Hedgehog Security
Cyber Attack Database2022-08-07T07:47:01+01:00

Cyber Attack Database

Our Cyber Attack Database

Our Cyber Attack Database, providing information on different types of attack, the risks posed, and how best to defend against them.

The Cyber Attack Database

Account Takeover

Account takeover is considered one of the more harmful and nefarious ways to access a user’s account. The attacker typically poses as a genuine customer, user or employee, eventually gaining entry to the accounts of the individual they’re impersonating.

Advanced Persistent Threat

An advanced persistent threat (APT) is a highly advanced, covert threat on a computer system or network where an unauthorized user manages to break in, avoid detection and obtain information for business or political motives.


A backdoor is a malware type that negates normal authentication procedures to access a system.

Brute Force Attack

A brute force attack aims to take your personal information, specifically your username and password, by using a trial-and-error approach.

Business Invoice Fraud

Business invoice fraud attempts to trick you into paying out on a fraudulent (but convincing) invoice or bill addressed to your organisation

Command and Control

Command and Control explained. Command and control attack is when a hacker takes over a computer in order to send commands or malware to other systems on the network.

Compromised Credentials

Compromised Credentials, a password, key or other identifier that’s been discovered and can be used by a threat actor to gain unauthorized access to information and resources, and can range from a single account to an entire database.

Credential Reuse Attack

Most users have tens (if not hundreds) of accounts, and are tasked with remembering countless passwords that meet all sorts of stringent requirements.

Credential Stuffing

Credential stuffing attacks is where criminals will use stolen account credentials to access additional accounts by automating thousands or millions of login requests directed against your web application.

Cross-site request forgery CSRF

Cross-site request forgery (CSRF): CSRFs occur when an attacker tricks or forces an end user to execute unwanted actions on an application in which they are already authenticated. This might be executed through a link via email or chat and, if successful, can result in a transfer of funds or change in email address, for example.

Cross-Site Scripting

Cross-Site Scripting Explained. XSS is when an attacker uses a web application to send malicious code to a different end user.

Cryptomining Attack

Cryptomining Attacks use compromised systems to increase a criminals network of resourced that are used to mine cryptocurrency.

DDoS Attack

A DDoS attack is an attempt by criminals to take down websites, slow down and crash the target servers and make online service unavailable using multiple sources.

Lateral Movement

Lateral movement is a technique that adversaries use, after compromising an endpoint, to extend access to other hosts or applications in an organization.

Local file inclusion

Local file inclusion is where the attacker tricks the web application into exposing or running its files on the web server.


Malware Explained. Malware is a program or code that is created to do intentional harm to a computer, network, or server.

Pass the Hash

A Pass the Hash attack is a technique whereby an attacker captures a password hash (as opposed to the password characters) and then simply passes it through for authentication and potentially lateral access to other networked systems

Path Traversal

This attack, also known as directory traversal, allows the bad actor to manipulate paths to folders outside the web root folder, which can then be used to access web application files, directories and commands.

Port Scanning

Port scanning is a method of determining which ports on a network are open and could be receiving or sending data.

Remote file inclusion

Remote file inclusion (RFI) is an attack targeting vulnerabilities in web applications that dynamically reference external scripts.


Smishing is a type of fraud that happens through text. Scammers impersonate organizations to steal your personal information or money often by sending links designed to download malware to your device.

Social Engineering

Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.

SQL Injection

SQL Injection attack explained. SQL Injection attack explained. SQL injection is a type of injection attack used to attack databases using malicious SQL statements.

XML external entity attack

XML external entity attack is a common web-based security vulnerability that enables an attacker to interfere with the processing of XML data within a web application.

Go to Top