Attack taxonomy
Attack taxonomy
Attack taxonomy definition
Attack taxonomy is a systematic categorization of cyber attacks based on their characteristics, techniques, goals, or targets.
Attack taxonomies evolve as new attack methods emerge. They serve as a foundation for incident response, vulnerability management, and security awareness programs, enabling organizations to better understand and prioritize their security defenses based on the prevalent attack vectors.
See also: Cross-site request forgery, SQL injection, buffer overflow attack, zero day, social engineering, privilege escalation, kernel, eavesdropping, smishing, data exfiltration, dumpster diving attack
Examples of attack taxonomies
Attack taxonomies vary depending on the context and the organization using them. Here is a general overview of common categories:
- Network-based attacks
- Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks
- Man-in-the-middle (MITM) attacks
- Network scanning and reconnaissance
- Packet sniffing and eavesdropping
- Malware-based attacks
- Viruses, worms, and Trojans
- Ransomware attacks
- Botnets and command-and-control (C&C) attacks
- Rootkits and backdoors
- Web-based attacks
- Cross-site scripting (XSS)
- SQL injection
- Cross-site request forgery (CSRF)
- Phishing and social engineering
- Attacks targeting operating systems
- Buffer overflow attacks
- Privilege escalation attacks
- Kernel-level attacks
- Zero-day exploits
- Wireless and mobile attacks
- Wi-Fi eavesdropping and spoofing
- Mobile malware
- SMS phishing (smishing)
- Bluetooth attacks
- Insider attacks
- Unauthorized access
- Data theft or exfiltration
- Sabotage or intentional damage
- Unauthorized use of privileges or access
- Physical attacks
- Physical theft of devices or assets
- Tampering with hardware or equipment
- Dumpster diving
- Physical security bypass
- Social engineering
- Phishing, vishing, smishing
- Pretexting and impersonation
- Baiting and tailgating
- Scareware and fake alerts