Cyber Terms FUT

An Advanced Persistent Threat (APT) attack is a type of cyber attack in which a threat actor uses advanced tactics and technologies to break into a high-profile network. The aim of an APT attack is to remain undetected while exploring the network for weeks, months, or even years. APTs are often used by nation-state actors to cause severe disruption and damage to a country’s economic and political stability. They can be thought of as the cyber equivalent of espionage ‘sleeper cells’.

Adware is a highly intrusive software that hinders the user experience by displaying endless ads and pop-up windows. However, it can be more dangerous than just an annoyance as it can contain malware or redirect user searches to malicious websites that collect users’ personal data. The adware operator often earns an indirect fee for using the program, which is usually built into freeware or shareware programs. These programs can be challenging to identify as they do not show themselves in the system. Moreover, adware programs do not have a de-installation procedure, and attempting to remove them manually can cause the original carrier program to malfunction. It is crucial to be vigilant and take necessary precautions to prevent adware from causing harm to your device and stealing your personal information.

Anti-botnet tools automatically generate botnet checks when a user browses a website. If a risk is detected, it sends a warning message to the device. The most common anti-botnet solution is CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart).

Anti-malware is a program designed to protect computers and networks against threats or attacks from viruses, such as adware, spyware, and other malicious programs.

Anti-Phishing is a powerful tool that effectively shields users from the scourge of fraudulent websites. These malicious sites pose as legitimate ones and are designed to deceive even the most discerning individuals. Our cutting-edge technology not only detects fraudulent emails but also proactively blocks phishing websites, ensuring that you stay safe and protected from cybercriminals.

Anti-Virus solutions integrate the latest generation of virus detection technology to protect users from viruses, spyware, trojans, and worms that can infect equipment through email or internet browsing.

An Attack Vector is the collection of all vulnerable points by which an attacker can gain entry into the target system. Attack vectors include vulnerable points in technology and human behaviour, skillfully exploited by attackers to gain access to networks. The growth of IoT devices and(Work from Home) have greatly increased the attack vector, making networks increasingly difficult to defend.

Authentication is the process of verifying the identity of a user or piece of information and the veracity of the information provided. In computing, it is identifying a person or system with a username, password, etc. Authentication helps individuals and systems gain authorization based on their identity and prevent unauthorized access.

Attackers use a Backdoor to gain access to a computer or a network. In the event of an attack on the computer system or networks, a programmer may bypass security steps and gain access to a computer through trapdoor programs. Attackers may also use such mechanisms to enter computers or networks without permission.

A Banker Trojan is a malicious computer program that intercepts sensitive personal information and credentials for accessing online bank or payment accounts.

Blacklist, Blocklist, or Denylist is a basic access control mechanism that allows elements such as email addresses, users, passwords, URLs, IP addresses, domain names, file hashes, etc., through the system, except those explicitly mentioned, which are denied access.

A Bot is a program that automates actions on behalf of an agent for some other program or
person and is used to carry out routine tasks. Their use for malicious purposes includes spam distribution, credentials harvesting, and the launching of DDoS attacks.

A Botnet is a collection of compromised computers running malicious programs that are controlled remotely by a C&C (command and control) server operated by a cybercriminal. Cybercriminals exercise remote control through automated processes (bots) in public IRC channels or websites. (Such websites may either be run directly by the’ bot herder’ or legitimate websites that have been subverted for this purpose.)

A Brute Force Attack is a method used to guess a password or encryption key by trying many possible combinations of characters until the correct one is found. One can limit the number of permitted attempts to enter a password to reduce the risk of such an attack. For instance, allowing only three failed attempts and then granting further attempts only after 15 minutes could reduce the susceptibility to such attacks.

The term Business Disruption refers to any interruption in the usual way that a system, process, or event works. Cyberattacks cause disruption to business operations and the associated risk of losses to the organization.

Bring Your Own Computer (BYOC) is a fairly recent enterprise computing trend in which employees are encouraged or allowed to bring and use their own personal computing devices, specifically personal laptop computers, to perform some or part of their job roles.

Bring Your Own Device (BYOD) is a policy of an organization that allows, encourages, or requires its employees to use their devices, such as smartphones, Tablet PCs, and laptops, for official business purposes and to access enterprise systems and data.

Bring Your Own Laptop (BYOL) is a specific type of BYOC by which employees are encouraged or allowed to bring and use their laptops to perform some or part of their job roles, including possible access to enterprise systems and data.

A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a challenge-response test commonly used by websites to verify the user is a real human and not a bot.They can include simple arithmetic and questions about images, that bots have difficulty answering.

Clickjacking involves tricking someone into clicking on one object on a web page while they think they are clicking on another. The attacker loads a transparent page over the legitimate content on the web page so that the victim thinks they are clicking on a legitimate item when they are really clicking on something on the attacker’s invisible page. This way, the attacker can hijack the victim’s click for their own purposes. Clickjacking could be used to install malware, gain access to one of the victim’s online accounts, or enable the victim’s webcam.

Clientless refers to a program that is run entirely from the network, without requiring any installation of software on the endpoint device running the program. Code Injection Code Injection is commonly used by malware to evade detection by antivirus and anti-malware programs by injecting malicious code into a legitimate process. This way the legitimate process serves as camouflage so all anti-malware tools can see running is the legitimate process and thus obfuscates the malicious code execution.

Cryptojacking consists of hackers using the computing power of a compromised device to generate or “mine” cryptocurrency without the owner’s knowledge.Mining can be performed either by installing a malicious program on the target computer or through various kinds of fileless malware. Sometimes attackers take over part of the computer’s processing power when a page containing a special mining script is opened. Cryptojacking has been known to occur when viewing online ads or solving a CAPTCHA.

Cyberbullying is the use of electronic means, primarily messaging and social media platforms, to bully and harass a victim. Cyberbullying has become a major problem, especially affecting young people, as it allows bullies to magnify their aggressive behavior, publicly ridicule victims on a large scale, and carry out damaging activities in a way that is difficult for parents and teachers to detect.

Cybersecurity relates to processes employed to safeguard and secure assets used to carry
information of an organization from being stolen or attacked. It requires extensive knowledge of possible threats such as viruses or other malicious objects. Identity
management, risk management, and incident management form the crux of the cybersecurity strategies of an organization.

The Dark Web is encrypted parts of the internet that are not indexed by search engines, most notoriously used by all types of criminals including; pedophiles, illicit human and contraband traffickers, and cyber criminals, to communicate and share information without being detected or identified by law enforcement. Malware of all types can be purchased on the dark web. A subset of the deep web, which anyone with the correct URL can access, dark webpages need special software (ex. Tor) with the correct decryption key and access rights and knowledge to find content. Users of the dark web remain completely anonymous due to its P2P network connections which makes network activity very difficult to trace.

A Data Breach is the event of a hacker successfully exploits a network or device vulnerability and gains access to its files and data.

Data Integrity is a broad term that refers to the maintenance and assurance of data quality. This includes the accuracy and consistency of data over its entire lifecycle. Data Integrity is an important part of the design, implementation, and use of any data system that stores, processes, or retrieves information. The term is broad in scope and may have widely different meanings depending on the specific context

Data Loss Prevention (DLP) is an umbrella term for a collection of security tools, processes, and procedures that aim to prevent sensitive data from falling into unauthorized or malicious hands. DLP aims at preventing such occurrences through various techniques such as strict access controls on resources, blocking or monitoring email attachments, preventing network file exchange to external systems, blocking cut-and-paste, disabling the use of social networks and encrypting stored data.

Data Theft is the deliberate theft of sensitive data by nefarious actors.

A Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack is when one or more compromised systems launch a flooding attack on a remote target(s), in an attempt to overload network resources and disrupt service. Some DDoS attacks have caused prolonged, complete service shutdowns of major online operators.

Decryption is decoding cipher text to plain text so that humans can read it. It is the reverse of encryption, converting plain text to cipher text. Cybercriminals use decryption software and techniques to ‘break’ security encryption and gain access to protected information.

Network Detection and Response is a security solution category used by organizations to detect malicious network activity, perform a forensic investigation to determine the root cause, and then respond and mitigate the threat.

Digital Forensics is the process of procuring, analyzing, and interpreting electronic data for the purpose of presenting it as legal evidence in a court of law.

Digital Transformation is the process of using digital technologies to create or modify businessprocesses and customer experiences to keep up-to-date with current business and market
requirements.

Domain Name System (DNS) Exfiltration is a lower-level attack on DNS servers to gain unauthorized access. Such attacks are difficult to detect and can lead to loss of data.

Drive-by Downloads or attacks are a common method of spreading malware.
Cybercriminals look for insecure websites and plant a malicious script into HTTP or PHP code on one of the pages. This script may install malware directly onto the computerof someone who visits the site, or it may take the form of an IFRAME that re-directs the victim to a site controlled by the cybercriminals. Such attacks are called ‘drive-by downloads’ because they require no action on the part of the victim- beyond simply visiting the compromised website: they have infected automatically (and silently) if their
computer is vulnerable in some way (e.g., if they have failed to apply a security update to one of their applications).

Encryption is a process ofmaintaining data confidentiality by converting plain data into secret code with the help of an encryption algorithm. Only users with the appropriate decryption key can unscramble and access encrypted data or cipher text.

Endpoint Protection refers to a system for network security management that monitors network endpoints, hardware devices such as workstations and mobile devices from which a network is accessed.

Endpoint Detection and Response (EDR) are tools for protecting computer endpoints from potential threats. EDR platforms comprise software and networking tools for detecting suspicious endpoint activities, usually via continuous network monitoring.

An exploit is taking advantage of a vulnerability or flaw in a network system to penetrate or attack it.

Fast Identity Online (FIDO) is a set of open authentication standards that enable a service provider to leverage existingtechnologies for passwordless authentication.

Fileless Malware (FM), aka “non-malware,” or “fileless infection,” is a form of malicious computer attack that exists exclusively within the realm of volatile data storage components such as RAM, in memory processes, and service areas. This differentiates this form of malware from the classic memory resident virus which requires some contact with non-volatile storage media, such as a hard disk drive or a thumb drive. Normally picked up following visits to malicious websites, fileless malware does not exist as a file that can be detected by standard antivirus programs. It lurks within a computer’s working
memory and is exceptionally difficult to identify. However, this type of malware rarely survives a computer reboot, after which the computer should work as it did prior to infection.

A Firewall is a security system that forms a virtual perimeter around a network of workstations preventing viruses, worms, and hackers from penetrating.

A Greylist contains items that are temporarily blocked (or temporarilyallowed) until an additional step is performed.

A Hacker is a term commonly used to describe a person who tries to gain unauthorized access to a network or computer system.

Honeypots are computer security programs that simulate network resources that hackers are likely to look for to lure them in and trap them. An attacker may assume that you’re running weak services that can be used to breakinto the machine. A honeypot provides you with advanced warning of a more concerted attack. Two or more honeypots on a network form a honeynet.

Identity and Access Management (IAM) is the process used by an organization to grant or deny access to a secure system. IAM is an integration of workflow systems that involves organizational think tanks that analyze and make security systems work effectively.

Theft Identity Theft occurs when a malicious actor gathers enough personal information from the victim (name, address, date of birth, etc.) to enable him to commit identity fraud -i.e., the use of stolen credentials to obtain goods or services by deception. Stolen data can be used to create a new account in the victim’s name (e.g., a bank account), to take over an existing account held by the victim (e.g., a social network account), or to masquerade as the victim while carrying out criminal activities.

Indicators ofCompromise (IoC) are bits of forensic data from system log entries or files that identify potentially malicious activity on a system or network. Indicators of Compromise aid information security and IT professionals in detecting data breaches, malware infections, or other threat activity.

A rapid and far-reaching spread of accurate or inaccurate information making it challenging to distinguish the true from the false. A combination of the words information and epidemic.

An In-line Network Device is one that receives packets and forwards them to their intended
destination. In-line network devices include routers, switches, firewalls, and intrusion detection and intrusion prevention systems, web application firewalls, anti-malware, and network taps. NetworkSecure delivers comprehensive in-line cybersecurity protection to CSP subscribers.

The internet is a series of technologies that allow computers and networks to communicate with each other. The World Wide Web, which we often think of as ‘the internet’, is actually a protocol that runs on the internet (also known as HTTP or HTTPS). Email is another application that runs on the internet.

An Insider Threat is when anauthorized system user, usually an employee or contractor, poses a threat to an organization because they have authorized access to inside information and therefore bypass most perimeter-based security solutions.

An Intrusion Prevention System (IPS) is a network security system designed to prevent network penetration by malicious actors.

The term Internet of Things (IoT) is used to describe everyday objects that are connected to the internet and are able to collect and transfer data automatically, without the need for human interaction. The Internet of Things encompasses any physical object (not just traditional computers) that can be assigned an IP address and can transfer data: this includes householdappliances, utility meters, cars CCTV cameras, and even people (e.g., heart implants). Read more about solutions for IoT Security.

A Keylogger is a kind of spyware software that records every keystroke made on a computer’s keyboard. It canrecord everything a user types including instant messages, email, usernames, and passwords.

Malware that is delivered as a malicious attachment in spam email. It often, but not always, requires the recipient to open the file before it can do damage.

Cybercriminals embed a special script in a banner, or redirect users who click on an ad to a special page containing code for downloading malware. Special methods are used to bypass large ad network filters and place malicious content on trusted sites. In some cases, visitors do not even need to click on a fake ad -the code executes when the ad is displayed.

Malware is a general term for any type of intrusive computer software with malicious intent against the user.

A man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communications between two parties whobelieve they are directly communicating with each other. For example, a victim believes he’s connected to his bank’s website and the flow of traffic to and from the real bank site remains unchanged, so the victim sees nothing suspicious. However, the traffic is redirected through the attacker’s site, allowing the attacker to gather any personal data entered by the victim (login, password, PIN, etc.).

Mass-market cybersecurity services (e.g., anti-malware, anti-phishing) that operate from within a CSP’s network and not at the endpoint, such as a PC or a mobile device. Network-based services can protect any connected device regardless of model or operating system. This type of service, however, cannot be bypassed like other cybersecurity solutions and they can be implemented with no software installation, upgrades or configuration required on the part of the end user, leading to high rates of service adoption.

Parental Controls are features which may be included in digital television services, computer and video games, mobile devices, and software that allow parents to restrict the access of content to their children. These controls were created to help parents control which types of content can be viewed by their children.

A Patch provides additional, revised or updated code for an operating system or application. Except for open source software, most software vendors do not publish their source code. So, patches are typically pieces of binary code that are patched into an existing program (using an install program).

Also referred to as Pentest, it is an authorized offensive audit using known cyberattack techniques on a computer system, digital devices or networks, performed to evaluate the security of the system or infrastructure. The activity consists of trying to find as many vulnerabilities or weaknesses as possible in a computer system and exploit them.

Phishing is a type of internet fraud that seeks to acquire a user’s credentials by deception. It includes the theft of passwords, credit card numbers, bank account details, and other confidential information. Phishing messages usually take the form of fake notifications from banks, providers, e-pay systems, and other organizations. The phishing attempt will try to encourage a recipient, for one reason or another, to enter/update personal data. Common reasons given can include “suspicious login to the account,” or “expiration of the password.”

Personal Identifiable Information (PII or PII) is a type of data that identifies the unique identity of an individual.

Personal Identification Number used by ATM’s but also computers as a login to accounts. If you call it your PIN Number that is redundant.

Process Hollowing is a security exploit in which an attacker removes code in an executable file and replaces it with malicious code. The process hollowing attack is used by hackers to cause an otherwise legitimate process to execute malicious code. This attack can be done while evading potential defenses, such as detection analysis software.

A triple extortion attack supplemented by a distributed denial of service
(DDoS) on the target’s infrastructure whilst the target is recovering and rebuilding the infrastructure.

Ransomware is the name given to malicious programs designed to extort money from victims by blocking access to the computer or encrypting stored data. The malware displays a message offering to restore the system/data in return for payment. Sometimes,
cybercriminals behind the scam try to lend credibility to their operation by masquerading as law enforcement officials.
Their ransom message asserts that the system has been blocked, or the data encrypted, because the victim is running unlicensed software or has accessed illegal content, and that the victim must pay a fine.

RDP is a protocol for remotely connecting to computers running Windows. It enables interaction with desktop elements as well as access to other device resources. RDP was conceived as a remote administration tool. However, it is often used by intruders to penetrate targeted computers. By exploiting incorrectly configured RDP settings or system software vulnerabilities, cybercriminals can intercept an RDP session and log into the system with the victim’s permissions.

A Rootkit is a collection of software tools or a program that gives a hacker remote access to, and control over, a computer or network. Rootkits themselves do not cause direct harm-and there have been legitimate uses for this type of software, such as to provide remote end user support. However, most rootkits open a backdoor on targeted computers for the introduction of malware, viruses, and ransomware, or use the system for further network security attacks. A rootkit is typically installed through a stolen password, or by exploiting system vulnerabilities without the victim’s knowledge. In most cases, rootkits are used in conjunction with other malware to prevent detection by endpoint antivirus software.

In cybersecurity, a sandbox is an isolated environment on a network that mimics end-user operating environments. Sandboxes are used to safely execute suspicious code without risking harm to the host device or network.

Scareware is malware that uses scare tactics, often in the form of pop-ups that falsely warn users they have been infected with a virus, to trick users into visiting malware-containing websites.

A Secure Sockets Layer (SSL) is the standard security technology for establishing an encrypted link between a web server and a browser. SSL was originally developed by Netscape to allow the private transmission of documents via the Internet.

SIM Swapping is a scam used to intercept online banking SMS verification codes. To get hold of one time passwords for financial transactions, cybercriminals create or fraudulently obtain a copy of the victim’s SIM card-for example, pretending to be the victim, the attacker might claim to have lost the SIM card and request a new one from the mobile operator. To protect clients from such schemes, most banks require that a replacement SIM card be re-linked to the account.

Packet sniffing allows the capture of data as it is being transmitted over a network. Packet sniffer programs are used by network professionals to diagnose network issues. Malicious actors can use sniffers to capture unencrypted data like passwords and usernames in network traffic. Once this information is captured, the bad actor can then gain access to the system or network.

Social Engineering is an increasingly popular method of gaining access to unauthorized resources by exploiting human psychology and manipulating users
-rather than by breaking in or using technical hacking techniques. Instead of trying to find a software vulnerability in a corporate system, a social engineer might send an email to an employee pretending to be from the IT department, trying to trick him into revealing sensitive information. Social engineering is the foundation of spear phishing attacks.

Spam is the name commonly given to unsolicited emails. Essentially unwanted advertising, it’s the email equivalent of physical junk mail delivered through the post

Spear Phishing is a phishing scam that targets a specific individual or organization, usually via a personalized email, SMS or other electronic communication to defraud them under the guise of a legitimate transaction.

A Spoof is an attack attempt by an unauthorized entity or attacker to gain illegitimate access to a system by posing as an authorized user. Spoofing includes any act of disguising a communication from an unknown source as being from a known, trusted source. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address.

Spyware is software that is secretly installed on a user’s device to gather sensitive data. Spyware quietly collects information such as credentials and sends it outside the network to bad actors. Spyware often comes in the form of a free download and is installed automatically, with or without user consent.

Trojans are malicious programs that perform actions that are not authorized by the user: they delete, block, modify or copy data, and they disrupt the performance of computers or computer networks. Unlike viruses and worms, Trojans are unable to make copies of themselves or self-replicate.

A double extortion attack where a threat actor goes on to directly threaten individuals whose
personal data has been stolen. It diversifies the revenue of criminals by demanding a ransom to the victim(s) whose data is found in the exfiltrated data.

Two-factor Authentification combines a static password with an external authentication device such as a hardware token that generates a randomly-generated one-time password, a smart card, an SMS message (where a mobile phone is the token), or a unique physical attribute like a fingerprint.

Two-step Authentification is commonly used on websites and is an improvement over single factor authentication. This form of authentication requires the visitor to provide their username (i.e. claim an identity) and password (i.e.the single factor authentication) before performing an additional step. The additional step could be receiving a text message with a code, then typing that code back into the website for confirmation. Alternatives include receiving an email and needing to click on a link in the message for confirmation, or viewing a pre-selected image and statement before typing in another password or PIN.

A Virus is a malicious computer program that is often sent as an email attachment or a download with theintent of infecting that device. Once the device is infected, a virus can hijack the web browser, display unwanted ads, send spam, provide criminals with access to the device and contact list, disable security settings, scan, and find personal informationlike passwords.

A Virtual Private Network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. It is essentially a virtual, secure corridor.

Vulnerabilities are weaknesses in software programs that can be exploited by hackers to compromise computers.

White hat-Black Hat are terms to describe the ‘good guys’ and ‘bad guys’
in the world of cybercrime. Blackhats are hackers with criminal intentions. White-hats are hackers who use their skills and talents for good and work to keep data safe from other
hackers by finding system vulnerabilities that can be fixed.

A Whitelist, allowlist, passlist is a list of permitted items that are automatically let through whatever gate is being used. Worm A Worm is a computer program that installs itself on a victim’s device and then looks for a way to spread to other computers, causing damage by shutting down network parts.

Process consisting of the deletion of part of or all data stored on a digital medium in such a way that recovery of the data is impossible. For users, every time a sensitive digital medium is formally decommissioned, wiping of data should take place.

This term is used to describe exploit code that has been written to take advantage of a vulnerability before the software vendor knows about it and can publish a patch for it. The result is that would-be attackers are free to exploit the vulnerability, unless proactive exploit prevention technologies have been implemented to defend the computer being targeted by the attacker.