Cyber Attacks

Espionage (Leslie)
1. Technology
  1. Spyware
  2. Malware
  3. Adware
  4. Phishing
  5. Botnet
  6. Logger
    1. Keystroke
    2. Monitor
  7. Wi-fi Tools
    1. Using localized networks
    2. Using Mobile tech
    3. Using tablets
  8. Software
    1. Updates
    2. Customized Scripts
    3. Loaded externally
  9. Hacking
  10. Trojans
2. Methods
  1. Email
    1. PDF attachments
    2. Meeting Requests with Attachments
    3. DOC attachments
    4. Picture attachments
    5. Software updates
  2. USB/external devices
  3. Employees
  4. Contractors/Consultants
  5. Outsiders with Access
  6. Peer-to-Peer networks
Cyber Terrorism (Joe)
1. Methods
  1. Sabotage
    1. Internal
      1. Planting a Mole
      2. Disgruntled Employee
    2. External
      1. Activists
      2. Terrorist Groups
      3. State Actors
  2. Website Defacement
    1. Send Message
    2. Publicity
  3. Denial of Service
    1. Deter Communication
    2. Suspend System Activity (permanently or temporarily)
2. Technology
  1. Wired
    1. Internet
      1. Exploiting Defaults
      2. Faulty IIS (Internet Information Service)
      3. Data Mining
      4. Authorization Bypass
    2. Software
      1. Trojan Horse
      2. Virus
      3. Worm
    3. Hardware
    4. Stealing Password
      1. Dictionary Attacks
      2. Hybrid Attacks
      3. Brute Force Attacks
    5. Email
      1. Man-in-the-Middle
      2. Phishing
      3. DNS hijacking
      4. URL manipulation
  2. Wireless
    1. Eavesdropping
    2. Interference
    3. Packet Sniffing
Cyber Identity Theft (Laura)
1. Technology
  1. Malware
    1. Trojans
    2. Spyware
    3. Worms
    4. Bots
      1. Botnets
    5. Rootkits
    6. Viruses
  2. Exploit tools and kits
    1. ZeuS
  3. Email harvesters
2. Precedents
  1. Bluetooth-enabled devices planted at gas pumps to read credit card details
  2. Data breaches at large companies (TJ Maxx, Heartland, ...)
  3. Pharmamed.php (email harvesting)
  4. Bluesnarfing, bluebugging, HeloMoto
3. Methods
  1. Computers
    1. Hacking
      1. War-driving
      2. Eavesdropping
      3. Password-based attacks
      4. Compromised-key attacks
      5. Man-in-the-middle attacks
      6. Sniffers
    2. Physical acquisition
      1. Stealing devices
      2. Acquiring improperly disposed-of device
    3. Phishing
      1. Pharming
    4. Mass rebellion
      1. P2P services
    5. Disclosure by employees
      1. Disgruntled employees
      2. Bribery
      3. Unintentional disclosure
    6. Posing
      1. Scam within a scam
      2. Posing as authority, mass-emailing victims of past identity theft
      3. Spoofing
      4. Pranking
      5. Registering another person for a dating site, for example
  2. Mobile devices
    1. Hacking
      1. War-dialing
      2. Eavesdropping
      3. Password-based attacks
      4. Sniffers
      5. Bluebugging and bluesnarfing
    2. Phishing
      1. Smishing
    3. Disclosure by employees
      1. Disgruntled employees
      2. Bribery
      3. Unintentional disclosure
    4. Physical acquisition
      1. Stealing devices
      2. Acquiring improperly disposed-of device
    5. Direct observation
      1. Looking over the user's shoulder
      2. Camera/video capabilities on devices
  3. ATM skimming
4. Predictions (2011)
  1. Exploitation of mobile GPS location information
  2. More attacks on social networking sites
  3. Increase in "mixed threats" (email, Web, social media)