Previously, you learned about past and present attacks that helped shape the cybersecurity industry. These included the LoveLetter attack, also called the ILOVEYOU virus, and the Morris worm. One outcome was the establishment of response teams, which are now commonly referred to as computer security incident response teams (CSIRTs). In this reading, you will learn more about common methods of attack. Becoming familiar with different attack methods, and the evolving tactics and techniques threat actors use, will help you better protect organizations and people.
Phishing
Phishing is the use of digital communications to trick people into revealing sensitive data or deploying malicious software.
Some of the most common types of phishing attacks today include:
-
Business Email Compromise (BEC): A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage.
-
Spear phishing: A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source.
-
Whaling: A form of spear phishing. Threat actors target company executives to gain access to sensitive data.
-
Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.
-
Smishing: The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source.
Malware
Malware is software designed to harm devices or networks. There are many types of malware. The primary purpose of malware is to obtain money, or in some cases, an intelligence advantage that can be used against a person, an organization, or a territory.
Some of the most common types of malware attacks today include:
-
Viruses: Malicious code written to interfere with computer operations and cause damage to data and software. A virus needs to be initiated by a user (i.e., a threat actor), who transmits the virus via a malicious attachment or file download. When someone opens the malicious attachment or download, the virus hides itself in other files in the now infected system. When the infected files are opened, it allows the virus to insert its own code to damage and/or destroy data in the system.
-
Worms: Malware that can duplicate and spread itself across systems on its own. In contrast to a virus, a worm does not need to be downloaded by a user. Instead, it self-replicates and spreads from an already infected computer to other devices on the same network.
-
Ransomware: A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access.
-
Spyware: Malware that’s used to gather and sell information without consent. Spyware can be used to access devices. This allows threat actors to collect personal data, such as private emails, texts, voice and image recordings, and locations.
Social Engineering
Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. Human error is usually a result of trusting someone without question. It’s the mission of a threat actor, acting as a social engineer, to create an environment of false trust and lies to exploit as many people as possible.
Some of the most common types of social engineering attacks today include:
-
Social media phishing: A threat actor collects detailed information about their target from social media sites. Then, they initiate an attack.
-
Watering hole attack: A threat actor attacks a website frequently visited by a specific group of users.
-
USB baiting: A threat actor strategically leaves a malware USB stick for an employee to find and install, to unknowingly infect a network.
-
Physical social engineering: A threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.
Social engineering principles
Social engineering is incredibly effective. This is because people are generally trusting and conditioned to respect authority. The number of social engineering attacks is increasing with every new social media application that allows public access to people’s data. Although sharing personal data—such as your location or photos—can be convenient, it’s also a risk.
Reasons why social engineering attacks are effective include:
-
Authority: Threat actors impersonate individuals with power. This is because people, in general, have been conditioned to respect and follow authority figures.
-
Intimidation: Threat actors use bullying tactics. This includes persuading and intimidating victims into doing what they’re told.
-
Consensus/Social proof: Because people sometimes do things that they believe many others are doing, threat actors use others’ trust to pretend they are legitimate. For example, a threat actor might try to gain access to private data by telling an employee that other people at the company have given them access to that data in the past.
-
Scarcity: A tactic used to imply that goods or services are in limited supply.
-
Familiarity: Threat actors establish a fake emotional connection with users that can be exploited.
-
Trust: Threat actors establish an emotional relationship with users that can be exploited over time. They use this relationship to develop trust and gain personal information.
-
Urgency: A threat actor persuades others to respond quickly and without questioning.
Key takeaways
In this reading, you learned about some common attacks and their impacts. You also learned about social engineering and why it’s so successful. While this is only a brief introduction to attack types, you will have many opportunities throughout the program to further develop your understanding of how to identify and defend against cybersecurity attacks.
What the difference between Virus and Malware?
Malware is a broad category of malicious software designed to harm or exploit computer systems, networks, or devices. It includes various types of harmful software such as viruses, worms, trojans, ransomware, spyware, and more.
Virus is a specific type of malware that attaches itself to legitimate files or programs and relies on user action (like opening a file) to spread and infect other files or systems.
In summary, all viruses are malware, but not all malware are viruses.
常見攻擊及其效果
本指南涵蓋各種網路攻擊方法,包括網路釣魚、惡意軟體和社會工程學。了解這些策略有助於更好地保護組織和個人。
網路釣魚
網路釣魚是利用數位通訊手段欺騙個人,讓其洩露敏感資料或安裝惡意軟體。
常見的網路釣魚攻擊類型
-
商業電子郵件詐騙 (BEC)
- 發送看似來自知名來源的電子郵件。
- 請求敏感資訊或金錢交易以謀取不法利益。
-
魚叉式釣魚
- 針對特定用戶或群體進行攻擊。
- 電子郵件看似來自受信任的來源。
-
鯨魚式釣魚
- 魚叉式釣魚的一種,專門針對公司高層。
- 旨在獲取高度敏感的數據。
-
語音釣魚 (Vishing)
- 利用語音通訊(電話)冒充受信任的來源。
- 目的在於收集敏感資訊。
-
短信釣魚 (Smishing)
- 利用簡訊欺騙用戶。
- 目的在於獲取敏感資料或冒充身份。
惡意軟體
惡意軟體是一種旨在損壞或破壞設備或網路的惡意程式,通常目的是為了獲取金錢或情報優勢。
常見的惡意軟體類型
-
病毒
- 干擾電腦運作的惡意程式碼。
- 需要用戶操作(例如打開附件)才能執行。
- 一旦激活,會隱藏在其他檔案中進行傳播。
-
蠕蟲
- 能夠自我複製並自動傳播的惡意軟體。
- 不需要用戶啟動,即可感染網路中的其他設備。
-
勒索軟體
- 對資料進行加密,並要求付款以恢復訪問權限。
- 透過扣押資料來干擾組織運作。
-
間諜軟體
- 在未經同意的情況下收集並出售個人或敏感資訊。
- 可能允許遠端存取私人資料,如電子郵件、簡訊及錄音。
社會工程學
社會工程學利用人類的錯誤和信任來獲取未經授權的存取或資訊。它操縱人們天生的信任傾向。
常見的社會工程攻擊
-
社群媒體釣魚
- 利用從社群媒體收集的詳細目標資訊來發起攻擊。
-
水坑攻擊
- 攻擊目標群體經常訪問的網站,以感染用戶。
-
USB 誘餌
- 在策略性地點放置感染惡意軟體的 USB 隨身碟,利用人們的好奇心使設備感染。
-
實體社會工程
- 通過冒充員工、客戶或供應商,獲取對實體地點的未經授權存取。
社會工程學原則
社會工程學之所以有效,是因為它利用了人類的天性和情感。主要策略包括:
-
權威
- 冒充具有權威的人物以獲得信任。
-
恐嚇
- 利用欺壓策略迫使受害者服從。
-
共識/社會認同
- 利用「既然大家都這麼做,就一定正確」的信念。
-
稀缺性
- 製造一種虛假的供應有限感,促使人們迅速行動。
-
熟悉感
- 建立虛假的情感聯繫以促進信任。
-
信任
- 通過長期建立關係,逐步收集敏感資訊。
-
緊迫感
- 迫使個體迅速行動,而不經充分質疑。
主要收穫
-
瞭解攻擊向量:
熟悉各種攻擊方法(網路釣魚、惡意軟體、社會工程學)對於有效防禦至關重要。 -
不斷演變的威脅:
網路攻擊策略不斷演變,因此保持警覺和採取主動的安全措施是必須的。 -
人為因素:
許多攻擊利用人類的錯誤和信任,凸顯了培訓和警覺的重要性。 -
防禦策略:
對這些方法的了解有助於識別和減輕潛在的網路安全威脅。