Page 232 - CA Final Audit Titanium Full Book. (With Cover Pages)
P. 232
CA Ravi Taori
Common Cyber-attacks: The most common types of cyber-attacks include unauthorized access, data theft,
exposure, alteration, disabling, or destruction.
Malware
Malware: Malware is software designed to harm computers or networks, and includes types like ransomware,
trojans, and viruses.
Types of Malwares
(Shortcut: Ransomware & Trojan in Mutual Funds)
Ransomware: Ransomware encrypts a victim's data, demanding payment for decryption. It's often spread
through phishing emails, unpatched vulnerabilities, and misconfigurations.
Trojan: A trojan is malware disguised as legitimate software or files, often installed via techniques like phishing
or bait websites.
Mobile Malware Mobile malware targets mobile devices and is spread through malicious downloads, OS
vulnerabilities, phishing, smishing, and unsecured Wi-Fi.
Fileless Malware: Fileless malware exploits legitimate system tools for cyberattacks without installing code,
making it harder to detect than traditional malware.
Denial-of-Service (DoS) Attacks:
A Denial-of-Service (DoS) attack floods a network with false requests, disrupting access to services like email and
websites. While usually not causing data loss, DoS attacks cost time, money, and resources to resolve.
Phishing:
(Shortcut Scammer Saw Victims Wallet)
Phishing is a cyberattack using email, SMS, phone, or social media to trick victims into sharing sensitive
information or downloading malicious files, leading to potential viruses on their devices.
Spear Phishing
Spear-phishing is a targeted phishing attack via malicious emails aiming to steal specific individuals' or
organizations' sensitive information or infect their devices with malware.
Smishing
Smishing is a scam involving text messages posing as reputable companies to trick individuals into revealing
personal information like passwords or credit card numbers.
Vishing
Vishing is a voice phishing tactic where fraudsters use phone calls and voice messages, posing as trusted entities,
to trick people into sharing private details like bank information and passwords.
Whaling
A whaling attack targets senior or C-level executives to steal money, information, or access their computer for
additional cyberattacks.
Spoofing:
Spoofing involves cybercriminals disguising as trusted sources to access systems, aiming to steal information,
extort money, or install malware.
Types of Spoofing:
Domain spoofing: Domain spoofing is a phishing tactic where attackers mimic legitimate websites or email
domains to deceive users. While they seem authentic initially, subtle discrepancies exist upon closer inspection.
Email spoofing: Email spoofing is a cyberattack where emails have forged sender addresses to deceive recipients,
making them more likely to engage with malicious links or attachments.
Identity-Based Attacks:
When a user's credentials are compromised, adversaries can impersonate them. For instance, using the same ID
and password on multiple accounts can lead to access to unrelated accounts when one is breached.
www.auditguru.in 12.7