Cyber Attacks: Classifications & Taxonomies

The purpose of the Cyber Attacks section is to provide a general overview regarding cyber attacks, and to show some pragmatic ways to classify them and organize them via taxonomies.
What is a cyber attack?
cyber attack: An offensive action by a malicious actor that is intended to undermine the functions of networked computers and their related resources, including unauthorized access, unapproved changes, and malicious destruction. Examples of cyber attacks include Distributed Denial of Service (DDoS) and Man-in-the-Middle (MITM) attacks.

The terms cyber attack, cyber threat, and cyber risk are interrelated as follows. A cyber attack is an offensive action, whereas a cyber threat is the possibility that a particular attack may occur, and the cyber risk associated with the subject threat estimates the probability of potential losses that may result.

For example, a Distributed Denial of Service (DDoS) cyber attack by a botnet is a cyber threat for many enterprises with online retail websites, where the associated cyber risk is a function of lost revenues due to website downtime and the probability that a DDoS cyber attack will occur.

For further information about related cybersecurity terms check out the Cybersecurity FAQ.

Hence, that general is skillful in attack whose opponent does not know what to defend; and he is skillful in defense whose opponent does not know what to attack.Sun Tzu

Cyber Attack Classification

Cyber attacks may be classified by Actor (responsible agent) and Attack Effect Equivalency (comparable consequence) as show in the following table.

Classification

Actor

Attack Effect
Equivalency

Cyber Attack
[generic]
TBD
TBD
Cyber Warfare
[includes Cyber Espionage, Cyber Sabotage]
State
[nation]
war act
Cyber Crime
Non-State
(individual/organization)
criminal act
Cyber Terrorism
Non-State
(individual/organization)
terrorism act
Coarse Grained Cyber Attack Classification via Actor & Effect

Malware Taxonomy

Malware Type

Requires Host File to Infect?

Self-Spreading?

Appears legitimate (harmless)?

Can Carry Harmful Payload?

Can Commo with Command & Control Server?

Can Attack OS Kernel & Firmware?

Virus
N/A
N/A
Worm
N/A
N/A
Trojan
N/A
Bots/Botnet
N/A
N/A
N/A
Spyware
N/A
Rootkit
N/A
N/A
N/A
N/A

Cyber Attack Mechanism Taxonomy


Description:
See FAQ: What is Malware? for a comprehensive explanation of definition of malware including common examples.
Targets: Ubiquitous: Large enterprises, Small-Medium Businesses (SMBs), home and mobile computer/phone users.
Countermeasures: Common malware remedies for SMBs and home computer users include, but are not limited to, firewalls, anti-virus software, anti-spam software, and practicing good Cyber hygiene habits. Remedies for larger enterprises include all the above as well as specialized anti-malware software and rigorous Penetration Testing.

Description:
Malware is an umbrella term derived from "malicious software", and refers to any software that is intrusive (unauthorized access), disruptive, or destructive to computer systems and networks. Malware may take many forms (executable code, data files) and includes, but is not limited to, computer viruses, worms, trojan horses (trojans), bots (botnets), spyware (system monitors, adware, tracking cookies), rogueware (scareware, ransomware), and other malicious programs. The majority of active malware threats are usually worms or trojans rather than viruses.
Targets: Ubiquitous: Large enterprises, Small-Medium Businesses (SMBs), home and mobile computer/phone users.
Countermeasures: Common malware remedies for SMBs and home computer users include, but are not limited to, firewalls, anti-virus software, anti-spam software, and practicing good Cyber hygiene habits. Remedies for larger enterprises include all the above as well as specialized anti-malware software and rigorous Penetration Testing.
Description: A computer virus (virus) is a malware program that replicates itself by inserting a copy of itself, possibly mutated, to a program or data file on a host computer without the user's explicit consent. When the virus successfully inserts a copy of itself into a computer host, the target computer host is considered to be infected by the virus. The computer virus's replication behavior is analogous to how a biological virus propagates, hence the shared terminology.

Viruses often carry harmful payloads which disrupt or damage infected hosts by various means, such as consuming computer resources (processing cycles, storage space), corrupting data, logging keystrokes, accessing private information, etc. However, not all viruses carry harmful payloads; some viruses may be benign (i.e., replicate without permission, but do no obvious harm).

For example, you could propagate a spreadsheet virus with a data corruption payload by attaching an infected spreadsheet data file to an email, or providing a download link to the infected data file. When the recipient of your email opens the attached infected data file, or someone downloads your infected data file, the virus inserts itself and executes its harmful payload, in this case corrupting data on the recipient computer host.

In general, computer viruses are passively propagated; i.e., users need to pass them along by disk transfers and email attachments. This is in contrast to Computer Worms, which are capable of more aggressive self-propagation (e.g., they can spread themselves via email).
Targets: Ubiquitous: Large enterprises, Small-Medium Businesses (SMBs), and personal computers. Mobile computer/tablet/smartphone users are also potential targets.
Countermeasures: Anti-Virus software specializes in computer virus removal. Extreme infections may require and wiping storage disks and Operating System (OS) reinstallation.
See also: Computer Worm, Trojan Horse.
Compare & contrast: Computer Worm, which replicates like a virus but propagates more aggressively.
Description: A computer worm (worm) is a kind of malware computer program that independently replicates and propagates itself on infected host computers. Since worms can independently propagate, they typically spread faster than other malware, such as viruses. Worms commonly propagate via email, but other network protocols may also be used.
Targets: Ubiquitous: Large enterprises, Small-Medium Businesses (SMBs), and personal computers. Mobile computer/tablet/smartphone users are also potential targets.
Countermeasures: Most quality Anti-Virus software will also facilitate computer worm removal. Extreme infections may require and wiping storage disks and Operating System (OS) reinstallation.
Further details to be provided… Contact us and let us know if you find this website useful and are eager for this section to be completed.
Description: Spyware is malware that facilitates information gathering on a networked computer without the user's knowledge or consent, and sends the subject information to another networked computer. Spyware is commonly classified into several types: system monitors, adware, and web tracking cookies. Common uses for spyware include, general monitoring of computer activities, serving targeted ads to users, tracking user web surfing habits.

The presence of Spyware is typically hidden from the user and is usually difficult to detect. Some Spyware is installed by corporations to ensure that workers are working diligently and securely, and may not be considered malicious per se. (At least it's not considered malicious by the corporate systems administrators who install it; corporate computer users may have a different view of the matter.)
Targets: Ubiquitous: Large enterprises, Small-Medium Businesses (SMBs), home and mobile computer/phone users.
Countermeasures: In addition to generic Anti-Virus software, Anti-Spyware specializes in Spyware removal, and Anti-Adware further specializes in Adware removal. Extreme infections may require and wiping storage disks and Operating System (OS) reinstallation.
Further details to be provided… Contact us and let us know if you find this website useful and are eager for this section to be completed.
Further details to be provided… Contact us and let us know if you find this website useful and are eager for this section to be completed.
Further details to be provided… Contact us and let us know if you find this website useful and are eager for this section to be completed.
Further details to be provided… Contact us and let us know if you find this website useful and are eager for this section to be completed.
Further details to be provided… Contact us and let us know if you find this website useful and are eager for this section to be completed.
Description: An exploit is a generic term for computer programs that takes advantage of (i.e., exploits) computer software flaws or bugs to cause unintended and potentially harmful behavior to occur on the target computer. Exploits may include, but are not limited to, gaining control of a computer or preventing access to a computer server (as in a Denial of Service type attack). Programming code from exploits is frequently reused in Computer Viruses, Worms, Trojans, and other kinds of Malware.
Targets: Ubiquitous: Large enterprises, Small-Medium Businesses (SMBs), home and mobile computer/phone users.
Countermeasures: Aggressive application of Operating System (OS) and application patches (updates) to ensure that all known OS and application bugs have been fixed.
Further details to be provided… Contact us and let us know if you find this website useful and are eager for this section to be completed.

Cyber Attacks - Other Resources

  • Infamous Cyber Attacks
  • Other Cyber Attack Resources
Tab 1
Tab 2

Please contact us regarding any additions or corrections to be made to this page.

CYBERSECURITY FORUM and CyberSecurityForum.com are trademarks of PivotPoint Technology Corporation. All other product and service names mentioned are the trademarks of their respective companies.