1.APT attack
An advanced persistent threat (APT) is a broad term used to describe an attack campaign in which an intruder, or team of intruders, establishes an illicit, long-term presence on a network in order to mine highly sensitive data.
The targets of these assaults, which are very carefully chosen and researched, typically include large enterprises or governmental networks. The consequences of such intrusions are vast, and include:
Intellectual property theft (e.g., trade secrets or patents)
Compromised sensitive information (e.g., employee and user private data)
The sabotaging of critical organizational infrastructures (e.g., database deletion)
Total site takeovers
Executing an APT assault requires more resources than a standard web application attack. The perpetrators are usually teams of experienced cybercriminals having substantial financial backing. Some APT attacks are government-funded and used as cyber warfare weapons.
APT attacks differ from traditional web application threats, in that:
They’re significantly more complex.
They’re not hit and run attacks—once a network is infiltrated, the perpetrator remains in order to attain as much information as possible.
They’re manually executed (not automated) against a specific mark and indiscriminately launched against a large pool of targets.
They often aim to infiltrate an entire network, as opposed to one specific part.
More common attacks, such as remote file inclusion (RFI), SQL injection and cross-site scripting (XSS), are frequently used by perpetrators to establish a foothold in a targeted network. Next, Trojans and backdoor shells are often used to expand that foothold and create a persistent presence within the targeted perimeter.
2. HWP document
A file with the HWP file extension is a Hangul Word Processor file or sometimes called a Hanword Document file. This file format was created by the South Korean company Hancom.
HWP files are similar to MS Word's DOCX files, except that they can contain Korean written language, making it one of the standard document formats used by the South Korean government.
First off, IceFog clearly demonstrates how customized and targeted cyber-attacks have become over the past few years. For example, the IceFog group exploited a vulnerability in HWP document files, which are used by Hangul word processor. This distinct word processing application is used mainly in South Korea, Japan and Taiwan, making this targeted attack all that more specific and customized.
Curiously, the attackers have also developed a “Hit&Run” attack method of action, which enables them to perform the assault swiftly with a target in mind, basing their operation on mission intelligence collected by the attackers regarding the network locations and specific users. This method again exemplifies how targeted these attacks have become – not just regarding the victim, but also regarding the specific information that the attackers seek to obtain.
3.Phishing definition
Phishing is a cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment.
What really distinguishes phishing is the form the message takes: the attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with. It's one of the oldest types of cyberattacks, dating back to the 1990s, and it's still one of the most widespread and pernicious, with phishing messages and techniques becoming increasingly sophisticated.
Do'stlaringiz bilan baham: |