Basic Terms

Phishing (by Checkpoint)

Phishing is a type of cyber security attack by messages during which malicious actors send messages pretending to be a trusted person or entity. Phishing messages manipulate a user causing them to perform actions like installing a malicious file, clicking a malicious link or divulging sensitive information such as access credentials. It is the most common type of social engineering.

Ransomware

is a malware is a type of malicious designed to prevent a user or organization accessing to entire data systems, and information files. By encrypting the digital systems, a ransom is then demanded from the victim for decryption key. Ransomware attacks can cause loss of critical information and data costly
disruptions to operations. Ransomware has quoqly become the most prominent and visible type of malware.

Malware

Malware, is used by threat actors to intentionally harm and infect devices and networks. The umbrella term encompasses many subcategories, including the following: viruses, worms, ransomware, bots, Trojan horses, keyloggers, rootkits, spyware, cryptomining malware, and adware. Malware infiltrates systems physically, via email or over the internet. Phishing, which involves email that appears legitimate but contains malicious links or attachments, is one of the most common malware attack vectors. Malware can also get onto devices and networks via infected USB drives, unpatched or fraudulent software and applications, insider threats, and vulnerable or misconfigured devices and software.

​

Zero Day (by Kasparski)

Zero-day  is a broad term that describes recently discovered security vulnerabilities that hackers can use to attack systems. The term refers to the fact that the vendor or developer has only just learned of the flaw – which means they have “zero days” to fix it. A zero-day attack takes place when hackers exploit the flaw before developers have a chance to address it. Zero-day is sometimes written as 0-day. The words vulnerability, exploit, and attack are typically used alongside zero-day, and it’s helpful to understand the
difference:

• A zero-day vulnerability is a software vulnerability discovered by attackersbefore the vendor has become aware of it. Because the vendors are unaware, no patch exists for zero-day vulnerabilities, making attacks likely to succeed.

• A zero-day exploitis the method hackers use to attack systems with a previously unidentified vulnerability.

• A zero-day attack is the use of a zero-day exploit to cause damage to or steal data from a system affected by a vulnerability.

 

YOU CAN LEARN MORE ABOUT ZERO DAYS HERE

Web Attacks

​

Every website on the Internet is somewhat vulnerable to security attacks. Web attacks refer to threats that target vulnerabilities in web-based applications The threats range from human errors to sophisticated attacks by coordinated cyber criminals. web attacks include SQL injection and cross-site scripting (XSS), cross-site request forgery (CSRF) attacks and parameter tampering. According to the Data Breach Investigations Report by Verizon, the primary motivation for cyber attackers is financial. Whether you run an eCommerce project or a simple small business website, the risk of a potential attack is there.
Social Engineering Social engineering is a common threat vector mostly trick people into clicking
on malicious click. The attacks like fishing are often combined with other threats such as malware cod injection and network attack.

​

Social Engineering

Social engineering is a common threat vector mostly trick people into clicking
on malicious click. The attacks like fishing are often combined with other
threats such as malware cod injection and network attack.