Hackers are categorized into ethical (white-hat), malicious (black-hat), and semi-ethical (gray-hat) depending on the actions they take.
An Advanced Persistent Threat (APT) is simply a threat actor that has advanced capabilities and is difficult to dissuade.
APT’s are typically very sophisticated in attack approach, well funded, and persistent over a range of time. Some historical APT campaigns were conducted for months before the victim discovered its presence.
Human error can refer to a threat actor that is accidental. When experiencing a security event caused by human error, it’s important to keep in mind that whatever access has been granted to the human making the error is the level of impact the error may cause. For example, a network administrator will have much more impact to an organization compared to a low-privilege user.
Script Kiddies are typically inexperienced threat actors who lack experience and knowledge of hacking and the tools used to hack. They are almost always external threats, with low sophistication and resource, and have minimal or no funding, Their goals can vary, but they usually operate opportunistically and don’t have a great deal of motivation.
Insider Threats refer to threat actors operating from within an organization.
Insider Threat have elevated access and increased knowledge when compared to external threat actors. An insider threat could be an employee (current or former), consultant, business partner, etc. and could be intentional, unintentional, or malicious.
Shadow IT refers to assets that are part of an organization’s network, but aren’t set up or managed by IT, and that IT and Security personnel are not aware of.
Hacktivists are threat actors with an ideology, who strongly believe in a cause and are willing to break the law to further that cause. They are usually external threats, and can have a range of sophistication and resources.
Competitors and Corporate Espionage refer to threat actors which steal trade secrets or sabotage rivals in order to gain an unfair advantage
Organized Cybercrime: Threat actors that target money as a large, overarching goal. Cybercriminals usually represent an external threat, with a wide-range of sophistication, and the resources the groups have access to can vary.
Cyber Terrorists are threat actors that seek to use hacking to cause large-scale destruction and harm.
State Actors are highly dangerous threat actors that have the support of a government. They are often highly sophisticated, and have large quantities of resources provided to them by their government, which allows them to employ skilled hackers
In cyber attacks, adversaries use special techniques to exploit vulnerabilities in applications, processes, or procedures.
Cross-Site Scripting (XSS) is a part of the OWASP Top Ten.
XSS is when an application allows untrusted data, potentially user-supplied data, into a web page without proper validation or sanitization.
It’s dangerous because it can allow attackers to execute malicious scripts in a victim’s browser leading to hijacked sessions, or malicious page alterations or redirections.
The code is an example of some code that may be used as part of a XSS attack. It could be inserted into a URL.
One way SQL injections can be mitigated is through input sanitization. Sanitization is the process of removing dangerous characters from user input.
Dangerous characters might include:
This is important because they allow attackers to extend SQL queries to gain more information from a database.
Careful, this method is not the perfect defense against SQL injections. Removing characters may have no effect in some queries and, if an attacker finds a way to bypass the sanitization process, they can easily inject data into your system.
SELECT username, email FROM users WHERE id = '1' AND '1' = '2';
A SQL injection is a serious vulnerability affecting applications that use SQL as their database language. Through cleverly constructed text inputs that modify the backend SQL query, threat actors can force the application to output private data or respond in ways that provide intel. SQL injections attacks can ultimately be used to steal information and even take complete control of a system.
Malware is malicious software inserted into a system to cause damage to systems or data or to gain unauthorized access to a network.
Some examples of malware are:
Spyware is malware downloaded without a user’s authorization which is used to steal sensitive information and relay it to an outside party in a way that harms the original user.
The key word here is “spy”. Clicking suspicious links or downloads could result in spyware.
Phishing is a social engineering tactic that can be used for many things, such as stealing credentials or getting malware onto a system.
In Cybersecurity, a password attack is any attack that attempts to hack into a password-protected asset, like an account or encrypted file.
Password Spraying refers to a type of brute force attack in which a threat actor tries common passwords on multiple usernames.
In Cybersecurity, credential harvesting refers to when an attacker attempts to harvest, or learn, a victim’s credentials.
Often, the attacker may just want to gain a large database of credentials rather than exploiting the user directly.
A buffer overflow attack is caused when an attacker intentionally passes data that overfills a buffer. This can allow an attacker to fill the buffer with data of their choosing.
Some specialized types of phishing include:
Adversarial artificial intelligence (AI) is a method used to identify vulnerabilities and attack vectors to circumvent security systems.
A supply-chain attack is a cyber attack that attempts to harm an organization by targeting vulnerable parts of its supply chain.
One of the more recent real-world examples of a supply-chain attack affected a company known as SolarWinds.