Threats, Vulnerabilities, and Mitigations

123456789101112131415161718192021222324252627282930313233343536
Across
  1. 2. Often used to refer to someone who breaks into computer systems or spreads viruses. Ethical hackers prefer to think of themselves as experts on and explorers of computer security systems.
  2. 3. A group of hosts or devices that has been infected by a control program called a bot, which enables attackers to exploit the hosts to mount attacks.
  3. 5. A threat actor that is motivated by a social issue or political cause.
  4. 9. Malicious code inserted into an executable file image. The malicious code is executed when the file is run and can deliver a payload, such as attempting to infect other files.
  5. 12. A type of threat actor that is supported by the resources of its host country's military and security services.
  6. 16. A type of attack that falsifies an information resource that is normally trusted by others.
  7. 17. Software that records information about a PC and its users, often installed without the user's consent.
  8. 21. Demanding payment to prevent or halt some type of attack.
  9. 23. An email-based social engineering attack in which the attacker sends email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim.
  10. 24. A type of threat actor that uses hacking and computer fraud for commercial gain.
  11. 25. Malware that creates a backdoor remote administration channel to allow a threat actor to access and control the infected host.
  12. 26. An attack in which an attacker targets specific groups or organizations, discovers which websites they frequent, and injects malicious code into those sites.
  13. 27. bomb A malicious program or script that is set to run under particular circumstances or in response to a defined event.
  14. 30. Malware that tries to extort money from the victim by blocking normal operation of a computer and/or encrypting the victim’s files and demanding payment.
  15. 34. An impersonation attack in which the attacker gains control of an employee's account and uses it to convince other employees to perform fraudulent actions.
  16. 36. A social engineering attack where an attacker pretends to be someone they are not.
Down
  1. 1. Demanding payment to prevent the release of information.
  2. 4. An attack in which an attacker registers a domain name with a common misspelling of an existing domain, so that a user who misspells a URL in a browser is taken to the attacker's website.
  3. 6. A form of phishing that uses SMS text messages to trick a victim into revealing information.
  4. 7. A mechanism for gaining access to a computer that bypasses or subverts the normal method of authentication.
  5. 8. Class of malware that modifies system files, often at the kernel level, to conceal its presence.
  6. 10. A threat actor that causes a vulnerability or exposes an attack vector without malicious intent.
  7. 11. Malicious software or hardware that can record user keystrokes.
  8. 13. A type of malware that replicates between processes in system memory and can spread over client/server network connections.
  9. 14. The process by which an attacker copies data from a private network to an external network.
  10. 15. Computer hardware, software, or services used on a private network without authorization from the system owner.
  11. 18. An attacker's ability to obtain, maintain, and diversify access to network systems using exploits and malware.
  12. 19. A type of attack that redirects users from a legitimate website to a malicious one.
  13. 20. An activity where the goal is to use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines.
  14. 22. A malicious software program hidden within an innocuous-seeming piece of software.
  15. 28. Falsifying records, such as an internal fraud that involves tampering with accounts.
  16. 29. Product life cycle phase where mainstream vendor support is no longer available.
  17. 31. Software that records information about a PC and its user. Adware is used to describe software that the user has acknowledged can record information about their habits.
  18. 32. A human-based attack where the attacker extracts information while speaking over the phone or leveraging IP-based voice messaging services (VoIP).
  19. 33. A social engineering tactic where a team communicates, whether directly or indirectly, a lie or half-truth in order to get someone to believe a falsehood.
  20. 35. The end-to-end process of supplying, manufacturing, distributing, and finally releasing goods and services to a customer.