Cyberattack Methods 1

Attack vector is hardware, attack surface is software

Attack surface includes all potential entry points; vector is the specific method used

Attack vector includes employees, attack surface includes only systems

They are interchangeable terms

Modifying system configurations

Encrypting files with ransomware

Monitoring data traffic without altering it

Deleting user data

Brute-force attack

Zero-day exploit

Social engineering

Denial-of-service

Port scanning

Baiting

Packet sniffing

Firewall bypassing

Smishing

Whaling

Vishing

Clone phishing

They are always trusted

Only administrators are verified

No one is trusted by default

Internal systems are secure by default

Crack passwords by trying many combinations

Infect systems with malware

Intercept unencrypted emails

Monitor employee communication

It is unique

It includes a passphrase

It is reused and short

It includes symbols and numbers

Reading unencrypted emails

Installing ransomware

Observing login attempts

Watching network traffic

An outdated antivirus signature

A known vulnerability with a patch

An unknown software flaw exploited before a patch exists

A delay in system update