Versions Compared

Old Version 4

changes.mady.by.user David Doret

Saved on

compared with

New Version 5

changes.mady.by.user David Doret

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Class

Definition

Sources

Phishing

Class: Information Gathering

Attempt to gather information on a user or a system through phishing methods.

Including;

  • Mass emailing aimed at collecting data for phishing purposes with regard to the victims (Dissemination of phishing emails: Art. 7 [H], Art. 7 [G])

  • Hosting web sites for phishing purposes (Hosting of phishing sites: Art. 7 [F]

ENISA and Europol EC3, 2017

Login attempt

Class: Intrusion Attempt and Intrusion

Attempt to log in to services or authentication / access control mechanisms.

Including:

  • Unsuccessful login by using sequential credentials for gaining access to the system (Brute-force attempt:, Art. 2, 6 and 11 [A] - Art. 3,7 and 8 [F])

  • Unsuccessful acquisition of access credentials by breaking the protective cryptographic keys. (Password cracking attempt: - Art. 2, 6 and 11 [A] - Art. 3,7 and 8 [F])

  • Unsuccessful login by using system access credentials previously loaded into a dictionary. (Dictionary attack attempt: - Art. 2, 6 and 11 [A] - Art. 3,7 and 8 [F])

ENISA and Europol EC3, 2017

Unauthorised access to a system or component by bypassing an access control system in place.

Class: Intrusion

Type: (Successful) Exploitation of vulnerability

Actual intrusion by exploiting vulnerability in the system, component or network.

Unauthorised access to a system or component by bypassing an access control system in place. (Control system bypass: (Art. 2 [A], Art. 3 and 7 [F])

ENISA and Europol EC3, 2017

Compromising an account

Class: Intrusion

Actual intrusion in a system, component or network by compromising a user or administrator account.

Unauthorised access to a system or component by using stolen access credentials. (Theft of access credentials: Art. 6 [A], Art. 3 and 7 [F])

ENISA and Europol EC3, 2017

Unauthorised access

Class: Information Security

Unauthorised access to a particular set of information

Unauthorised access to a system or component (Unauthorised access to a system: - Art. 2 [A] - Art. 3 and 7 [F])

Unauthorised access to a set of information (Unauthorised access to information: - Art. 2 [A] - Art. 3 and 7 [F] - Art. 5, 6 and 25 [G])

Unauthorised access to and sharing of a specific set of information (Data exfiltration: - Art. 2 [A])

ENISA and Europol EC3, 2017