Embedded Files
Determine the type of attack
Determine the type of attack
Previously, you learned about the eight Certified Information Systems Security Professional (CISSP) security domains. The domains can help you better understand how a security analyst's job duties can be organized into categories. Additionally, the domains can help establish an understanding of how to manage risk. In this reading, you will learn about additional methods of attack. You’ll also be able to recognize the types of risk these attacks present.
Attack types
Attack types
Password attack
Password attack
A password attack is an attempt to access password-secured devices, systems, networks, or data. Some forms of password attacks that you’ll learn about later in the certificate program are:
Brute force
Rainbow table
Password attacks fall under the communication and network security domain.
Social engineering attack
Social engineering attack
Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. Some forms of social engineering attacks that you will continue to learn about throughout the program are:
Phishing
Smishing
Vishing
Spear phishing
Whaling
Social media phishing
Business Email Compromise (BEC)
Watering hole attack
USB (Universal Serial Bus) baiting
Physical social engineering
Social engineering attacks are related to the security and risk management domain.
Physical attack
Physical attack
A physical attack is a security incident that affects not only digital but also physical environments where the incident is deployed. Some forms of physical attacks are:
Malicious USB cable
Malicious flash drive
Card cloning and skimming
Physical attacks fall under the asset security domain.
Adversarial artificial intelligence
Adversarial artificial intelligence
Adversarial artificial intelligence is a technique that manipulates artificial intelligence and machine learning technology to conduct attacks more efficiently. Adversarial artificial intelligence falls under both the communication and network security and the identity and access management domains.
Supply-chain attack
Supply-chain attack
A supply-chain attack targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed. Because every item sold undergoes a process that involves third parties, this means that the security breach can occur at any point in the supply chain. These attacks are costly because they can affect multiple organizations and the individuals who work for them. Supply-chain attacks can fall under several domains, including but not limited to the security and risk management, security architecture and engineering, and security operations domains.
Cryptographic attack
Cryptographic attack
A cryptographic attack affects secure forms of communication between a sender and intended recipient. Some forms of cryptographic attacks are:
Birthday
Collision
Downgrade
Cryptographic attacks fall under the communication and network security domain.
Key takeaways
Key takeaways
The eight CISSP security domains can help an organization and its security team fortify against and prepare for a data breach. Data breaches range from simple to complex and fall under one or more domains. Note that the methods of attack discussed are only a few of many. These and other types of attacks will be discussed throughout the certificate program.
Resources for more information
Resources for more information
To view detailed information and definitions of terms covered in this reading, visit the National Institute of Standards and Technology (NIST) glossary.
Pro tip: If you cannot find a term in the NIST glossary, enter the appropriate search term (e.g., “cybersecurity birthday attack”) into your preferred search engine to locate the definition in another reliable source such as a .edu or .gov site.
Summary: Types of Cybersecurity Attacks
Summary: Types of Cybersecurity Attacks
This reading introduces various types of cybersecurity attacks, which fall under different Certified Information Systems Security Professional (CISSP) security domains. Here's an overview of the main attack types:
Password Attack: Attempts to access password-secured systems, such as brute force and rainbow table attacks. Falls under the communication and network security domain.
Social Engineering Attack: Manipulates human error to gain access to sensitive information through techniques like phishing, smishing, vishing, and whaling. Related to the security and risk management domain.
Physical Attack: Targets both digital and physical environments, using malicious USB cables, flash drives, and card skimming. Falls under the asset security domain.
Adversarial Artificial Intelligence (AI): Manipulates AI and machine learning to execute attacks more efficiently. Related to both the communication and network security and identity and access management domains.
Supply-Chain Attack: Targets vulnerabilities within the supply chain to deploy malware, affecting multiple organizations. Related to several domains, including security and risk management and security architecture and engineering.
Cryptographic Attack: Targets secure communications with attacks like birthday, collision, and downgrade attacks. Falls under the communication and network security domain.
Expanded Summary: Types of Cybersecurity Attacks
Expanded Summary: Types of Cybersecurity Attacks
This section introduces various cybersecurity attack types that align with the CISSP (Certified Information Systems Security Professional) security domains, helping organizations understand and manage risks across multiple categories.
Password Attack
A password attack seeks unauthorized access to devices, systems, or networks by targeting passwords. Two common forms include:
Brute force: Repeatedly guessing passwords until the correct one is found.
Rainbow table: Using precomputed tables of hash values to crack passwords. These attacks are categorized under the communication and network security domain, as they focus on gaining access to secured systems.
Social Engineering Attack
Social engineering exploits human error to gain sensitive information or access. Common techniques include:
Phishing: Deceptive emails to trick users into sharing personal data.
Smishing: Phishing via SMS.
Vishing: Voice-based phishing.
Spear Phishing/Whaling: Targeted phishing attacks, with whaling focused on high-profile individuals.
BEC (Business Email Compromise): Manipulating business email systems to trick employees into unauthorized transfers.
Watering Hole Attack: Compromising a website frequently visited by the target.
USB Baiting: Using infected USBs to infiltrate systems. Social engineering falls under the security and risk management domain, as it involves manipulating human behavior to exploit vulnerabilities.
Physical Attack
A physical attack involves tampering with hardware, such as:
Malicious USB cable: Infected cables used to breach systems.
Card cloning and skimming: Replicating payment card data. These attacks fall under the asset security domain, focusing on safeguarding physical resources.
Adversarial Artificial Intelligence (AI)
Adversarial AI manipulates machine learning models to launch more efficient attacks. This technique exploits weaknesses in AI systems for harmful purposes. It is connected to the communication and network security and identity and access management domains because of its focus on advanced system vulnerabilities.
Supply-Chain Attack
A supply-chain attack targets vulnerabilities within the supply chain to introduce malware, affecting hardware, software, and other third-party systems. These attacks can impact multiple organizations and fall under several domains, including:
Security and risk management
Security architecture and engineering
Security operations Supply-chain attacks are particularly dangerous due to their widespread impact across interconnected systems.
Cryptographic Attack
Cryptographic attacks exploit weaknesses in encrypted communications to intercept or alter data. Common types include:
Birthday attack: Exploits hash functions to find collisions between data.
Collision attack: Attempts to find two different inputs producing the same hash value.
Downgrade attack: Forces a system to use weaker encryption. These attacks fall under the communication and network security domain due to their focus on secure communications.
Key Takeaways
Key Takeaways
The eight CISSP security domains provide a framework for understanding and categorizing different types of cybersecurity threats, helping organizations fortify their defenses. The attacks described here, ranging from simple to complex, are just a few examples of how vulnerabilities can be exploited. Further learning throughout the certificate program will delve deeper into these attack methods.
Resources for Further Learning
Resources for Further Learning
NIST Glossary: A valuable resource for understanding detailed terms related to cybersecurity.
Google Cybersecurity Action Team Threat Horizon Report: Offers strategic insights for dealing with cloud-based security threats.
CISA Free Cybersecurity Services and Tools: Open-source cybersecurity tools provided by the Cybersecurity & Infrastructure Security Agency.
This overview highlights the diverse nature of cyber threats and their alignment with various CISSP domains, offering a foundational understanding for managing and mitigating risks in cybersecurity.
Understand attackers
Understand attackers
Previously, you were introduced to the concept of threat actors. As a reminder, a threat actor is any person or group who presents a security risk. In this reading, you’ll learn about different types of threat actors. You will also learn about their motivations, intentions, and how they’ve influenced the security industry.
Threat actor types
Threat actor types
Advanced persistent threats
Advanced persistent threats
Advanced persistent threats (APTs) have significant expertise accessing an organization's network without authorization. APTs tend to research their targets (e.g., large corporations or government entities) in advance and can remain undetected for an extended period of time. Their intentions and motivations can include:
Damaging critical infrastructure, such as the power grid and natural resources
Gaining access to intellectual property, such as trade secrets or patents
Insider threats
Insider threats
Insider threats abuse their authorized access to obtain data that may harm an organization. Their intentions and motivations can include:
Sabotage
Corruption
Espionage
Unauthorized data access or leaks
Hacktivists
Hacktivists
Hacktivists are threat actors that are driven by a political agenda. They abuse digital technology to accomplish their goals, which may include:
Demonstrations
Propaganda
Social change campaigns
Fame
Hacker types
Hacker types
A hacker is any person who uses computers to gain access to computer systems, networks, or data. They can be beginner or advanced technology professionals who use their skills for a variety of reasons. There are three main categories of hackers:
Authorized hackers are also called ethical hackers. They follow a code of ethics and adhere to the law to conduct organizational risk evaluations. They are motivated to safeguard people and organizations from malicious threat actors.
Semi-authorized hackers are considered researchers. They search for vulnerabilities but don’t take advantage of the vulnerabilities they find.
Unauthorized hackers are also called unethical hackers. They are malicious threat actors who do not follow or respect the law. Their goal is to collect and sell confidential data for financial gain.
Note: There are multiple hacker types that fall into one or more of these three categories.
New and unskilled threat actors have various goals, including:
To learn and enhance their hacking skills
To seek revenge
To exploit security weaknesses by using existing malware, programming scripts, and other tactics
Other types of hackers are not motivated by any particular agenda other than completing the job they were contracted to do. These types of hackers can be considered unethical or ethical hackers. They have been known to work on both illegal and legal tasks for pay.
There are also hackers who consider themselves vigilantes. Their main goal is to protect the world from unethical hackers.
Key takeaways
Key takeaways
Threat actors are defined by their malicious intent and hackers are defined by their technical skills and motivations. Understanding their motivations and intentions will help you be better prepared to protect your organization and the people it serves from malicious attacks carried out by some of these individuals and groups.
Resources for more information
Resources for more information
To learn more about how security teams work to keep organizations and people safe, explore the Hacking Google series of videos.
Summary: Understanding Attackers
Summary: Understanding Attackers
This reading provides an overview of threat actors and their motivations. Here are the main types of threat actors:
Advanced Persistent Threats (APTs)
APTs are highly skilled attackers that infiltrate organizations (often large corporations or government entities) and remain undetected for long periods. Their motivations include damaging critical infrastructure and stealing intellectual property.Insider Threats
Insider threats come from within an organization, where individuals with authorized access misuse their privileges. Motivations include sabotage, corruption, espionage, and unauthorized data access or leaks.Hacktivists
Hacktivists use digital technology to promote political agendas, aiming for demonstrations, propaganda, social change campaigns, or fame.
Hacker Categories:
Hacker Categories:
Authorized Hackers (Ethical): Work within the law to help organizations identify risks.
Semi-Authorized Hackers: Researchers who find vulnerabilities but don’t exploit them.
Unauthorized Hackers (Unethical): Malicious actors who break the law to steal data for financial gain.
Other Hackers:
Other Hackers:
Unskilled Threat Actors: Use existing tools to learn or seek revenge.
Contract Hackers: May work legally or illegally for pay.
Vigilante Hackers: Protect against unethical hackers but act outside legal boundaries.
Key Takeaways:
Key Takeaways:
Understanding the motivations and behaviors of threat actors and hackers helps organizations better prepare for potential security risks and defend against malicious attacks.
Resource:
Resource:
For more on how security teams protect organizations, check out the Hacking Google video series.
Expanded Summary: Understanding Attackers
Expanded Summary: Understanding Attackers
In this section, we explore various types of threat actors and their motivations. Understanding these threat actors is crucial for cybersecurity professionals to better protect organizations from security risks.
Advanced Persistent Threats (APTs)
APTs are highly skilled and organized groups that gain unauthorized access to an organization's network and stay undetected for extended periods. They typically target large corporations or government entities. APTs are often motivated by:
Damaging critical infrastructure like power grids or natural resources.
Stealing intellectual property, such as trade secrets or patents.
Insider Threats
Insider threats come from individuals within an organization who misuse their authorized access to harm the company. Their motivations can include:
Sabotage: Deliberately causing damage to an organization.
Corruption: Misusing resources for personal gain.
Espionage: Stealing confidential information for a third party.
Unauthorized data access: Leaking sensitive information.
Hacktivists
Hacktivists are driven by political, social, or ideological agendas. They use digital tools to carry out:
Demonstrations and propaganda: Spreading political messages or protests.
Social change campaigns: Advocating for causes such as human rights.
Fame and recognition: Seeking public acknowledgment for their actions.
Hacker Types
Hackers use their technical expertise to access computer systems, networks, or data. They can be categorized as:
Authorized Hackers (Ethical Hackers): Work within the law to help organizations identify vulnerabilities and risks. They are motivated by the goal of safeguarding people and systems.
Semi-Authorized Hackers (Researchers): Find vulnerabilities but do not exploit them. They aim to improve systems by identifying weaknesses.
Unauthorized Hackers (Unethical Hackers): These malicious actors break the law to steal data or exploit systems, often for financial gain. They are also called black-hat hackers.
Other Hacker Types
New and Unskilled Threat Actors: These individuals may be learning the craft or seeking revenge. They often use pre-made malware or scripts to exploit security weaknesses.
Contract Hackers: Hackers hired to complete a task, either legally or illegally. They may work for companies or criminals, blurring ethical lines.
Vigilante Hackers: These hackers aim to protect others from unethical hackers, often taking the law into their own hands.
Key Takeaways
Key Takeaways
Threat actors are defined by their malicious intent, while hackers are categorized based on their technical skills and motivations.
Understanding these actors' motivations, whether political, financial, or personal, helps organizations better prepare for and mitigate potential threats.
Resources for Further Learning
Resources for Further Learning
The Hacking Google video series offers insights into how security teams defend organizations and protect people from cyber threats.
Glossary terms from module 2
Glossary terms from module 2
Terms and definitions from Course 1, Module 2
Terms and definitions from Course 1, Module 2
Adversarial artificial intelligence (AI): A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently
Business Email Compromise (BEC): A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage
CISSP: Certified Information Systems Security Professional is a globally recognized and highly sought-after information security certification, awarded by the International Information Systems Security Certification Consortium
Computer virus: Malicious code written to interfere with computer operations and cause damage to data and software
Cryptographic attack: An attack that affects secure forms of communication between a sender and intended recipient
Hacker: Any person who uses computers to gain access to computer systems, networks, or data
Malware: Software designed to harm devices or networks
Password attack: An attempt to access password secured devices, systems, networks, or data
Phishing: The use of digital communications to trick people into revealing sensitive data or deploying malicious software
Physical attack: A security incident that affects not only digital but also physical environments where the incident is deployed
Physical social engineering: An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location
Social engineering: A manipulation technique that exploits human error to gain private information, access, or valuables
Social media phishing: A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack
Spear phishing: A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source
Supply-chain attack: An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed
USB baiting: An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network
Virus: refer to “computer virus”
Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source
Watering hole attack: A type of attack when a threat actor compromises a website frequently visited by a specific group of users
Page updated
Google Sites
Report abuse