Scribd
Upload
9 views

Ass in It Audits and Control

The document discusses various cybersecurity threats including password attacks, distributed denial of service (DDoS) attacks, man-in-the-middle attacks, social engineering and phishing, and malware. Password attacks aim to compromise user authentication through techniques like brute-force attacks and credential stuffing. DDoS attacks flood servers with internet traffic to deny access to online services. Man-in-the-middle attacks secretly intercept and alter communications between parties who believe they are directly communicating. Social engineering and phishing tricks users into revealing private information under false pretenses. Malware refers to malicious software like viruses, worms, Trojans, ransomware and spyware that can damage systems and steal data.

Uploaded by

Mary Jane Masocol
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
9 views

Ass in It Audits and Control

The document discusses various cybersecurity threats including password attacks, distributed denial of service (DDoS) attacks, man-in-the-middle attacks, social engineering and phishing, and malware. Password attacks aim to compromise user authentication through techniques like brute-force attacks and credential stuffing. DDoS attacks flood servers with internet traffic to deny access to online services. Man-in-the-middle attacks secretly intercept and alter communications between parties who believe they are directly communicating. Social engineering and phishing tricks users into revealing private information under false pretenses. Malware refers to malicious software like viruses, worms, Trojans, ransomware and spyware that can damage systems and steal data.

Uploaded by

Mary Jane Masocol
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Name: Mary Jane Masocol

Subject; IT Audits and Control

ASSIGNMENT IN IT AUDITS AND CONTROL

PASSWORD ATTACK

Password attack is a typical attack vector used to compromise user account


authentication. It's responsible for most data breaches worldwide. Password
breaches have far-reaching repercussions. Examples of password attacks include
brute-force attacks, credential stuffing, and password spraying. Password attacks
involve exploiting a broken authorization vulnerability in the system combined
with automatic password attack tools that speed up the guessing and cracking
passwords. The attacker uses various techniques to access and expose the
credentials of a legitimate user, assuming their identity and privileges. To prevent
password attacks

Enforce strong password policies,attend Organization-wide password security


training,Enable Multifactor Authentication and usse a password manager.

DISTRIBUTED DENIAL OF SERVICE

DDoS Attack means "Distributed Denial-of-Service (DDoS) Attack" and it is a


cybercrime in which the attacker floods a server with internet traffic to prevent
users from accessing connected online services and sites. The primary focus of a
DoS attack is to oversaturate the capacity of a targeted machine, resulting in
denial-of-service to additional requests.

An example of this type of attack is a domain name system amplification attack,


which makes requests to a DNS server using the target's Internet Protocol (IP)
address.
MAN IN MIDDLE ATTACK

A man-in-the-middle attack is a cyberattack where the attacker secretly relays and


possibly alters the communications between two parties who believe that they are
directly communicating with each other, as the attacker has inserted themselves
between the two parties.This exploitation could take many forms, including
eavesdropping, sending fake messages, accessing private accounts, or pushing data
to another malicious party

Seven types of man-in-the-middle attacks includes IP spoofing,DNS spoofing,


HTTPS spoofing,SSL Hijacking, Email Hijacking,Wifi Eavesdropping and
Stealing Browser cookies.

SOCIAL ENGINEERING AND PHISHING

Social engineering is content that tricks visitors into doing something dangerous,
such as revealing confidential information or downloading software. If Google
detects that your website contains social engineering content, the Chrome browser
may display a "Deceptive site ahead" warning when visitors view your site. While
Phishing refers to the site tricks users into revealing their personal information (for
example, passwords, phone numbers, or social security numbers). In this case, the
content pretends to act, or looks and feels, like a trusted entity — for example, a
browser, operating system, bank, or government.

MALWARE

Malware is a short term for malicious software, refers to any intrusive software
developed by cybercriminals or hackers to steal data and damage or destroy
computers and computer systems

security. Types of malware include computer viruses, worms, Trojan horses,


ransomware and spyware. These malicious programs steal, encrypt and delete
sensitive data; alter or hijack core computing functions and monitor end users'
computer activity.

Types of malware include the following:


- Virus is the most common type of malware that can execute itself and spread by
infecting other programs or files.

-Worm can self-replicate without a host program and typically spreads without any
interaction from the malware authors.

-Trojan horse is designed to appear as a legitimate software program to gain access


to a system. Once activated following installation, Trojans can execute their
malicious functions.

-Spyware collects information and data on the device and user, as well as observes
the user's activity without their knowledge.

-Ransomware infects a user's system and encrypts its data. Cybercriminals then
demand a ransom payment from the victim in exchange for decrypting the system's
data.

You might also like