Online Business Banking Attack Tree Example

The end result of not taking care of your business passwords and cyber-security management is lost revenue from downtime, stolen valuable data, or even an online attack in the example below.

  • End Result -> Transfer $ money out of Account
    • Obtain Online Access to Account
      • Guess ID and Password
        • Guess Password (Dictionary Attack)
          • Guess ID
          • Guess Password
        • Brute Force Attack
          • Guess ID
          • Brute Force Password
      • Steal ID and Password
        • Social Engineering
          • Phising Attack
          • Obtain via Phone call with User
          • Shoulder surfing
        • Man in the Middle Attack
          • Evil twin (wireless)
          • On Network
        • Buy ID/Password Set
          • From Organized Crime
          • From insider
        • Trojan
    • Hijack Bank Server (unlikely)
      • Inside attack
      • Outside attack
    • Initiate Transfer via Debit Card
      • Obtain Debit Card
      • Obtain Pin
      • Access Transfer Network