CISSP Domain 1 – Types of Attacker
The following are the most common types of attackers that you will need to know when it comes to studying CISSP Domain 1.
Malicious individual who attacks computer systems. Hackers possess the technical skills to breach the data by exploiting any vulnerability in the system or network. They have the skills to gain unauthorized access to your system. Hackers classified into 3 types based on their intent:
White hat hackers
These hackers use their skills in a just and lawful manner to determine the loose ends of the security of an organization. To boost the protection of the system and identify the weakness of the network, organizations hire white hat hackers.
Gray hat Hackers
These hackers crack through the security of an organization only to inform them later about it. They do not cause any harm but simply disclose the weakness in the security of the compromised network.
Black hat Hackers
They are unethical hackers who hack the system and networks and misuse it for personal benefits.
Attacks computer systems with tools they have little or no understanding of. Security novices can use Metasploit to compromise systems due to the quality of the tool. These noobs are harmless with less skill and do not cause heavy damage to the system. They enjoy being challenged and seek the thrill from it. Over time they may gain experience and even become professional hackers.
Unauthorized attackers with no authorized privilege access to a system or organization. Outsiders launch majority of the attacks.
An insider attack is launched by an internal user who may be authorized to use the system that is attacked. They maybe intentional or accidental. NIST special publication lists the following threat actions.
- Assault on an employee
- Browsing of proprietary information
- Computer abuse
- Fraud and theft
- Information Bribery
- Input of falsified, corrupted data
- Malicious code (virus, logic bomb, trojan horse
- Sale of personal information
- System bugs
- System intrusion
- System sabotage
- Unauthorized system access
Hacker activist, someone who attacks computer systems for political reasons. Hacktivism is a digital disobedience undertaken for a cause. Hacktivists fight for justice and do not go behind financial gains. Sometimes they pair up with malicious insiders to expose sensitive data.
State-sponsored Cyber Attackers
State-sponsored attackers have specific goals associating with either the political or military origin of their country. They use unlimited resources and highly sophisticated technologies. They often cause advanced persistent threats. Cyberwars, industrial espionage, and leaking state secrets are some of the attacks done by state-sponsored attackers.
Bots and Botnets
A bot (aka zombie) is a computer system running malware that is controlled via a botnet. A botnet contains a central command and control (C&C) network managed by humans called bot herders. Systems become bots after becoming compromised via server side attacks, client side attacks, and running remote access trojans.
Phishers and spear phishers
Malicious attackers who attempts to trick users into divulging credentials or PII. Phishing attacks tend to be large scale and uses emails that contains links to malicious sites that contains backdoors used to compromise your system. Spear phishing targets far fewer user but of high value, often executives and are very targeted (whaling). Vishing is voice phishing – telling using using automated scripts using VOIP to automate calls to thousands.
CISSP Domain 1 – Types of Cyber Attacks
The following are the most common types of attacks that you will need to know when it comes to studying CISSP Domain 1.
1. Malware Attack
This is one of the most common types of cyberattacks. “Malware” refers to malicious software viruses including worms, spyware, ransomware, adware, and trojans. The trojan virus disguises itself as legitimate software. Ransomware blocks access to the network’s key components, whereas Spyware is software that steals all your confidential data without your knowledge. Adware is software that displays advertising content such as banners on a user’s screen. Malware breaches a network through a vulnerability. When the user clicks a dangerous link, it downloads an email attachment or when an infected pen drive is used.
2. Phishing Attack
Phishing attacks are one of the most prominent widespread types of cyberattacks. It is a type of social engineering attack wherein an attacker impersonates to be a trusted contact and sends the victim fake mails. Unaware of this, the victim opens the mail and clicks on the malicious link or opens the mail’s attachment. By doing so, attackers gain access to confidential information and account credentials. They can also install malware through a phishing attack.
3. Password Attack
It is a form of attack wherein a hacker cracks your password with various programs and password cracking tools like Aircrack, Cain, Abel, John the Ripper, Hashcat, etc. There are different types of password attacks like brute force attacks, dictionary attacks, and keylogger attacks.
4. Man-in-the-Middle Attack
A Man-in-the-Middle Attack (MITM) is also known as an eavesdropping attack. In this attack, an attacker comes in between a two-party communication, i.e., the attacker hijacks the session between a client and host. By doing so, hackers steal and manipulate data.
5. SQL Injection Attack
A Structured Query Language (SQL) injection attack occurs on a database-driven website when the hacker manipulates a standard SQL query. It is carried by injecting a malicious code into a vulnerable website search box, thereby making the server reveal crucial information. This results in the attacker being able to view, edit, and delete tables in the databases. Attackers can also get administrative rights through this.
6. Denial-of-Service Attack
A Denial-of-Service Attack is a significant threat to companies. Here, attackers target systems, servers, or networks and flood them with traffic to exhaust their resources and bandwidth. When this happens, catering to the incoming requests becomes overwhelming for the servers, resulting in the website it hosts either shut down or slow down. This leaves the legitimate service requests unattended. It is also known as a DDoS (Distributed Denial-of-Service) attack when attackers use multiple compromised systems to launch this attack.
7. Insider Threat
As the name suggests, an insider threat does not involve a third party but an insider. In such a case; it could be an individual from within the organization who knows everything about the organization. Insider threats have the potential to cause tremendous damages. Insider threats are rampant in small businesses, as the staff there hold access to multiple accounts with data. Reasons for this form of an attack are many, it can be greed, malice, or even carelessness. Insider threats are hard to predict and hence tricky.
9. Zero-Day Exploit
A Zero-Day Exploit happens after the announcement of a network vulnerability; there is no solution for the vulnerability in most cases. Hence the vendor notifies the vulnerability so that the users are aware; however, this news also reaches the attackers.
Depending on the vulnerability, the vendor or the developer could take any amount of time to fix the issue. Meanwhile, the attackers target the disclosed vulnerability. They make sure to exploit the vulnerability even before a patch or solution is implemented for it.
10. Watering Hole Attack
The victim here is a particular group of an organization, region, etc. In such an attack, the attacker targets websites which are frequently used by the targeted group. Websites are identified either by closely monitoring the group or by guessing.