🛡️

Overview of Cybersecurity Threats

May 10, 2025

Cybersecurity Threats and Attacks

Phishing

  • Definition: Hackers trick you into giving personal info by pretending to be someone you trust (e.g., bank, social media site).
  • Method: Fake emails or messages that appear legitimate.

Spear Phishing

  • Definition: Targeted version of phishing.
  • Target: Specific individuals or companies.
  • Characteristics: Highly personalized, uses information about the target to be convincing.

Whaling

  • Definition: Phishing targeting high-profile individuals like CEOs or executives.
  • Method: Craft personalized messages to extract sensitive info from these individuals.

Malware

  • Definition: Harmful software designed to damage computers or steal information.
  • Types:
    • Viruses: Spread by attaching to files.
    • Trojans: Disguise as useful software but contain harmful code.
    • Ransomware: Locks files/system, demands ransom for unlocking.
    • Spyware: Secretly monitors user activities.
    • Worms: Self-replicate to spread across networks without user intervention.

Specific Malware Types

  • Ransomware: Locks data, demands money.
  • Spyware: Tracks activities, captures sensitive info.
  • Trojan Horse: Appears harmless, hides malware.
  • Worms: Replicate and spread, causing network damage.

SQL Injection

  • Definition: Exploits a website’s database by inserting malicious code.
  • Impact: Can steal, change, or delete data.

Cross-Site Scripting (XSS)

  • Definition: Harmful code injected into websites, runs in user browser.
  • Impact: Steals information or hijacks sessions.

Denial of Service (DoS) & Distributed Denial of Service (DDoS)

  • Definition: Overwhelm a network or website with traffic, causing it to crash.

Man-in-the-Middle (MITM) Attack

  • Definition: Intercepting communication between two parties.
  • Impact: Steals or alters the exchanged information.

Brute Force Attack

  • Definition: Guessing passwords by trying all possible combinations.

Credential Stuffing

  • Definition: Using stolen credentials from one site to access others.

Zero-Day Exploit

  • Definition: Exploits unknown security flaws before they are patched.

Social Engineering

  • Definition: Manipulating people into giving away personal info.
  • Method: Pretending to be trustworthy or creating urgency.

Keylogging

  • Definition: Records keystrokes to capture sensitive information.

Session Hijacking

  • Definition: Taking over a user session to access data.

DNS Spoofing

  • Definition: Redirects users to fake websites.

Watering Hole Attack

  • Definition: Infects a commonly visited website to target specific groups.

Clickjacking

  • Definition: Hides malicious actions under legitimate buttons or links.

Rogue Software

  • Definition: Pretends to be helpful, but is harmful (e.g., fake antivirus).

Eavesdropping

  • Definition: Listening in on private communications.

Exploit Kits

  • Definition: Automate the process of finding and exploiting software vulnerabilities.

Drive-By Downloads

  • Definition: Automatically downloads malware when visiting a compromised site.

Rootkits

  • Definition: Programs that give hackers covert control over a system.

Backdoor

  • Definition: Hidden entry points that bypass normal security.

Botnets

  • Definition: Network of infected computers controlled by hackers.

Password Spraying

  • Definition: Trying common passwords across many accounts.

Cryptojacking

  • Definition: Uses your computer’s resources to mine cryptocurrency without consent.

Firmware Hacking

  • Definition: Targets low-level software controlling hardware components.

Cross-Site Request Forgery (CSRF)

  • Definition: Tricks users into performing actions on a site without knowledge.

Privilege Escalation

  • Definition: Hackers gain higher access levels than allowed.

Command Injection

  • Definition: Running dangerous commands on a server via poorly coded apps.

Session Fixation

  • Definition: Forces use of a specific session ID for hijacking.

Shoulder Surfing

  • Definition: Watching someone’s screen or keystrokes over their shoulder.

Bluesnarfing

  • Definition: Unauthorized access to Bluetooth-enabled device info.

Bluejacking

  • Definition: Sends unsolicited messages to Bluetooth devices.

SIM Swapping

  • Definition: Transfers phone number to a hacker’s SIM card.

Jailbreaking/Rooting

  • Definition: Removes software restrictions, granting full control over the device.

Conclusion

  • Importance: Awareness and understanding of these threats are crucial for protection and cybersecurity.

Full transcript