Malware
Name of any type of software designed to harm or exploit computers, networks, or users.
Malware
Examples:
Lokicore
Qakbot
Nanocore
Social engineering attack where an attacker sends a fraudulent email or message in an attempt to trick the recipient into disclosing sensitive information
Phishing
LinkedIn Consulting Emails
New social media friends asking about work processes
System that detects and responds to security incidents in real-time
Intrusion detection
Additional layer of protection against unauthorized access, helps prevent phishing attacks, and can be more convenient for managing user access
2 Factor Authentication
Machines left in the office, in your car, shared with your family, or accessing open WiFi that are constantly accessible are a danger to the entire organization
Seemingly harmless quizzes or games that ask users to provide personal information or login credentials. The scammers then use this information to steal the user's identity, launch phishing attacks, or commit other types of fraud.
Quiz or game scams
Example:
FB/Instagram/LI giveaways, raffles, what was your favorite pet, favorite color, answer this question for me in another site....
Type of malware that can spread and infect other files on a computer or network.
Virus
Examples: ILOVEYOU, STUXNET, SQL Slammer
Type of phishing attack that is carried out via SMS or text message
Smishing
(No, for real!)
You need to pay 6NIS import tax for a package sent to you by BuyMe Company...
Unauthorized system access, use, or disclosure of personal or sensitive information
Data Breach
Storage mechanism that encrypts passwords so that they are not stored in plain text
Password Hashing
Example: RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries due to lack of password hashing
Acting as a legitimate organization or individual to deceive potential victims
Impersonation
Encrypts files on a victim's computer or network and demands payment in exchange for the decryption key
Ransomware
Examples: WannaCry, NotPetya
Phishing attack that targets high-profile individuals, such as executives or celebrities
Whaling
Attacker may send an email to finance of a company pretending to be a client or supplier of the company. Whaling attacks always personally address targeted individuals, often using their title, position and phone number, which are obtained using company websites, social media or the press. Now they can use AI to generate Bruno or Herb's voice based off any YouTube video recordings or social media posts.
Software feature that allows a hacker to access a computer system
Security Vulnerability
Practice of using different passwords for different accounts to prevent a single password compromise from affecting multiple accounts
Password hygiene
Example: Data breaches are common. If you use the same password in multiple places -you are creating serious vulnerabilities for all of us.
haveibeenpwnd.com
Manipulating people into performing actions or divulging confidential information
Social Engineering
Masquerades as legitimate software, allows an attacker to gain remote access to a victim's computer or network
Trojan
Examples: Cryptolocker, Zeus
Social engineering attack where an attacker creates a fake scenario or pretext in order to elicit sensitive information from a victim
Pretexting
Fake recruiters
New social media friends or industry experts
Measure that ensures that data is not modified or deleted without authorization
Data Integrity
String of characters that provides authentication for a user
Password
Practice of creating a false sense of urgency to manipulate a victim into taking action
Time Pressure Action
AKA: How not to react under pressure
Designed to hide its presence on a system by modifying the operating system or other software
Rootkit
Examples: Machiavelli, SONY BMG copy protection
Specifically targeted at a particular individual or organization
Spear fishing
Examples: Business Email Compromise.
-Spoofed Emails Caused a Loss of $46.7 Million to Ubiquiti Networks Inc
-Attackers Sent Well-Crafted Emails to EMC Corp's Junior Level Employees to Initiate a Zero-Day Exploit.
-Fake Invoices of $8.7 Million Ends Up Closing Down Sydney Hedge Fund.
Practice of limiting access to data and computer systems to authorized personnel only
Access Control
Measure of password strength that takes into account the number of characters, complexity, and randomness
Password entropy
Example: Using social engineering, unless you password is complex, most password spray tools can hack your password in less than 10 minutes
(no names, dates, repeat numbers, repeat letters, or use of ! or * or 99....
Ising psychological manipulation to influence a victim's behavior, such as by making them feel a sense of obligation or guilt
Manipulation or intimidation tactics
Examples: Tesla former employee attack. Goals were financial, reputational, and legal repercussions for the company from a disgruntled employee