Non-exhaustive list of common Cybersecurity Attacks:
List of Common Cybersecurity Attacks
Non-exhaustive list of common cybersecurity attacks:
- Brute-force Attack
- Cross-Site Request Forgery (XSRF)
- Cross-Site Scripting (XSS)
- Denial of Service (DoS)
- Man-in-the-middle (MITM)
- Rogue access point
- Session hijacking
- Spoofing of data packets
- SQL Injection
- Pass the Hash
- Pass the Key
A brute-force attack (a.k.a. brute force cracking) is the cyberattack equivalent of trying every key on your key ring, and eventually finding the right one.
Cross-Site Request Forgery (XSRF)
XSRF is a type of web site attack in which unauthorized commands are transmitted from a trusted user.
XSRF exploits inadequate authentication mechanisms in web applications that rely only on elements such as cookies when performing a transaction.
It is mentioned on CISM Review QA&E Manual 9th Edition, question S3-200.
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
Denial of Service (DoS)
Denial of Service (DoS) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.
Packet filtering techniques are the only ones which reduce network congestion caused by a network denial-of-service attack.
It is sometimes abbreviated with the acronym MITM attack.
Rogue access point
A rogue access point masquerades as a legitimate access point. The risk is that legitimate users may connect through this access point and have their traffic monitored.
It is a significant risk when using wireless local area network technology.
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution
Pharming is a cyberattack intended to redirect a website’s traffic to another, fake site by installing a malicious program on the computer. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software.