The 15 most common attacks in 2009

The 15 most common attacks in 2009

Tags:    2009   data breach   Verizon

By Victor Ng | Dec 16, 2009

The latest in the Data Breach Investigations Report series by Verizon Business security experts provides enterprises with an unprecedented look at the 15 most common security attacks and how they typically unfold.

 

Ranked by frequency, the top 15 types of attacks are:

  1. Keylogging and spyware: Malware specifically designed to covertly collect, monitor and log the actions of a system user.
  2. Backdoor or command/control: Tools that provide remote access to or control of infected systems, or both, and are designed to run covertly.
  3. SQL injection: An attack technique used to exploit how Web pages communicate with back-end databases.
  4. Abuse of system access/privileges: Deliberate and malicious abuse of resources, access or privileges granted to an individual by an organization.
  5. Unauthorized access via default credentials: Instances in which an attacker gains access to a system or device protected by standard preset (widely known) usernames and passwords.
  6. Violation of acceptable use and other policies: Accidental or purposeful disregard of acceptable use policies.
  7. Unauthorized access via weak or misconfigured access control lists (ACLs): When ACLs are weak or misconfigured, attackers can access resources and perform actions not intended by the victim.
  8. Packet Sniffer: Monitors and captures data traversing a network.
  9. Unauthorized access via stolen credentials: Instances in which an attacker gains access to a protected system or device using valid but stolen credentials.
  10. Pretexting or social engineering: A social engineering technique in which the attacker invents a scenario to persuade, manipulate, or trick the target into performing an action or divulging information.
  11. Authentication bypass: Circumvention of normal authentication mechanisms to gain unauthorized access to a system
  12. Physical theft of asset: Physically stealing an asset.
  13. Brute-force attack: An automated process of iterating through possible username/password combinations until one is successful.
  14. RAM scraper: A fairly new form of malware designed to capture data from volatile memory (RAM) within a system.
  15. Phishing (and endless “ishing” variations): A social engineering technique in which an attacker uses fraudulent electronic communications (usually e-mail) to lure the recipient into divulging information.

 

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
Verification Code
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
 

Comments

Comments

our company was vested with

Submitted by wu xiaoli on 19 December 2009 - 1:51pm.

our company was vested with production authority of the U.S. National Football League (nfl jersey) in China. Therefore we are one of the largest nfl jerseys center in China and our products have been exported to Europe and America market for cheap nfl jerseys time.

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Testing the Cloud – Definitions, Requirements, and Solutions
The widespread availability of high-speed broadband networks has seen applications and web sites move into the Cloud. This use of a cloud-based infrastructure means there is no local infrastructure to purchase, manage, secure, or upgrade. The virtualized data center, whether within the enterprise or located at a cloud service provider, must be properly provisioned in order to provide the necessary functions and performanceof cloud-based applications.
Integrating the physical and the virtual
It’s not just a question of dealing with a proliferation of virtual machines. With convergence, fewer hardware resources deliver multiple capabilities and host multiple workloads.Monitoring these “anytime-anyplace” workloads creates a resource challenge, as there are a limited number of network access points.
 
 
 
A Case Study of Eurograbber: How 36 Million Euros was Stolen via Malware
This is a case study about a sophisticated, multi-dimensional and targeted attack that stole an estimated 36+ million Euros from more than 30,000 bank customers from multiple banks across Europe.
Symantec, Singapore school partner to nurture next-generation security talents
Symantec Corp. and the Singapore Management University will jointly train and equip IT security professionals with the latest knowledge and skill sets in information security.