a believable made-up story to persuade the victim to reveal information or take an unsafe action.
What is pretexting?
If an attacker changes website content to spread false information, this part of the CIA triad is affected.
What is integrity?
If a user is allowed to open only files for their own department after logging in, that is this AAA function.
What is authorization?
A threat actor who uses cyberattacks to support a political or ideological cause is called this.
What is a hacktivist?
A device left with its factory-set admin password exposed this common network weakness.
What are default credentials?
This attack type uses SMS text messages to send fake links or urgent account warnings.
What is smishing?
If ransomware locks a college’s systems so staff and students cannot log in, this part of the CIA triad is damaged.
What is availability?
When a business email compromise attack succeeds because an executive’s real mailbox was already taken over, the attacker has likely bypassed this AAA function.
What is authentication?
This type of advanced threat actor often has strong funding, skilled teams, and long-term strategic goals tied to a government.
What is a nation-state actor?
A fake website reached through a misspelled domain like exannple.com is an example of this attack method.
What is typosquatting?
This type of spear phishing targets high-level executives or other powerful decision-makers inside an organization.
What is whaling?
A pharming attack that silently redirects users to a fake banking site is most likely trying to compromise this CIA objective first by stealing login credentials.
What is confidentiality?
If security logs show which employee account accessed a sensitive system during an insider attack, those logs support this AAA function.
What is accounting?
These threat actors are usually motivated by profit and commonly pursue fraud, blackmail, extortion, and data theft.
What is organized crime?
In the 2013 Target breach, attackers used a trusted vendor relationship as the way in. This broad attack area is called the ______ attack surface.
What is the supply chain attack surface?
In this attack, the attacker compromises a website the target group already trusts and visits, then waits for victims to come to it.
What is a watering hole attack?
An attacker secretly changes payroll data without authorization, even though the system stays online and no files are stolen. This part of the CIA triad is most directly affected.
What is integrity?
After logging in, a staff member can access student records but cannot open payroll files. This AAA function decides what they are allowed to access.
What is authorization?
This term describes an adversary that gains access and stays inside a network over time using multiple tools and techniques.
What is an advanced persistent threat (APT)?
An attacker sends a fake login email to steal a users password. This is an example of this specific attack vector.
What is phishing?