background preloader

Sharkstriker

Facebook Twitter

SharkStriker provides MDR, XDR, Penetration Testing, and Host of Managed Security Services using the sharkstriker Platform Follow:

Top 10 most common types of cyber attacks. Introduction Let’s all agree that the year 2023 has been a rollercoaster ride. We have witnessed some dangerous cyberattacks that have brought the world on their toes. Attacks like the one carried out in multiple countries by the notorious Russian group Clop called MOVEIt. It has impacted supply chain networks at large. This year we have also witnessed some of the biggest data breaches like the T-Mobile one that impacted more than 37 million people worldwide. We will look at some of the common cyber attacks of 2023. What is a cyber attack and how it works? A cyber attack is an attempt to intentionally steal, alter or destroy data sensitive to a business.

The nature and gravity of a cyber attack is dependent on the nature and cause of a cyber attacker. Now let us explore some of the common cyber attacks of all time. Top 10 most common types of cyber attacks 1. A phishing attack is like real-world fishing where the fisherman uses bait to lure the fish. Spear phishing Whaling Smishing Vishing 2. 3. Phishing vs Spamming: what is the difference? So you are working on a busy Monday and receive an email from someone in the HR department saying you need to update your information by accessing a link. What would you do? You would probably think it is a genuine email from a trusted source given it has your organization’s name init. The next thing you know, all the information you provided got stolen by a cybercriminal who would use it further to access your mail and sell information on the dark web for other criminals to exploit.

You just became a victim of phishing. It is one of the oldest social engineering-based attacks. What is Phishing? First, let us understand what phishing is. Phishing is a social engineering attack usually done through emails and text messaging. Phishing is not new. With AI assistants like ChatGPT, phishing has become one of the most dangerous threats to the cyber world since it has assisted non-English speaking, new attackers to engage in sophisticated phishing attacks. This points us toward spear phishing. Vulnerability Assessment & Pen testing services | SharkStriker. What is the difference between VA and PT? Vulnerability assessment is basically an information security process that is performed by a team of experts both manually and automatically to gauge and categorize systems’ vulnerability and gaps in a network.

Whereas penetration testing is an authorized offensive attack on a network’s systems to know the strength of their security. What is a VAPT? VAPT is a set of offensive techniques deployed to gauge the vulnerabilities and threats lying active and dormant in the systems of an organization’s network. It is a combination of vulnerability assessment and penetration testing.

Is VAPT mandatory for ISO 27001? Yes as per one requirement of ISO27001 which is A.12.6.1 Annex A of ISO/IEC 27001:2013 – an organization is required to prevent potential vulnerabilities from being exploited. What are the types of VAPT? What is the VAPT process? There is a systematic approach that we undertake while performing a VAPT run. What is the difference between VA and PT? ChatGPT: A Dream or a nightmare? (A comment from a cybersecurity POV) Blog Post how do you proactively prepare a response to cyberattacks. Cisco hack: Threat Actors get through successful Social Engineering Techniques. Summary Lately, one of the employees from networking giant Cisco became leverage for attackers for a successful social engineering attack after an attacker gained control of a personal google account of the victim where credentials were being synchronized from his browser, compromising the credentials of Cisco’s employee.

Under the guise of various trusted organizations, the attacker conducted a series of voice phishing attacks to convince the victim to accept the push notifications for multi-factor authentication (MFA). The attacker also conducted a series of actions where he tried to establish persistence and minimize forensic artifacts in the system by executing various commands and techniques. This attack conducted by an adversary was identified previously as an initial access broker (IAB) with ties to the UNC2447 cybercrime gang, Lapsus$ threat actor group, and Yanluowang ransomware operators.

For particulars, keep reading the blog. Attack Vectors TTP’s reg save hklm\system system. Managed Detection and Response (MDR) Services.