The cybersecurity domain is pretty wide and complex with different attack types and vulnerabilities.
The goal of this section is to review the cybersecurity mindsets so it will be easier for you to understand and deal with new use cases.
First, we examine the different cyber-attacks and how they are performed by an attacker. Then we review information-security countermeasures.
Cyber-attack is when an attacker exploits a vulnerability on an asset to perform a malicious activity (threat)
- An Asset is a device, application, or any other entity that operates in a certain environment.
- A Vulnerability is a flaw in the environment the attacker is trying to exploit.
- A Threat is a potential for violation of security, which occurs when there is a circumstance, capability, action, or event that could breach security and cause harm.
This is the most basic flow of a cyber-attack, most of the attacks are combinations of different vulnerabilities in different aspects of the environment that cause the threat to happen
- A burglar is breaking into a home (Environment) by cracking the door lock (Vulnerable) using his burglar kit (exploit) and stealing (threat) the TV (Asset)
- A hacker sends an email (environment) with a malicious file (exploit); the victim opens the file (vulnerability) causing installation of malicious code (threat) on the computer (asset)
- A victim is connected to an open Wi-Fi (vulnerability1 + environment) and enters his bank account credentials (asset) without any encryption (vulnerability2). The attacker is also connected to the Wi-Fi and used ARP poising (exploit) on the network, the victim traffic is now transferred to the attacker computer, enabling him to read the victim’s password (asset)