Application Layer Attack
An application layer attack (sometimes referred to as layer 7 attack) is a form of denial-of-service (Dos or DDoS attack) where attackers target the application layer of the OSI model. The attack over-exercises specific functions or features of a website with the intention to disable those functions or features. Among other attack vectors, this category includes HTTP floods, slow attacks (e.g., Slowloris or RUDY) and DNS query flood attacks.
Brute Force Attack
A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data.
A distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.
DDoS attacks are launched from multiple connected devices that are distributed across the Internet. These multi-person, multi-device barrages are generally harder to deflect, mostly due to the sheer volume of devices involved. Unlike single-source DoS attacks, DDoS assaults tend to target the network infrastructure in an attempt to saturate it with huge volumes of traffic.
Known Vulnerability Exploitation
Exploiting is the act of trying to turn a vulnerability (a weakness) into an actual way to breach a system. A vulnerability can therefore be ‘exploited’ to turn it into viable method to attack a system. Known exploits are exploits we have a record of and which we can take measures against.
Zero Day Exploitation>
A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, one that developers have not had time to address and patch. There are zero days between the time the vulnerability is discovered (and made public), and the first attack.
Phishing for Credentials
Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.
Phishing with Malware
A malware attack is a piece of malicious software which takes over a person’s computer in order to spread the bug onto other people’s devices and profiles. It can also infect a computer and turn it into a botnet, which means the cyber criminal can control the computer and use it to send malware to others.
Rogue Update Attack
A rogue access point is a wireless access point that has been installed on a secure network without explicit authorization from a local network administrator, whether added by a well-meaning employee or by a malicious attacker.
Watering Hole Attack
A watering hole attack is a security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit. The goal is to infect a targeted user’s computer and gain access to the network at the target’s place of employment.