Security+ Common Attacks Cheat Sheet (SY0-701)

Loading page

Malware types

Malicious software, grouped by how it spreads and what it does.

VirusMalicious code that attaches to a file or program and needs user action to run and spread.
WormSelf-replicates and spreads across networks on its own, with no host file or user action.
TrojanDisguised as legitimate software but carries hidden malicious functionality, often a backdoor.
RansomwareEncrypts the victim's files and demands payment for the decryption key.
SpywareSecretly gathers information about a user and their activity.
KeyloggerRecords keystrokes to capture passwords, messages, and other typed data.
RootkitHides its presence and maintains privileged, often kernel-level, access to the system.
Logic bombDormant code that triggers when a condition, such as a specific date, is met.
Bot / botnetA compromised device under remote control; many together form a botnet used for DDoS or spam.
RATRemote Access Trojan. Gives an attacker full remote control of the infected host.
Fileless malwareRuns in memory using legitimate tools such as PowerShell, leaving little or nothing on disk.

Social engineering

Attacks that manipulate people rather than technology to gain access or information.

PhishingFraudulent email that tricks users into revealing data or clicking a malicious link.
Spear phishingPhishing tailored to a specific individual using personal or work details.
WhalingSpear phishing aimed at senior executives, the high-value targets.
VishingVoice phishing carried out over a phone call.
SmishingPhishing carried out over SMS text messages.
PretextingInventing a believable scenario or persona to extract information.
PharmingRedirecting users from a legitimate site to a fake one, often by poisoning DNS.
BaitingLuring a victim with something enticing, such as a malware-laden USB drive left in a parking lot.
TailgatingFollowing an authorized person through a secure door without authenticating.
Shoulder surfingObserving someone enter credentials or sensitive data nearby.
Dumpster divingRecovering sensitive information from discarded trash or documents.
Watering holeCompromising a website the target group is known to visit so victims infect themselves.
Business email compromiseImpersonating an executive or vendor to authorize fraudulent payments or wire transfers.

Other common attacks

Password, network, and application attacks you should recognize on the exam.

Brute forceSystematically trying every possible password combination until one works.
Password sprayingTrying a few common passwords across many accounts to avoid lockouts.
Credential stuffingReusing username and password pairs leaked from one breach against other sites.
DDoSA distributed denial-of-service floods a target from many hosts until it is unavailable.
On-path (MITM)Secretly intercepting and relaying traffic between two parties who think they are direct.
ReplayCapturing valid data such as a session token and resending it to impersonate the user.
DNS poisoningCorrupting DNS records or cache to redirect users to malicious sites.
SQL injectionInserting crafted SQL into an input so the database runs it, exposing or altering data.
Cross-site scripting (XSS)Injecting scripts into a trusted site so they run in other visitors' browsers.
Privilege escalationExploiting a flaw to gain higher permissions than were originally granted.

Security+ attacks FAQ

What attacks are on the Security+ exam?

SY0-701 covers malware (virus, worm, trojan, ransomware), social engineering (phishing, pretexting, tailgating), and network and application attacks such as DDoS, on-path, SQL injection, and password attacks.

What is the difference between a virus and a worm?

A virus attaches to a file and needs user action to spread, while a worm self-replicates and spreads across networks on its own with no host file or user action.

What is the most common type of social engineering?

Phishing, along with its targeted forms spear phishing and whaling and its channel variants vishing (voice) and smishing (SMS), is the most common.

How do you defend against social engineering?

Security awareness training, verifying requests through a separate channel, multifactor authentication, email filtering, and least privilege all reduce the risk.

Malware types

Social engineering

Other common attacks

Threats are the biggest exam domain

Security+ attacks FAQ