×

Irish Information Security Forum

Information Security Reference

 

Backdoors

Backdoors allow remote access to computers or systems without users’ knowledge.

 

Formjacking

Formjacking is the process of inserting malicious JavaScript code into online payment forms to harvest customers’ card details.

 

Cryptojacking

Cryptojacking is the malicious installation of cryptocurrency mining – or ‘cryptomining’ – software. This software illicitly harnesses the victim’s processing power to mine for cryptocurrency.

 

DDoS attacks

DDoS (distributed denial-of-service) attacks attempt to disrupt normal web traffic and take targeted websites offline by flooding systems, servers or networks with more requests than they can handle, causing them to crash. more

 

DNS poisoning attacks

DNS (domain name system) poisoning attacks compromise DNS to redirect traffic to malicious sites. Affected sites are not ‘hacked’ themselves.

 

Malware

Malware is a broad term used to describe any file or program intended to harm or disrupt a computer. more

 

Botnets

Botnets are large networks of compromised computers, whose processing power is used without the user’s knowledge to carry out criminal activity. This can include distributing spam or phishing emails or carrying out DDoS attacks.

 

Drive-by downloads

Drive-by downloads install malware when victims visit a compromised or malicious website. They don’t rely on unsuspecting users taking action, such as clicking malicious email attachments or links, to infect them.

 

Exploits and exploit kits

An exploit is a piece of malicious code that can compromise a security vulnerability. Many have been developed by the security services. For instance, in 2017 the WannaCry ransomware spread using an exploit known as EternalBlue. This exploit had been created by and stolen from the US National Security Agency. Exploit kits are collections of multiple exploits. Available for rent on the dark web, they enable unskilled criminals to automate attacks on known vulnerabilities.

 

MITM attacks

A MITM (man-in-the-middle) attack occurs when a criminal hacker inserts themselves between a device and a server to intercept communications that can then be read and/or altered.

MITM attacks often happen when a user logs on to an insecure public Wi-Fi network. Attackers can insert themselves between a visitor’s device and the network. The user will then unknowingly pass information through the attacker.

 

Phishing attacks

Phishing is a method of social engineering used to trick people into divulging sensitive or confidential information, often via email. Not always easy to distinguish from genuine messages, these scams can inflict enormous damage on organisations. more

 

Social engineering

Social engineering is used to deceive and manipulate victims to obtain information or gain access to their computer.

This is achieved by tricking users into clicking malicious links or by physically gaining access to a computer through deception. more

 

SQL injection

A SQL (Structured Query Language) injection occurs when an attacker inserts malicious code into a server that uses SQL. SQL injections are only successful when a security vulnerability exists in an application’s software. Successful SQL attacks will force a server to provide access to or modify data.

Contact IISF

 

IISF Logo
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

C/O David Cahill

An Post

Information Security
GPO, 1-117
D01 F5P2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

secured by edgescan digital security radar

© iiSf. All rights reserved. CRN: 3400036GH  - Privacy Statement  - ISRef  - Sponsorship  - Produced by
LinkedIn Twitter