Cybersecurity Attack Types
Password Attack
an atempt to access password secured devices, systems, networks or data. Some forms of password attacks include:
- brute force
- rainbow table
Social Engineering Attack
a manipulation technique that exploits human error to gain private information, access, or valuables. Some forms of social engineering attacks are:
- phishing
- smishing
- vishing
- spear fishing (maliciouis email attack that targets a user or specific group of users, email seems to originate from a trusted source)
- whaling
- social media phishing
- watering hole attack
- USB universal serial bus baiting
- physical social engineering
Physical Attack
a security incident that affects not only digital but also physical environment where the incident is deployed.
Some physical attacks include:
- malicious USB cable
- malicious flash drive
- card cloning and skimming
* falls under asset security domain
Adversarial Artifical Intelligence
A technique that manipulates the artificial intelligenceand machine learning technology to conduct attacks more efficiently.
* falls under BOTH communication and network security as well as identity and access management domains.
Supply Chain Attack
targets systems, applications, hardware and/or software, to locate a vulnerability where malware can be deployed. Every item sold involves a process w/ third parties so a security breach can occur at any point in the supply chain. Can affect multiple organizations and the individuals who work for them.
* can fall under several domains including but not limited to security and risk management, security architecture and engineering, and security operations domains.
Cryptographic attack
affects secure forms of communication between sender and intended recipient. Some forms are:
- birthday
- collision
- downgrade
* cryptogenic attacks fall under the communication and network security domain