-
What Is a Cyber Attack?
- Threat Overview: Cyber Attacks
- Cyber Attack Types at a Glance
- Global Cyber Attack Trends
- Cyber Attack Taxonomy
- Threat-Actor Landscape
- Attack Lifecycle and Methodologies
- Technical Deep Dives
- Cyber Attack Case Studies
- Tools, Platforms, and Infrastructure
- The Effect of Cyber Attacks
- Detection, Response, and Intelligence
- Emerging Cyber Attack Trends
- Testing and Validation
- Metrics and Continuous Improvement
- Cyber Attack FAQs
-
Dark Web Leak Sites: Key Insights for Security Decision Makers
- Dark Web Leak Sites Explained
- Evolving Extortion Tactics
- The Role of Leak Sites in Ransomware Double Extortion
- Critical Risks Exposed by Data Leak Sites
- Anatomy of a Dark Web Leak Site
- Proactive Defense: How Organizations Can Mitigate Dark Web Leaks
- Dark Web Leak Site FAQs
- What to Do If Your Organization Appears on a Dark Web Leak Site
- Cybercrime: The Underground Economy
-
What Is Cross-Site Scripting (XSS)?
- XSS Explained
- Evolution in Attack Complexity
- Anatomy of a Cross-Site Scripting Attack
- Integration in the Attack Lifecycle
- Widespread Exposure in the Wild
- Cross-Site Scripting Detection and Indicators
- Prevention and Mitigation
- Response and Recovery Post XSS Attack
- Strategic Cross-Site Scripting Risk Perspective
- Cross-Site Scripting FAQs
- What Is a Dictionary Attack?
- What Is a Credential-Based Attack?
-
What Is a Denial of Service (DoS) Attack?
- How Denial-of-Service Attacks Work
- Denial-of-Service in Adversary Campaigns
- Real-World Denial-of-Service Attacks
- Detection and Indicators of Denial-of-Service Attacks
- Prevention and Mitigation of Denial-of-Service Attacks
- Response and Recovery from Denial-of-Service Attacks
- Operationalizing Denial-of-Service Defense
- DoS Attack FAQs
- What Is Hacktivism?
- What is a Payload-Based Signature?
- What Is a DDoS Attack?
-
What Is CSRF (Cross-Site Request Forgery)?
- CSRF Explained
- How Cross-Site Request Forgery Works
- Where CSRF Fits in the Broader Attack Lifecycle
- CSRF in Real-World Exploits
- Detecting CSRF Through Behavioral and Telemetry Signals
- Defending Against Cross-Site Request Forgery
- Responding to a CSRF Incident
- CSRF as a Strategic Business Risk
- Key Priorities for CSRF Defense and Resilience
- Cross-Site Request Forgery FAQs
-
What is a Botnet?
- How Botnets Work
- Why are Botnets Created?
- What are Botnets Used For?
- Types of Botnets
- Signs Your Device May Be in a Botnet
- How to Protect Against Botnets
- Why Botnets Lead to Long-Term Intrusions
- How To Disable a Botnet
- Tools and Techniques for Botnet Defense
- Real-World Examples of Botnets
- Botnet FAQs
- What Is Spear Phishing?
-
What Is Lateral Movement?
- Why Attackers Use Lateral Movement
- How Do Lateral Movement Attacks Work?
- Stages of a Lateral Movement Attack
- Techniques Used in Lateral Movement
- Detection Strategies for Lateral Movement
- Tools to Prevent Lateral Movement
- Best Practices for Defense
- Recent Trends in Lateral Movement Attacks
- Industry-Specific Challenges
- Compliance and Regulatory Requirements
- Financial Impact and ROI Considerations
- Common Mistakes to Avoid
- Lateral Movement FAQs
-
What Is Brute Force?
- How Brute Force Functions as a Threat
- How Brute Force Works in Practice
- Brute Force in Multistage Attack Campaigns
- Real-World Brute Force Campaigns and Outcomes
- Detection Patterns in Brute Force Attacks
- Practical Defense Against Brute Force Attacks
- Response and Recovery After a Brute Force Incident
- Brute Force Attack FAQs
- What is a Command and Control Attack?
- What Is an Advanced Persistent Threat?
- What is an Exploit Kit?
- What Is Credential Stuffing?
- What Is Smishing?
-
What is Social Engineering?
- The Role of Human Psychology in Social Engineering
- How Has Social Engineering Evolved?
- How Does Social Engineering Work?
- Phishing vs Social Engineering
- What is BEC (Business Email Compromise)?
- Notable Social Engineering Incidents
- Social Engineering Prevention
- Consequences of Social Engineering
- Social Engineering FAQs
-
What Is a Honeypot?
- Threat Overview: Honeypot
- Honeypot Exploitation and Manipulation Techniques
- Positioning Honeypots in the Adversary Kill Chain
- Honeypots in Practice: Breaches, Deception, and Blowback
- Detecting Honeypot Manipulation and Adversary Tactics
- Safeguards Against Honeypot Abuse and Exposure
- Responding to Honeypot Exploitation or Compromise
- Honeypot FAQs
- What Is Password Spraying?
-
What Is a Zero-Day Attack? Risks, Examples, and Prevention
- Zero-Day Attacks Explained
- Zero-Day Vulnerability vs. Zero-Day Attack vs. CVE
- How Zero-Day Exploits Work
- Common Zero-Day Attack Vectors
- Why Zero-Day Attacks Are So Effective and Their Consequences
- How to Prevent and Mitigate Zero-Day Attacks
- The Role of AI in Zero-Day Defense
- Real-World Examples of Zero-Day Attacks
- Zero-Day Attacks FAQs
- How to Break the Cyber Attack Lifecycle
-
What Is Phishing?
- Phishing Explained
- The Evolution of Phishing
- The Anatomy of a Phishing Attack
- Why Phishing Is Difficult to Detect
- Types of Phishing
- Phishing Adversaries and Motives
- The Psychology of Exploitation
- Lessons from Phishing Incidents
- Building a Modern Security Stack Against Phishing
- Building Organizational Immunity
- Phishing FAQ
- What Is a Rootkit?
- Browser Cryptocurrency Mining
- What Is Pretexting?
- What Is Cryptojacking?
What is Spyware?
Spyware is a type of malware (or “malicious software”) that collects and shares information about a computer or network without the user’s consent. It can be installed as a hidden component of genuine software packages or via traditional malware vectors such as deceptive ads, websites, email, instant messages, as well as direct file-sharing connections. Unlike other types of malware, spyware is heavily used not only by criminal organizations, but also by unscrupulous advertisers and companies who use spyware to collect market data from users without their consent. Regardless of its source, spyware runs hidden from the user and is often difficult to detect, but can lead to symptoms such as degraded system performance and a high frequency of unwanted behavior (pop-ups, rerouted browser homepage, search results, etc.).
Spyware is also notable for its networking capabilities. Using an infected system to find information is of little value if the spyware can’t deliver that information back to the attacker. As a result, spyware employs a variety of techniques to communicate back to an attacker in a way that will not cause suspicion or generate attention from network security teams.
As a tool for advertising, spyware is used to collect and sell user information to interested advertisers or other interested parties. Spyware can collect almost any type of data including web browsing habits and download activity. Perhaps the greatest concern related to spyware is that—regardless of whether it’s presence detectable or not—the user has neither any idea of what information is being captured, sent away, or used, nor any mechanism or technology for finding out.
Spyware can use keyloggers to obtain personal details such as the user’s name, address, passwords, bank and credit information, and social security information. It can scan files onto the system’s hard drive, snoop other applications, install additional spyware, read cookies and modify the system’s internet settings and dynamically linked libraries (DLL). This can result in lowered security settings (to invite in more malware), and malfunctions on the Internet and computer varying from numerous pop-up advertisements, whether on or offline, to connectivity failures sourced deep in the Internet settings of the system. Many of these changes are difficult to reverse or recover from without reimaging the affected device.
In addition to the stated threats that spyware poses to infected computers, it can also be a major consumer of system resources, often hogging up processor power, RAM, disks, and network traffic. The resulting performance degradation can lead to crashes or general system instability. Some spyware even disable or eliminate competing spyware programs, and can detect and intercept the user’s attempts to remove it.
Spyware can be prevented through a combination of endpoint and network security controls. Antispyware features are often integrated into modern antivirus software products that provide protection at the endpoint. Given the need for spyware to communicate over the network, spyware is also increasingly being controlled at the network security layer, where spyware communications can be detected and blocked. Additionally, drive-by download protections can be enforced at the end-point by using the browser’s pop-up blocker as well as via next-generation network controls that prevent the download of files without the user’s consent. Lastly, it is important to monitor and validate which software components, plug-ins and services are allowed to run on a device as well as on the network; if the software is not recognizable or there is no specific reason to trust it, it is safer not to accept it until conducting further research.
