Forms of cyberattack
Cards (8)
- Shoulder surfingUsing direct observation to get information. It is relatively simple to stand next to someone and watch as they fill out a form, or enter a PIN number, but shoulder surfing can also be carried out long distance with the aid of binoculars or even CCTV.
- SQL injectionTechnique where malicious users can inject SQL commands into an SQL statement, via web page input. Injected SQL commands can alter SQL statements and compromise the security of information held in a database.
- Denial of service (DoS) attacksThey do not attempt to break system security, they attempt to make your website and servers unavailable to legitimate users, by swamping a system with fake requests – usually in an attempt to exhaust server resources.
- Password-based attacks - Dictionary attackThis uses a simple file containing words found in a dictionary. This attack uses exactly the kind of words that many people use as their password.
- Password-based attacks - Brute force attackSimilar to the dictionary attack but able to detect non-dictionary words by working through all possible alphanumeric combinations from aaa1 to zzz10. It’s not quick, but it will uncover your password eventually.
- Password-based attacks - GuessA user-generated password is unlikely to be random. Passwords are likely to be based upon our interests, hobbies, pet names, family names etc. Educated guesses often work.
- IP spoofinga spoof is a hoax, or a trick. IP address spoofing involves an attacker changing the IP address of a legitimate host so that a visitor who types in the URL of a legitimate site is taken to a fraudulent or spoofed web page. The attacker can then use the hoax page to steal sensitive data
- Social engineeringinternet users frequently receive messages that request password or credit card information to “set up their account”. Social engineering involves tricking a user into giving out sensitive information such as a password, by posing as a legitimate system administrator. E.g. phishing