Website Malware
Risk: High
Website malware is malicious software used to infect or attack websites in order to steal, encrypt or delete sensitive information, alter or hijack website code and other malicious payloads.
Types: Virus, Worm, Trojan Horse, Spyware, Ransomware, Rootkit, Remote Access Trojan (RAT) or Backdoor Virus, Adware, Keyloggers, Mobile Malware
Brute Force
Risk: Very High
A brute force attack or exhaustive key search attack is a form of hacking that involves figuring out possible combinations of targeted passwords until the correct one is decoded.
Types: Simple Brute Force Attack, Hybrid Brute Force Attacks, Reverse Brute Force Attack, Credential Stuffing, Dictionary Attacks, Rainbow Table Attacks
SQL Injection
Risk: Medium
SQL injection (SQLi) attacks are done by inserting or “injecting” a SQL command via the user data input to enable it to read sensitive information from the database, modify database information (Insert/Update/Delete), execute admin operations on the database (such as shutdown the DBMS), and even issue commands to the operating system.
Types: In-band SQLi (Classic SQLi) Error-based or Union-based, Inferential SQLi (Blind SQLi) Boolean-based (content-based) Blind SQLi, Time-based Blind SQLi or Out-of-band SQLi
CSRF
Risk: Medium
CSRF or Cross-Site Request Forgery attacks involve sending malicious requests to users from authenticated sources via web applications. This type of attack aims to effect state changes like transfer funds or alter credentials rather than steal data as the attacker is unable to see the responses to the forged requests.
This attack may also be referred to as XSRF, Sea Surf, Session Riding, Hostile Linking, and One-Click attack. Types: URL Spoofing, Cross-Site Scripting (XSS), Malware
XSS
XSS or Cross-Site Scripting is a type of injection attack wherein a malicious script is inserted into trusted websites to access the end-user’s machine, usually to transmit sensitive data to the attacker.
Types: Stored XSS Attacks / Persistent or Type I, Reflected XSS Attacks / Non-Persistent or Type II, DOM Based XSS / Type-0, Server XSS, Client XSS
DoS/DDoS attacks
Distributed Denial-of-Service (DDoS) attacks use multiple compromised computer systems to overwhelm targeted servers or networks and their surrounding infrastructure in order to disrupt normal Internet traffic.
Types: Volume-Based Attacks, Protocol Attacks, Application Layer Attacks, UDP Flood, ICMP (Ping) Flood, SYN Flood, Ping of Death, Slowloris, NTP Amplification, HTTP Flood, Zero-day DDoS Attacks
Blacklisting
Blacklisting is creating a list of suspicious or malicious entities and blocking them from accessing a network or system.
Types: IP blacklisting, Domain blacklisting
Zero Day Attacks
Zero day attacks may be defined as exploits on unpatched vulnerabilities that have not been made public, or attacks on a vulnerability that are launched the same day (day zero) that it was announced.
Phishing
Phishing is an attack often disguised as a form of communication from a trusted entity that uses social engineering tactics to steal user information such as personal data, passwords and credit card numbers.
Categories: Vishing, Smishing, Angler Phishing, Search Engine Phishing, Spear Phishing, Whaling.
Types: Email Spoofing – Name Impersonation, Mass Target – Brand Impersonation, URL Phishing, Subdomain Attack, Pop-Up Messages: In-Session Phishing, Search Engine Attack, Website Spoofing, Scripting, Man-in-the-Middle Attack, Clone Phishing, Image Phishing, Voice Phishing Attack, CEO Fraud, Malware Injection
Compromised passwords
Compromised passwords (or compromised credentials) can grant intruders administrative access to personal accounts of users as well as servers, network devices and security mechanisms of organisations.
Vulnerability exploits
Vulnerability exploits are attacks that take advantage of a system’s security flaw using a code to remotely access the victim’s network.
Types: Zero-day Vulnerability, Broken Authentication, SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Security Misconfiguration
Defacement
Defacement or cyber-defacement is when hackers illegally access a victim’s web server and alter the appearance of a website or webpage to suit their purpose.
Stolen data
Stolen data is information that is illegally obtained through unauthorised access to a system or network. This cyberattack incident is called data breach.
Types: Stolen information, Ransomware, Password guessing, Recording keystrokes, Phishing, Malware or virus, Denial of service
Session hijacking
Session hijacking is when cybercriminals have information on users’ session cookies and use it to take over their online transactions. Other terms for session hijacking are cookie hijacking and cookie side-jacking.
Types: Cross-site scripting (XSS), Session side jacking, Session fixation, Cookie theft by malware or direct access, Brute force
Malicious redirects
Malicious redirects are done by inserting a code into a website that effectively brings a visitor to another website. Attackers usually do this to increase impressions on their own websites or to run malicious web-based scripts on vulnerable devices of its visitors.
Types: Javascript insertions in your site’s files, Javascript inserted in pages or posts, Javascript redirects inserted into widgets, Obfuscated javascript appended to javascript files, Redirects inserted into htaccess files, Ad networks
SEO Spam
SEO Spam (aka Spamdexing) is a way of manipulating the relevance or ranking of search terms by spamming the search engine with keywords that will redirect traffic to a website designed by hackers as a scam.
Types: Spammy links, Spammy keywords, Spammy ads, Spammy posts and pages
Directory traversal
Directory Traversal (aka Path Traversal) is a cyberattack that attempts to gain access to restricted directories and files outside of the web root folder by taking advantage of vulnerabilities in the system.
Types: attacks that target vulnerabilities in the web server, attacks that target vulnerabilities in application code
Remote file inclusions
Remote File Inclusions (RFI) exploit insecurities in web applications linked to external scripts to insert malware from a remote URL. This results in stolen data, compromised web servers and website takeover.
Clickjacking
Clickjacking (aka UI Redress Attack) is a form of cyberattack that masks page elements using multiple layers to make them appear like a normal link or button that a user would click on. In effect, the attacker is able to hijack clicks or impressions meant for another page.
Types: Content overlays, Scrolling attacks, Rapid content replacement, Repositioning the trusted window, Phantom mouse cursors, Drag and drop attacks, 204 status codes/Malicious event handlers, Trusted dialogue extensions, Trusted user interfaces.
