Professional Documents
Culture Documents
Cyber attacks can target a wide range of victims from individual users to
enterprises or even governments. When targeting businesses or other
organizations, the hacker’s goal is usually to access sensitive and valuable
company resources, such as intellectual property (IP), customer data or payment
details.
1. Ransomware
Ransomware is a type of malware that denies legitimate users access to their
system and requires a payment, or ransom, to regain access. A ransomware
attack is designed to exploit system vulnerabilities and access the network. Once
a system is infected, ransomware allows hackers to either block access to the
hard drive or encrypt files.
Unfortunately for targets, ransomware attacks also tend to be among the more
high-profile cybersecurity events, resulting in negative publicity and
reputational harm. For example, in May 2021, the Colonial Pipeline, which
supplies gasoline and jet fuel to the southeastern U.S., was the target of a
ransomware attack by the criminal hacking group DarkSide. Service was
temporarily disrupted, which impacted gas and fuel supply throughout the
region. While Colonial Pipeline paid the ransom, which totaled $4.4 billion, the
network operated very slowly.
2. Malware
To learn more about how to protect against such attacks, please see our
related video and infographic .
Another growing trend is the use of Malware as a Service (MaaS) for carrying
out cyberattacks. In a MaaS model, hackers are hired to conduct ransomware
attacks on behalf of a third-party. This model allows anyone who wishes to
carry out a cyberattack to do so, even if they lack the technical skills or
experience.
In a DoS attack, users are unable to perform routine and necessary tasks, such as
accessing email, websites, online accounts or other resources that are operated
by a compromised computer or network. While most DoS attacks do not result
in lost data and are typically resolved without paying a ransom, they cost the
organization time, money and other resources in order to restore critical
business operations.
The difference between DoS and Distributed Denial of Service (DDoS) attacks
has to do with the origin of the attack. DoS attacks originate from just one
system while DDoS attacks are launched from multiple systems. DDoS attacks
are faster and harder to block than DOS attacks because multiple systems must
be identified and neutralized to halt the attack.
In 2018, the FBI shut down the largest DDoS-for-hire site on the dark web,
which led to a dip in DDoS attacks. However, numbers are now once again on
the rise. [According to recent research , DDoS attacks increased by 151% in the
first half of 2020.]
Part of the reason for this trend is the explosion of connected devices and
Internet of Things (IoT) technology. Unlike traditional endpoints, like
computers and smartphones, most IoT devices have relatively lax security
controls, making them susceptible to attacks and increasing their ability to be
overtaken by a botnet.
COVID-19 further exacerbated DDoS attacks in that the rapid shift to remote
work led to a proliferation of often poorly secured connected devices. This
dramatically expanded the attack surface at a time when many IT organizations
were preoccupied with basic tasks like ensuring remote access and support
services.
Virtually any organization can fall victim to a DDoS attack, as evidenced by the
February 2020 attack on Amazon Web Services (AWS). Considered one of the
largest, high-profile DDoS attacks ever reported, this attack targeted an
unknown AWS customer using a technique called Connectionless Lightweight
Directory Access Protocol (CLDAP) reflection, which amplifies data sent to the
victim’s IP address through a server vulnerability. The attack, which lasted three
days, caused significant revenue losses for AWS customers and reputational
harm to AWS.
5. Phishing
Phishing is a type of cyberattack that uses email, SMS, phone, social media, and
social engineering techniques to entice a victim to share sensitive information
— such as passwords or account numbers — or to download a malicious file
that will install viruses on their computer or phone.
Throughout 2020, the CrowdStrike data science team closely tracked COVID-
19-related malspam (malicious spam). Most attacks urged the recipient to
download an attachment, which was malware that then acted as a keylogger or
password stealer. Some of the most common scenarios and techniques included:
For more information about common phishing techniques in the COVID era,
please access our companion post on phishing attacks.
While the most well-known phishing attacks usually involve outlandish claims,
such as a member of a royal family requesting an individual’s banking
information, the modern phishing attack is far more sophisticated. In many
cases, a cyber criminal may masquerade as common retailers, service providers
or government agencies to extract personal information that may seem benign
such as email addresses, phone numbers, the user’s date of birth, or the names
of family members.
To assess exactly which organizations are being impersonated the most in
phishing scams, the CrowdStrike data science team submitted an FOIA request
to the Federal Trade Commission and asked for the total number of phishing
scams reported as impersonating the top 50 brands and all U.S. federal agencies.
The results show the U.S. public which emails from brands and organizations
they need to be the most cautious of, and which are the most lucrative to
impersonate for phishing criminals. Topping the list is e-retailer Amazon,
followed by technology companies Apple (2), Microsoft (4) and Facebook (8).
Other organizations include: the Social Security Administration (3); retail
banks, such as Bank of America (5) and Wells Fargo (6); telecommunications
providers such as AT&T (7) and Comcast (10); retailers such as Costco (11),
Walmart (12) and Home Depot (18); and courier services such as FedEx (9) and
UPS (14).
To view the complete list, please access our companion post on phishing
attacks.
6. MITM Attack
As with malware attacks, advances in cyber security defenses have made MITM
and other network-based attacks increasingly difficult to execute. As a result,
cybercriminals have now begun to target the endpoint instead of the network in
these attacks. For example, the hacker may target a user’s computer and install a
root Certificate Authority (CA) and then generate valid digital certificates that
allow them to impersonate any website. Since the root CA is controlled by the
hacker, encrypted communication sent by the user can be intercepted. In this
way, the concept of ‘Man-in-the-Middle’ becomes ‘Machine-in-the-Middle.’
For more information, please read our companion post: The Rise and Fall of
WebNavigatorBrowser: Chromium-based Adware Browser.
Cross Site Scripting (XSS) is a code injection attack in which an adversary
inserts malicious code within a legitimate website. The code then launches as an
infected script in the user’s web browser, enabling the attacker to steal sensitive
information or impersonate the user. Web forums, message boards, blogs and
other websites that allow users to post their own content are the most
susceptible to XSS attacks.
8. SQL Injections
The main difference between XSS and SQL Injection has to do with who is
targeted. The XSS is a client-side vulnerability that targets other application
users, whereas the SQL injection is a server-side vulnerability that targets the
application’s database.
One of the most common targets of SQL injection attacks are gamers and the
gaming industry. According to Akamai’s State of the Internet report, attacks on
the gaming industry increased three-fold between 2019 and 2020, reaching more
than 240 million web application attacks. SQL injections were the most
common attack vector; this technique was used to access player login
credentials and other personal information.
Once again, this uptick is attributable to increased time spent online due to
COVID-19 lockdowns and social distancing.
9. DNS Tunneling
DNS tunneling attacks have increased in recent years, in part because they are
relatively simple to deploy. Tunneling toolkits and guides are even readily
accessible online through mainstream sites like YouTube.
Password attacks are on the rise because they are an effective means for gaining
access to a network or account. Since many users do not set strong passwords,
reuse existing passwords across multiple sites or fail to regularly change their
password, hackers can exploit these weaknesses.
Birthday attacks are a type of brute force attack that attempts to identify two
matching hash values to crack a password. The attack takes its name from the
probability theory that within a group of 30 people, there is a 70% likelihood
that two people share the same birthday.
13. Cryptojacking
Cryptojacking attacks have waned since 2018 due to increased attention from
law enforcement, as well as the decommissioning of Coinhive, the leading
crypto-mining site for Monero cryptocurrency. However, such attacks have
since increased once again due to the rising value of cryptocurrencies.
An IoT attack is any cyberattack that targets an Internet of Things (IoT) device
or network. Once compromised, the hacker can assume control of the device,
steal data, or join a group of infected devices to create a botnet to launch DoS or
DDoS attacks.
Given that the number of connected devices is expected to grow rapidly over the
next several years, cybersecurity experts expect IoT infections to grow as well.
Further, the deployment of 5G networks, which will further fuel the use of
connected devices, may also lead to an uptick in attacks.
INFORMATION GATHERING
1. Nmap Tool
Nmap is an open-source network scanner that is used to recon/scan networks. It is
used to discover hosts, ports, and services along with their versions over a
network. It sends packets to the host and then analyzes the responses in order to
produce the desired results. It could even be used for host discovery, operating
system detection, or scanning for open ports. It is one of the most popular
reconnaissance tools.
2. ZenMAP
It is another useful tool for the scanning phase of Ethical Hacking in Kali Linux.
It uses the Graphical User Interface. It is a great tool for network discovery and
security auditing. It does the same functions as that of the Nmap tool or in other
words, it is the graphical Interface version of the Nmap tool. It uses command
line Interface. It is a free utility tool for network discovery and security auditing.
Tasks such as network inventory, managing service upgrade schedules, and
monitoring host or service uptime are considered really useful by systems and
network administrators.
3. whois lookup
whois is a database record of all the registered domains over the internet. It is
used for many purposes, a few of them are listed below.
It is used by Network Administrators in order to identify and fix DNS or
domain-related issues.
It is used to check the availability of domain names.
It is used to identify trademark infringement.
It could even be used to track down the registrants of the Fraud domain.
To use whois lookup, enter the following command in the terminal
4. SPARTA
SPARTA is a python based Graphical User Interface tool which is used in the
scanning and enumeration phase of information gathering. It is a toolkit having a
collection of some useful tools for information gathering. It is used for many
purposes, a few of them are listed below.
It is used to export Nmap output to an XML file.
It is used to automate the process of Nikto tool to every HTTP service or any
other service.
It is used to save the scan of the hosts you have scanned earlier in order to save
time.
It is used to reuse the password which is already found and is not present in the
wordlist.
To use SPARTA, enter the IP address of the host you want to scan in the host
section to start scanning.
5. nslookup
nslookup stands for nameserver lookup, which is a command used to get the
information from the DNS server. It queries DNS to obtain a domain name, IP
address mapping, or any other DNS record. It even helps in troubleshooting
DNS-related problems. It is used for many purposes, a few of them are listed
below.
To get the IP address of a domain.
For reverse DNS lookup
For lookup for any record
Lookup for an SOA record
Lookup for an ns record
Lookup for an MX record
Lookup for a txt record
APPLICATION ATTACK in cyber security
The world recorded a steep increase in cyber attacks and cybercrime in 2020.
According to CrowdStrike’s 2020 Threat Hunting Report , which analyzes
intrusion attempts within the CrowdStrike customer network, more breaches
were attempted in the first half of 2020 than in all of 2019. The report revealed
that the CrowdStrike threat hunting team blocked roughly 41,000 potential
intrusions from January through June 2020, as compared to 35,000 intrusions
during the entirety of the previous year. This represents a 154% increase in
cyberattacks year-on-year.
Misconfiguration Attacks
Security misconfiguration or poorly configured security controls might allow
attackers to gain unauthorized access to the system, compromise files, or perform
other unintended actions. Misconfiguration vulnerabilities affect web servers,
application platforms, databases, networks, or frameworks that may result in illegal
access or possible system takeover. Administrators should change the default
configuration of the devices before deploying them in the production network. To
optimize the configuration of the machine, remove any unneeded services or
software. Automated scanners detect missing patches, Misconfiguration, use of
default accounts, unnecessary services, and so on.
Top 10 Most Common Types of Cyber Attacks
Application-Level Attacks
Software developers are often under intense pressure to meet deadlines, which can
mean they do not have sufficient time to completely test their products before
shipping them, leaving undiscovered security holes. This is particularly
troublesome in newer software applications that come with a large number of
features and functionalities, making them more and more complex. An increase in
the complexity means more opportunities for vulnerabilities. Attackers find and
exploit these vulnerabilities in the applications using different tools and techniques
to gain unauthorized access and steal or manipulate data.
Security is not always a high priority to software developers, and they handle it as
an “add-on” component after release. This means that not all instances of the
software will have the same level of security. Error checking in these applications
can be very poor (or even nonexistent), which leads to:
Buffer overflow attacks
Sensitive information disclosure
Denial-of-service attacks
SQL injection attacks
Cross-site scripting
Phishing
Session hijacking
Parameter/form tampering
Man-in-the-middle attacks
Directory traversal attacks
SQL injection attacks
IP Spoofing
IP spoofing is used by an attacker to convince a system that it’s communicating
with a known, trusted entity and provide the attacker with access to the system.
The attacker sends a packet with the IP source address of a known, trusted host
rather than its own IP source address to a target host. The target host might accept
the packet and act upon it.
Replay
A replay attack occurs when an attacker intercepts and saves old messages then
tries to send them later, impersonating one among the participants. this sort can be
easily countered with session timestamps or nonce (a random number or a string
that changes with time).
Currently, there’s no single technology or configuration to stop all MitM attacks.
Generally, encryption and digital certificates provide an efficient safeguard against
MitM attacks, assuring both the confidentiality and integrity of communications.
Drive-by attack
Drive-by download attacks are a standard method of spreading malware.
Hackers search for insecure websites and plant a malicious script into HTTP
or PHP code on one among the pages. This script might install malware directly
onto the pc of somebody who visits the site, or it’d re-direct the victim to a site
controlled by the hackers. Drive-by downloads can happen when visiting a website
or viewing an email message or a pop-up window. Unlike many other types of
cyber security attacks, a drive-by doesn’t rely on a user to do anything to actively
enable the attack — you don’t need to click a download button or open a malicious
email attachment to become infected. A drive-by download can cash in of an app,
operating system or web browser that contains security flaws thanks to
unsuccessful updates or lack of updates.
To protect yourself from drive-by attacks, you would like to stay your browsers
and operating systems up to date and avoid websites which may contain malicious
code. stick with the sites you normally use — although keep in mind that even
these sites are often hacked. Don’t keep too many unnecessary programs and apps
on your device. The more plug-ins you have, the more vulnerabilities there are
which will be exploited by drive-by attacks.
Password attack:
Eavesdropping attack
Eavesdropping attacks occur through the interception of network traffic. By
eavesdropping, an attacker can obtain passwords, credit card numbers and other
confidential information that a user might be sending over the network.
Eavesdropping can be passive or active:
Passive eavesdropping — A hacker detects the information by listening to
the message transmission in the network.
Active eavesdropping — A hacker actively grabs the information by
disguising himself as friendly unit and by sending queries to transmitters.
This is called probing, scanning or tampering.
Detecting passive eavesdropping attacks is often more important than spotting
active ones, since active attacks requires the attacker to gain knowledge of the
friendly units by conducting passive eavesdropping before.
Data encryption is the best countermeasure for eavesdropping.
Malware attack
Malicious software are often described as unwanted software that’s installed in
your system without your consent. It can attach itself to legitimate code and
propagate; it can lurk in useful applications or replicate itself across the web . Here
are some of the most common sorts of malware:
Macro viruses — These viruses infect applications like Microsoft Word or
Excel. Macro viruses attach to an application’s initialization sequence. When
the application is opened, the virus executes instructions before transferring
control to the application. The virus replicates itself and attaches to other
code within the computing system .
File infectors — File infector viruses usually attach themselves to
executable code, such as .exe files. The virus is installed when the code is
loaded. Another version of a file infector associates itself with a file by
creating a virus file with an equivalent name, but an .exe extension.
Therefore, when the file is opened, the virus code will execute.
System or boot-record infectors — A boot-record virus attaches to the
master boot record on hard disks. When the system is started, it’ll check out
the boot sector and load the virus into memory, where it can propagate to
other disks and computers.
Polymorphic viruses — These viruses conceal themselves through varying
cycles of encryption and decryption. The encrypted virus and an associated
mutation engine are initially decrypted by a decryption program. The virus
proceeds to infect an area of code. The mutation engine then develops a new
decryption routine and therefore the virus encrypts the mutation engine and a
copy of the virus with an algorithm corresponding to the new decryption
routine. The encrypted package of mutation engine and virus is attached to
new code, and therefore the process repeats. Such viruses are difficult to
detect but have a high level of entropy due to the various modifications of
their source code. Anti-virus software or free tools like Process Hacker can
use this feature to detect them.
Stealth viruses — Stealth viruses take over system functions to conceal
themselves. they are doing this by compromising malware detection
software in order that the software will report an infected area as being
uninfected. These viruses conceal any increase within the size of an infected
file or changes to the file’s date and time of last modification.
Trojans — A Trojan or a trojan horse may be a program that hides during a
useful program and typically has a malicious function. a major difference
between viruses and Trojans is that Trojans don’t self-replicate. additionally
to launching attacks on a system, a Trojan can establish a back door which
will be exploited by attackers. for instance , a Trojan are often programmed
to open a high-numbered port therefore the hacker can use it to listen then
perform an attack.
Logic bombs — A logic bomb may be a sort of malicious software that’s
appended to an application and is triggered by a selected occurrence, like a
logical condition or a specific date and time.
Worms — Worms differ from viruses therein they are doing not attach to a
number file, but are self-contained programs that propagate across networks
and computers. Worms are commonly spread through email attachments;
opening the attachment activates the worm program. A typical worm exploit
involves the worm sending a copy of itself to each contact in an infected
computer’s email address additionally to conducting malicious activities, a
worm spreading across the internet and overloading email servers may result
in denial-of-service attacks against nodes on the network.
Droppers — A dropper may be a program wont to install viruses on
computers. In many instances, the dropper isn’t infected with malicious code
and, therefore won’t be detected by virus-scanning software. A dropper also
can connect to the web and download updates to virus software that’s
resident on a compromised system.
Ransomware — Ransomware may be a sort of malware that blocks access
to the victim’s data and threatens to publish or delete it unless a ransom is
paid. While some simple computer ransomware can lock the system during a
way that’s not difficult for a knowledgeable person to reverse, more
advanced malware uses a way called cryptoviral extortion, which encrypts
the victim’s files during a way that creates them nearly impossible to recover
without the decryption key.
Adware — Adware may be a software application used by companies for
marketing purposes; advertising banners are displayed while any program is
running. Adware are often automatically downloaded to your system while
browsing any website and may be viewed through pop-up windows or
through a bar that appears on the pc screen automatically.
Spyware — Spyware may be a sort of program that’s installed to gather
information about users, their computers or their browsing habits. It tracks
everything you are doing without your knowledge and sends the info to a
remote user. It can also download and install other malicious programs from
the web . Spyware works like adware but is typically a separate program
that’s installed unknowingly when you install another freeware application.
7 Sep 2021
Shutterstock
For many years, passwords were considered to be an acceptable form of protecting
one’s privacy when it came to the digital world. However,
as cryptography and biometrics started to become more widely available to the
public, the flaws in this simple method of authentication became more noticeable.
The best passwords are the ones you can't remember
If not passwords then what?
It’s worth taking into account the role of a leaked password in one of the biggest
cyber security stories of the last two years, the SolarWinds hack. It was revealed
that ‘solarwinds123’, a password created and leaked by an intern, had been
publicly accessible through a private GitHub repository since June 2018, enabling
hackers to plan and carry out the massive supply chain attack. Despite this, even if
the password hadn’t been leaked, it wouldn’t have been hard for attackers to guess
it. In the words of US politician Katie Porter, most parents utilise a stronger
password to stop their children from “watching too much YouTube on their iPad”.
studies
SIGN UP
Passwords that are weak or easy to guess are more common than you might
expect: recent findings from the NCSC found that around one in six people uses
the names of their pets as their passwords, making them highly predictable. To
make matters worse, these passwords tend to be reused across multiple sites,
with one in three people (32%) having the same password to access different
accounts.
Advertisement - Article continues below
It should come as no surprise that passwords are the worst nightmare of a cyber
security expert. To remedy this issue, there are steps worth taking, like
implementing robust multi-layer authentication. It is also worthwhile mitigating
risks to consider the steps cyber criminals must take to hack your account and
“know your enemy”. We’ve put together the top 12 password-cracking techniques
used by attackers to enable you and your business to be better prepared.
DOWNLOAD NOW
Speaking of social engineering, this typically refers to the process of tricking users
into believing the hacker is a legitimate agent. A common tactic is for hackers to
call a victim and pose as technical support, asking for things like network access
passwords in order to provide assistance. This can be just as effective if done in
person, using a fake uniform and credentials, although that’s far less common these
days.
Successful social engineering attacks can be incredibly convincing and highly
lucrative, as was the case when the CEO of a UK-based energy company lost
£201,000 to hackers after they tricked him with an AI tool that mimicked his
assistant’s voice.
3. Malware
Keyloggers, screen scrapers, and a host of other malicious tools all fall under the
umbrella of malware, malicious software designed to steal personal data.
Alongside highly disruptive malicious software like ransomware, which attempts
to block access to an entire system, there are also highly specialised malware
families that target passwords specifically.
Advertisement - Article continues below
Keyloggers, and their ilk, record a user’s activity, whether that’s through
keystrokes or screenshots, which is all then shared with a hacker. Some malware
will even proactively hunt through a user’s system for password dictionaries or
data associated with web browsers.
4. Brute force attack
Brute force attacks refer to a number of different methods of hacking that all
involve guessing passwords in order to access a system.
A simple example of a brute force attack would be a hacker simply guessing a
person’s password based on relevant clues, however, they can be more
sophisticated than that. Credential recycling, for example, relies on the fact that
many people reuse their passwords, some of which will have been exposed by
previous data breaches. Reverse brute force attacks involve hackers taking some of
the most commonly used passwords and attempting to guess associated usernames.
Most brute force attacks employ some sort of automated processing, allowing vast
quantities of passwords to be fed into a system.
5. Dictionary attack
Shutterstock
Network analysers are tools that allow hackers to monitor and intercept data
packets sent over a network and lift the plain text passwords contained within.
Such an attack requires the use of malware or physical access to a network
switch, but it can prove highly effective. It doesn’t rely on exploiting a system
vulnerability or network bug, and as such is applicable to most internal
networks. It’s also common to use network analysers as part of the first phase of
an attack, followed up with brute force attacks.
Of course, businesses can use these same tools to scan their own networks, which
can be especially useful for running diagnostics or for troubleshooting. Using a
network analyser, admins can spot what information is being transmitted in plain
text, and put policies in place to prevent this from happening.
Advertisement - Article continues below
The only way to prevent this attack is to secure the traffic by routing it through a
VPN or something similar.
9. Spidering
Spidering refers to the process of hackers getting to know their targets intimately in
order to acquire credentials based on their activity. The process is very similar to
techniques used in phishing and social engineering attacks, but involves a far
greater amount of legwork on the part of the hacker - although it’s generally more
successful as a result.
How a hacker might use spidering will depend on the target. For example, if the
target is a large company, hackers may attempt to source internal
documentation, such as handbooks for new starters, in order to get a sense of
the sort of platforms and security the target uses. It’s in these that you often find
guides on how to access certain services, or notes on office Wi-Fi usage.
It’s often the case that companies will use passwords that relate to their
business activity or branding in some way - mainly because it makes it easier
for employees to remember. Hackers are able to exploit this by studying the
products that a business creates in order to build a hitlist of possible word
combinations, which can be used to support a brute force attack.
As is the case with many other techniques on this list, the process of spidering is
normally supported by automation.
10. Offline cracking
It’s important to remember that not all hacking takes place over an internet
connection. In fact, most of the work takes place offline, particularly as most
systems place limits on the number of guesses allowed before an account is locked.
Advertisement - Article continues below
Offline hacking usually involves the process of decrypting passwords by using a
list of hashes likely taken from a recent data breach. Without the threat of detection
or password form restrictions, hackers are able to take their time.
Of course, this can only be done once an initial attack has been successfully
launched, whether that's a hacker gaining elevated privileges and accessing a
database, by using a SQL injection attack, or by stumbling upon an unprotected
server.
11. Shoulder surfing
You might think the idea of someone looking over your shoulder to see your
password is a product of Hollywood, but this is a genuine threat, even in 2020.
Brazen examples of this include hackers disguising themselves in order to gain
access to company sites and, quite literally, look over the shoulders of employees
to grab sensitive documents and passwords. Smaller businesses are perhaps most at
risk of this, given that they’re unable to police their sites as effectively as a larger
organisation.
Security experts recently warned of a vulnerability in the authentication process
used by WhatsApp. Users trying to use WhatsApp on a new device must first enter
a unique code that's sent via a text message, which can be used to restore a user's
account and chat history from a backup. It was found that if a hacker was able to
obtain a user's phone number, they are able to download the app to a clean device
and issue a prompt for a new code, which, if they are in spying distance, they could
copy as it arrives on the user's own device.
12. Guess
If all else fails, a hacker can always try and guess your password. While there are
many password managers available that create strings that are impossible to guess,
many users still rely on memorable phrases. These are often based on hobbies,
pets, or family, much of which is often contained in the very profile pages that the
password is trying to protect.
The best way to remove this as a potential avenue for criminals is to maintain
password hygiene and make use of password managers, many of which are free.
FORMING AN INCIDENT RESPONSE TEAM
Your IR plan should include the following sections:
Plan overview.
Roles and responsibilities.
List of incidents that require action.
Overview of the security posture and the network infrastructure.
Procedures for detection, investigation, and containment.
Eradication plan and capabilities.
Nmap stands for Network Mapper is a free Open source command-line
tool. Nmap is an information-gathering tool used for recon reconnaissance.
Basically, it scans hosts and services on a computer network means it sends
packets and analyzes the response
ZENMAP:
Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform
(Linux, Windows, Mac OS X, BSD, etc.) free and open source application
which aims to make Nmap easy for beginners to use while providing
advanced features for experienced Nmap users.
A port scan is a method for determining which ports on a network are
open. As ports on a computer are the place where information is sent and
received, port scanning is analogous to knocking on doors to see if someone
is home. ... It is also valuable for testing network security and the strength of
the system's firewall.