A leapfrog attack in the IT world is a situation where hackers or others obtain passwords or ID information in an initial attack, in order to use it in another, separate attack.
The use of the word "leapfrog" is accurate because hackers build on the information that they have obtained to mount other attacks, usually with higher stakes, or on more secure or complex systems.
There are many different kinds of leapfrog attacks, in which hackers can get information to use in future attacks. They may use strategies known as phishing in order to get the initial information, where a false interface or other trick funnels user information to them, or they may hack into a database or other technology within a network.
As a concrete example of a leapfrog attack, security company Symantec has revealed that hackers are using something they call a "weakest link attack," which can also be called a "waterhole attack," where fraudulent parties are first compromising the assets of small businesses in order to attack larger businesses. Experts explain that the smaller businesses often have lower levels of security because they don't expect to be targeted as much as their larger clients do. Hackers can get some initial information from the small business in order to attack the larger business directly.
0 Comments