Thursday, June 10, 2021

Types of security breaches

 


A security breach is often a hallmark of an attack vector used to gain access to a protected system or data. Here are some common types of attacks used to perform security breaches: For more information on these attacks, see our in-depth post on cybersecurity threats.


security breach meaning


Distributed Denial of Service (DDoS) — Attackers take control of large numbers of devices to form botnets and use them to flood target systems with traffic, overwhelming bandwidth and system resources. Although DDoS is not a direct means of compromising an organization's systems, it can be used as a deterrent during an actual compromise by an attacker.

MitM (Man in the middle) - An attacker intercepts communication between a user and a target machine, impersonating the user or target machine and using it to steal credentials or data. This can allow you to obtain unauthorized data or perform illegal actions.

Social Engineering - Attackers manipulate users or employees of an organization to trick them into exposing sensitive data. A common attack method is phishing. Phishing is when an attacker sends fake emails or messages that force users to reply with personal information, click links to malicious sites, or download malicious attachments.

Malware and Ransomware — Attackers can infect target systems or endpoints connected to a protected system with malicious software called malware. Malware can be injected by exploiting social engineering, software vulnerabilities, or by leveraging weak authentication. Malware can be used to compromise computer systems, gain remote control, or corrupt or delete content, as in ransomware attacks.

Password Attacks — Attackers can use bots along with common password lists or stolen credentials to guess passwords and compromise accounts on target systems. Typically this is done against a normal account with limited privileges, and an attacker performs a lateral move to compromise an account with additional privileges.

Advanced Persistent Threat (APT) - While most cyber attacks are automated and fail to identify victims, APTs are systematic, targeted attacks against specific organizations. It is performed over weeks or months by a team of experienced threat actors and may involve a combination of several advanced attack techniques.