Privileged Access Management
Unified Endpoint Management
Email & Collaboration Security
Extended Detection and Response (XDR)
Powered by Heimdal Unified Security Platform
Managed Extended Detection and Response
24x7 SOC Services
Compliance & Data Governance
Start Free Trial
An advanced persistent threat is deployed by cyber-criminals who have a high level of expertise and important resources to infiltrate a network. They usually use this type of attack to target large organizations seeking to retrieve economic or financial information. In some cases, they might even try to use this form of attack to stop or block a company's program or agenda. Since an advanced persistent threat is executed over long periods of time, it is difficult to be detected and blocked by average users and requires a specialized security program or a team of experts to find a solution.
Adware is a type of software that delivers ads on your system. Usually, these pop-up ads appear while visiting sites, like annoying pop-up ads or banners. They come in "bundle" versions with other applications. Most types of adware are not dangerous, maybe a bit annoying since they deliver pop-up ads while visiting a website, but there is another dangerous form of adware that delivers spyware, which can track down your activity and retrieve sensitive information.
For this reason, users must not download an application from unsafe websites and pay attention to software that comes bundled. Less serious issues caused by adware can be slow down problems or too many annoying pop-up ads that can fill your computer screen. Not to mention the stability issues which could affect your system. To remove malicious adware or spyware from the system, check online for specialized tools like Malwarebytes or Spybot.
Angler emerged in 2013 and now is one of the most famous and sophisticated exploit kits in the cyber criminal community. It features aggressive tactics to avoid being detected by security products and it’s capable of exploiting a vast array of software vulnerabilities in order to infect unsuspecting victims with malware. Because it’s usually spread through drive-by downloads, Angler is extremely difficult to detect and can infect users without any interaction. It also features fileless infection capabilities and it’s able to deliver a variety of payloads, from ransomware, to Trojans, rootkits and backdoor Trojans. Its prevalence is also consolidated by the fact that cyber criminals don’t need advanced technical skills to use it and the fact that it's a constantly evolving threat.
Anomaly-based Intrusion Detection is a new technology that protects systems or networks against malicious and cyber-criminal activities using a heuristics-based detection, and less the classic signature-based methods. This detection type is still new and delivers a high number of False Positives. The problem is that a system must recognize abnormal activities and flag them as dangerous, but it is yet difficult to instruct a computer on what exactly a normal usage of the system is.
An anonymizing proxy is a way to hide your online activity and/or make it really difficult to be disclosed by third-parties, like countries that apply Internet censorship. These proxy servers act like an intermediary connection between your computer and the final target. From an outsider's point of view, they access those web locations and hide your computer's IP from further identification. Usually, they are used to access freely Internet content under strict censorship.
The general usage of this term - Anti-malware - refers to a number of software programs and applications that are capable to detect and remove malware from individual systems or from larger networks. Though the term is usually used in connection with classic antivirus products, the anti-malware abilities can include anti-spyware, anti-phishing or anti-spam solutions. Lately, the term has spread to name specialized software that fights data stealing malware delivered by online criminals.
Anti-spam term or better said the anti-spam techniques are employed by special software programs that fight spam, which is unsolicited e-mail. The spam problem needs to be solved not only at the individual level of each user, but at an even greater level, that of system administrators that need to secure thousands of computers from spam. Spamming attempts become a greater problem for everybody because this is one of the main ways to deliver the most dangerous malware in the wild and additional phishing threats.
Anti-spoofing techniques are used in order to stop the DDoS (Distributed Denial-of-Service) attacks that affect so many websites. To deliver these attacks, hackers are "spoofing" IP addresses, from where they send a great number of requests. When the website server attempts to reply to the requests, it gets stalled by waiting to access servers that actually do not exist. In this case again, it is difficult to detect the source of the attacks, therefore the only available solution is to use a software that can detect these fake IP addresses and refuse the connection.
Anti-spyware technology is used in detecting and blocking spyware attempts. Spyware is a type of software that allows advertisers or online criminals to discover personal data from a computer, without the user's permission.
Spyware can infect your computer if you visit certain websites, by pop-up messages that ask you to download an application or program. If such a software gets on your computer, it will attempt to track down your online activity and send that information to third parties.
Usually, spyware is detected when it starts using system resources, finally affecting the overall stability.
Antivirus software, sometimes called an anti-malware program, appeared a few years ago to protect computers from viruses and other threats that affected the initial modern computers. Nowadays, antivirus programs protect users from more advanced online dangers, like ransomware, rootkits, trojans, spyware, phishing attacks or botnets. Nevertheless, the name "antivirus" was preserved for these software solutions that protect computers from a large number of threats.
Atmos is a form of financial malware emerged from Citadel (which, in turn, is based on the ZeuS leaked code). Atmos has been active since late 2015, but there was no serious uptick in activity until April 2016.
Online attacks come in many forms and target average individuals and large corporations alike. They usually attempt to steal financial and commercial information, disclose important data and sometimes, they are delivered to simply destroy data or block access to a server. One of the most famous online attacks have been deployed in 2014 against Sony Pictures, but many others have made the news ever since.
An attack signature is a unique piece of information that is used to identify a particular cyber attack aimed at exploiting a known computer system or a software vulnerability. Attack signatures include certain paths used by cyber criminals in their malicious compromise attempts. These paths can define a certain piece of malicious software or an entire class of malware.
The process of authentication (or identification) of an individual is usually based on a username and a password. This process is used to allow access to an online location or resource to the right individual by validating the identification.
Autorun worms are malware programs that use the Windows AutoRun feature to launch automatically when the device, usually a USB drive, is plugged into a PC. AutoPlay, a similar technology has been used recently to deliver the infamous Conficker worm. Microsoft has set on new systems the AutoRun setting to off, so this issue should disappear in the future.
A backdoor Trojan is a way to take control of a system without permission. Usually, a backdoor Trojan poses as a legitimate program spreading though phishing campaigns and fooling users into clicking a malicious link or accessing malware on a website. Once the system is infected, the Trojan can access sensitive files, send and receive data online and track the browsing history. To avoid this type of infection, you should keep the system up-to-date with the latest patches and have strong anti-malware protection.
A backup is an exact copy of your files, your system files or any other system resources you need to protect. This precaution is necessary for all types of unpredictable events, like a system crash or when you remove or lose those files. The backup is supposed to be independent from your system and be used only when necessary. There are also cases when the system or those files become infected and you need to recover them. Or when the system is blocked by a ransomware.
An IT security baseline check is a set of basic measures and objectives that any service or network system should be able to meet. This baseline methodology is usually a set of security steps that are implemented and imposed in an organization's IT security level.
Skilled computer users with malicious intents, they seek to compromise the security of a person or organization for personal gain. Blackhat hackers frequently specialize, for example in malware development, spam delivery, exploit discovery, DDoS attacks and more. Not all blackhat hackers use the malware they developed or the exploits they discover. Some just find them and sell the know-how to the highest bidder. Their favorite targets are financial information (such as credit card data or bank accounts), personal information (like email accounts and passwords), as well as sensitive company data (such as employee/client databases).
To blacklist in IT security means to organize a list of senders that have developed malicious activities, like phishing or spam.
At the same time, a blacklist can contain a number of applications or programs that should not be launched on a system. For a firewall solution, blacklisting refers to a number of IP addresses that have been blocked and to which the system cannot connect for safety reasons.
A blended threat is a widely-used term that describes an online attack that spreads by using a combination of methods, usually a combination of worms, trojans, viruses and other malware. This combination of malware elements that uses multiple attack vectors increases the damage and makes individual systems and networks difficult to defend.
A boot sector malware is capable of replicating the original boot sector of the system, so that at the following system boot-up, the malware may become active. This way, the bootkit in the boot sector manages to hide its presence before the operating system can load up. This is a clear advantage for the malware, which is loaded before the system and the anti-malware solution. Since it loads before the security solution, it can even disable it and make it useless against it. This type of infection is usually difficult to clean.
Internet bots or web bots are software programs that perform automated tasks and specific operations. Though some bots serve harmless purposes in video games or online locations, there are a number of bots that can be employed in large networks, from wher they can deliver malicious ads on popular sites or launch distributed online attacks against a number of designated targets.
A botnet is a network of infected computers that communicate with each other in order to perform the same malicious actions, like launching spam campaigns or distributed denial-of-service attacks. The network can be controlled remotely by online criminals to serve their interests and, at the same time, this allows the hackers to avoid detection or legal actions by law agencies.
Browser hijacking is the process of changing the default homepage or search engine in your web browser by a malicious program without your permission. The user can notice that the affected changes can not be reversed and a security tool needs to be used against this type of software. It is not considered a serious threat to the overall system security, but it needs to be addressed fast since web browsing is affected.
A brute force attack is a technique used by hackers in which a high number of keywords or password combinations are tested in order to gain access to a site or a network. This is one of the main reasons users should set strong passwords.
A buffer overflow takes place when a program or an application tries to store excess data in a temporary storage area (a buffer) and that extra information overflows into other parts of a computer's memory. This is something hackers took advantage from and these types of attacks can lead to unauthorized code running or system crashes.
A bug is a software flaw that produces an unexpected result that may affect the system's performance. Usually, a bug may cause system crashing or freezing. The main security issue that could appear is that bugs allow hackers to bypass access privileges or retrieve sensitive data from a network.
Bulk encryption is a set of security protocols that provide the necessary means to encrypt and decrypt data transmissions in order to offer protection from security breaches and online theft.
Business Impact Analysis is an important key element of an organization's business continuity plan that detects vulnerabilities and analyzes their operational and financial impact on the overall business plan. According to the analysis, strategies are planned to minimize the detected risks.
BYOD (acronym for Bring Your Own Device) is a company policy by which employees are allowed to bring their own devices (laptops, smartphones, tablets, etc.) to work. This type of flexibility increases the number of vulnerabilities in a company’s environment, since the devices are managed and secured individually.
A cache is a technology to store data and allow future requests to be served at a higher speed. This high-speed storage method is usually used for web pages and online documents, like HTML pages and images, to increase the loading speed and avoid unwanted lag.
Cache cramming is a technique to trick a browser into running malicious Java code from the local disk, instead of the Internet. The execution of local code (which runs with less permissions) enables online criminals access the target computer.
The process of creating a fake online profile in order to trick people into believing they are someone else. Catifishing is frequently done for financial gain. The impersonator fools the victim into believing there is a genuine relationship between the two, carried out through text or phone but never in person. At some point, the impersonator will ask for a large favor, usually monetary, with an attached promise that after this the two will finally meet face to face. Even after the favor is completed, the impersonator still finds reasons to not meet, and will keep trying to extract money from the victim until he/she gives up.
This form of scamming is usually associated with online porn. It is a method to manipulate the user into signing for unclear terms and conditions that overcharge the credit card and makes it difficult to unsubscribe.
The Chief Information Officer is the title name of the person that is responsible for the information technology system in a company. The job responsibilities include planning the technology architecture, align corporate network to the business developed and develop a secure financial management system for the company.
CISO (acronym for Chief Information Security Officer) is a senior-level executive job in a company, in the IT or cyber security department. A CISO’s responsibilities include ensuring and maintaining adequate protection for the company’s assets and technology, in terms of both strategy and development, to mitigate and manage cyber security risks. CSO (Chief Security Officer) is another name used for the same job.
Citadel is a form of financial malware which emerged in 2012, after the source code for the infamous ZeuS malware was leaked online. Because the code was open source, cyber criminals started improving it to get newer, more sophisticated and stealthier malware types. Just like ZeuS/Zbot, Citadel aims to retrieve confidential information, especially banking and financial information, from the victim. On top of financial fraud, Citadel can also run different types of malware, such as ransomware or scareware, which makes it advanced toolkit for cyber criminals.
The code injection technique is usually used by online attackers to change the course of execution of a computer program. This method is used by online criminals to spread malicious software by infecting legitimate websites with malicious code.
A command and control center (C&C) is a network server that controls a large network of compromised systems. The malicious server is used by hackers to send and receive commands from and to the infected computers. Using this type of network, hackers can launch distributed denial-of-service attacks by instructing the computers to perform the same action.
Computer abuse is the unethical use of a computer to launch online attacks, like phishing and malware delivery campaigns, sabotage and cyberwar activities.
Computer forensics is connected to digital forensic science and is the practice by which digital data is collected and analyzed for legal purposes. The main goal is to identify, analyze and present facts about digital information. The conclusions can be used in fight against cyber-crime or for civil proceedings.
The Computer Incident Response Team investigates network security incidents that occur when unauthorized access takes place to network resources or protected data. Their job is to analyze how the incident took place and provide a response, by discovering how the breach occurred and what information has been lost.
Confidentiality represents a set of rules or an agreement that limits access or restricts that access to certain types of information. When such an agreement is in place, information is disclosed to only those who are authorized to view it.
A cookie is a small text file which is placed on your computer when you visit a website. This cookie allows the website to keep track of your visit details and store your preferences. These cookies were designed to be helpful and increase the website speed the next time you access that location. At the same time, they are very useful for advertisers who can match the ads to your interests after they see your browsing history. Usually, cookies and temporary files may affect your privacy since they disclose your online habits, but it is possible to modify your web browser preferences and set a limit.
CoreBOT is a modular Trojan from the infostealer category. As the name says, CoreBOT was initially designed to collect and loot information from the infected computer or network. In time, CoreBOT quickly evolved and went to add other capabilities, such as browser-based web injects, real-time form-grabbing, Man-in-the-middle attacks, etc. Now, its structure and tactics are similar to infamous financial malware strains, such as Dyreza or Neverquest. Its modular character makes CoreBOT appealing to cyber criminals because they can pack it with other types of malware and use it in complex cyber attacks.
Crimeware is distinct from adware or spyware and it's created for identity theft operations that use social enginering schemes to gain access to a user's online accounts. Crimeware is a growing issue for networks' security, as numerous types of malware look to steal valuable data from the systems. The retrieved information may be sent to other interested parties for a certain price.
Cross-site scripting (XSS) is a software vulnerability usually found in Web applications. This XSS allows online criminals to inject client-side script into pages that other users view. The cross-site scripting vulnerability can be employed at the same time by attackers to over-write access controls. This issue can become a significant security risk unless the network administrator or the website owner doesn't take the necessary security means.
CryptoLocker is a type of ransomware which emerged in 2013 and whose objective is to infect victims using PCs with Microsoft Windows installed. As is the case with most ransomware, the main distribution method is spam emails with a malicious attachment. CryptoLocker relies on external infrastructure (a botnet) to launch its attacks and, when activated, encrypts the files and data stored on the local device, but also those in cloud storage accounts, if, for example, the Dropbox account is synced locally on the affected PC. CryptoLocker then displays a message so the victims can know that paying a ransom in bitcoins is necessary if they want to get the decryption key (which is stored on the servers controlled by the cyber criminals).
CryptoWall is a ransomware Trojan which emerged as a CryptoLocker variant. Like most data-stealing ransomware, CryptoWall spreads mainly through phishing and spam campaigns that invite users to click a malicious link or download and execute an email attachment. Moreover, in order to increase distribution, cyber criminals included CryptoWall code in websites ads. The ransomware, once executed, encrypts all the data on the victim’s PC and any other PC tied to the first affected computer by the same network. The victim is then prompted to pay the ransom in bitoins so they can get the decryption key and regain access to their data. CryptoWall has already reached its fourth iteration and there is reason to believe that this won’t be the last one.
CSO (acronym for Chief Security Officer) is a top-level executive in charge of ensuring the security of a company’s personnel, financial, physical and digital assets. A CSO has both security and business oriented objectives, as he is responsible for aligning cyber protection with the company’s business goals. All security strategies, tactics and programs have to be directed and approved by the CSO. CISO (acronym for Chief Information Security Officer) is another name used for the same job.
CTB Locker if a type of file-encrypting ransomware that emerged in 2014. Its name is an acronym and comes from Curve-Tor-Bitcoin Locker: Curve stands for its persistent cryptography based on elliptic curves, which encrypts the affected files with a unique RSA key; Tor comes from the malicious server placed in onion-domain (TOR), which is very difficult to take down; and Bitcoin refers to the possibility to pay the ransom in Bitcoins, avoiding normal payment systems that can lead back to online criminals. CTB Locker achieved very high infection rates because of its capabilities and multi-lingual adaptations, but most of because it employed an affiliate model to recruit malicious actors that could spread the infection further in return for a percentage of the profits. CTB Locker is delivered through aggressive spam campaigns and achieved a large volume of infections based on this affiliate business model.
A cyber-attack is considered to be any type of offensive action used by an individual or an organized group that targets computer networks, information systems or a large IT infrastructure by using various means to deploy malicious code for the purpose of stealing, altering or taking any advantage from this type of action. A cyber-attack can appear under different names, from cyber-campaign, cyber-warfare to cyber-terrorism or online attack. In the recent years the software deployed in the online attacks seems to have become more and more sophisticated and the law enforcement agencies around the world have a hard time trying to keep up with this global menace.
A cyber incident takes place when there is a violation of a security policy imposed on computer networks and the direct results affect an entire information system.
Cyber security is a general term that refers to the possibility of organizing a defensive strategy against online criminals and their malicious actions. A complete cyber security strategy includes multiple tools and methods to protect an operating system from classical viruses and trojans, spyware, financial and data stealing malware. At the same time, online security is important and needs to be protected with other means, like VNP software and backup solutions.
The term "cyber-weapon" refers to an advanced and sophisticated piece of code that can be employed for military or intelligence purposes. The term has recently emerged from the military area to name malicious software that can be used to access enemy computer networks.
The dark web refers to websites and online content that exists outside the reach of traditional search engines and browsers. This content is hidden by encryption methods (in most cases, these sites use the Tor encryption tool to hide their identity and location) and can only be accessed with specific software, configuration settings or pending approval from their admins. The dark web is known for being a hub for illegal activities (drug and crime transactions, dark hat hacking and so on).
A data asset is a piece of information that contains valuable records. It can be a database, a document or any type of information that is managed as a single entity. Like any asset, the information involved contains financial value that is directly connected to the number of people that have access to that data and for this reason it needs to be protected accordingly.
Data integrity refers to information property that has not been altered or modified by an unauthorized person. The term is used to refer to information quality in a database, data warehouse or other online locations.
Data leakage describes a data loss of sensitive information, usually from a corporation or large company, that results in unauthorized personnel access to valuable data assets. The sensitive data can be company information, financial details or other forms of data that puts the company name or its financial situation at risk.
Data loss is a process in which information is destroyed by failure or neglect in transmission, processing or sometimes by cybercriminal hands. To prevent data loss, IT teams install back-up and recovery equipment to avoid losing important information.
Data theft describes illegal operations in which private information is retrieved from a company or an individual. Usually, the stolen data includes credentials for online accounts and banking sites, credit card details or valuable corporate information. In the last years these types of operations have increased and it has now become necessary to protect data by additional security means.
The deep web is a similar concept to the dark web, but has a less shady nature. The world wide web content which is not indexed by traditional search engines is known as the deep web, and preferred by certain groups for its increased privacy levels. However, unlike the dark web, the deep web doesn’t require its users to be particularly tech-savvy, and is not hidden by sophisticated methods; all you need is to know the address of the website you want to access.
This type of online attack is used to prevent normal users from accessing an online location. In this case, a cybercriminal can prevent legitimate users from accessing a website by targeting its network resources and flooding the website with a huge number of information requests.
A dialer in the information security world is a spyware device or program that is used to maliciously redirect online communication. Such a software disconnects the legitimate phone connection and reconnects to a premium rate number, which results in an expensive phone bill received by the user. It usually installs itself on the user's system.
A digital signature is a technique used to encrypt and validate the authenticity and integrity of a message, software or digital document. The digital signature is difficult to duplicate by a hacker, that's why it is important in information security.
A recovery plan is a set of procedures that are meant to protect or limit potential loss in a business IT infrastructure in case of an online attack or major hardware or software failure. A recovery plan should be developed during the business impact analysis process.
DNS cache poisoning is a method used by online criminals to launch online attacks. This method supposes the domain name system's modification, which results in returning an incorrect IP address. The purpose is to divert traffic to a malicious server, which is controlled by hackers. That's why the DNS is considered poisoned and it should be taken down by the authorities.
DNS hijacking or DNS redirection is an online attack that overrides a computer's TCP/IP settings to direct communication to a malicious server controlled by cybercriminals.
Document malware takes advantage of vulnerabilities in applications that let users read or edit documents.
Domain generation algorithm (DGA) is a computer program used by various malware families to generate a large number of domains by creating slightly different variations of a certain domain name. The generated domains are used to hide traffic transmitted between the infected machines/networks and the command and control servers. This way, cyber criminals can cover their tracks and keep their anonymity from law enforcement and private cyber security organizations. For example, DGA domains are heavily used to hide botnets and the attacks they help launch.
Domain shadowing is a malicious tactic used by cyber criminals to build their infrastructure and launch attacks while remaining undetected. First, attackers steal and gather credentials for domain accounts. Using these stolen credentials, they log into the domain account and create subdomains which redirect traffic towards malicious servers, without the domain owner having any knowledge of this. Domain shadowing allows cyber attackers to bypass reputation-based filters and pass their malicious traffic as safe.
Modern, advanced malware often has modular structure, including multiple components. One of them is dormant code, which means that the malware needs specific triggers to execute the task is was created for. This type of behavior is coded into the malware to it can bypass signature-based detection in products such as traditional antivirus and anti-malware solutions. There is also another reason for using dormant code: since advanced malware, such as ransomware or financial malware, usually rely on extern infrastructure to download components for infection, the malware can remain dormant and undetected if it can’t reach its Control and Command servers to execute further.
Dridex is a strain of financial malware that uses Microsoft Office macros to infect information systems. Dridex is engineered to collect and steal banking credentials and additional personal information and its fundamental objective is banking fraud.
A drive-by attack is the unintentional download of a virus or malicious software (malware) onto your system. A drive-by attack will usually take advantage of (or “exploit”) a browser, app, or operating system that is out of date and has a security flaw.
Due diligence compels organizations to develop and deploy a cyber security plan to prevent fraud, abuse, and deploy means to detect them if they occur, in order to maintain confidential business data safe.
Dumpster Diving is the illegal method of obtaining passwords and corporate directories by searching through discarded media.
Dyreza (also called Dyre) is a banking Trojan (financial malware) that appeared in 2014, whose behavior is similar to the ZeuS family, although there is no connection between Dyreza and ZeuS. The malware hides in popular web browsers that millions of users employ to access the web and aims to retrieve sensitive financial information every time the victim connects to a banking website. Dyreza is capable of key-logging, circumventing SSL mechanisms and two-factor authentication, and is usually spread through phishing emails.
Network Eavesdropping or network sniffing is an attack that aims to capture information transmitted over a network by other computers. The objective is to acquire sensitive information like passwords, session tokens, or any kind of confidential information.
Although outdated, some malware families still use email attachments as a mean of spreading malware and infecting users’ computers. This type of infection relies on the user double clicking on the attachment. A current method that uses email as a dispersion mechanism is inserting links to malicious websites.
A network on which messages are encrypted using a special algorithm in order to prevent unauthorized people from reading them.
Encryption is a process that uses cryptographic means to turn accessible data or information into an unintelligible code that cannot be read or understood by normal means.
This process involves using communications encryption to make information unavailable to third parties. When being passed through a networking, the information will only be available to the sender and the receiver, preventing ISPs or application service providers to discover or tamper with the content of the communication.
The way of ensuring that data transmitted through an information system stays secure and safe from origin point to destination.
The methods and processes that organizations use to identify and manage cyber security risks that could endanger its corporate mission. As part of this plan, the organization will also establish a plan to protect its assets and a plan to react in case a cyber security risk becomes reality.
A piece of software, a chunk of data or a sequence of commands that take advantage of a bug, a glitch or a vulnerability in software in order to penetrate a user’s system with malicious intentions. These malicious intentions may include gaining control of a computer system, allowing privilege escalation, or launching a denial-of-service attack.
Exploit kits (EKs) are computer programs designed to find flaws, weaknesses or mistakes in software apps (commonly known as vulnerabilities) and use them to gain access into a system or a network. They are used in the first stages of a cyber attack, because they have the ability to download malicious files and feed the attacked system with malicious code after infiltrating it.
Exploit kits as-a-service are a relatively recent business model employed by cyber criminals in which they create, manage and sell or rent exploit kits which are accessible and easy to use in cyber attacks. Exploit kits-as-a-service don’t require much technical expertise to be used, they are cheaper (especially if rented), they’re flexible and can be packed with different types of malware, offer broader reach, are usually difficult to detect and can be used to exploit a wide range of vulnerabilities. This business model makes it very profitable for exploit kit makers to sell their malicious code and increase their revenues.
Security testing conducted from outside the organization’s security perimeter.
A Fail-Safe security system or device is an automatic protection system that intervenes when a hardware or software failure is detected.
Rogue antivirus or rogue security is a form of computer malware that simulates a system infection that needs to be removed. The users are asked for money in return for removal of malware, but it is nothing but a form of ransomware.
A false positive is identified when a security solution detects a potential cyber threat which is, in fact, a harmless piece of software or a benign software behavior. For example, your antivirus could inform you that there's a malware threat on your PC, but it could happen that the program it's blocking is safe.
File binders are applications used by online criminals to connect multiple files together in one executable that can be used in launching malware attacks.
Fileless malware are types of malicious code used in cyber attacks that don’t use files to launch the attack and carry on the infection on the affected device or network. The infection is run in the RAM memory of the device, so traditional antivirus and antimalware solutions can’t detect it at all. Malicious hackers use fileless malware to achieve stealth, privilege escalation, to gather sensitive information and achieve persistence in the system, so the malware infection can continue to carry on its effect for a longer period of time.
Financial malware is a category of specialized malicious software designed to harvest financial information and use it to extract money from victims’ accounts. Because it is a rather new type of malware, it is also very sophisticated and it can easily bypass traditional security measures, such as antivirus. Financial malware is capable of persisting in the affected system for a long time, until it gathers the information associated with financial transactions and it can start to leak money from the targeted account. Banking fraud cyber crimes are one of the most serious cyber threats in the current risk landscape.
A firewall is a network security system designed to prevent unauthorized access to public or private networks. Its purpose is to control incoming and outgoing communication based on a set of rules.
In the malware world, a flip button appears when spyware or adware solutions trick users into following various actions and installing malicious software on the system.
Flooding is a security attack used by hackers against a number of servers or web locations. Flooding is the process of sending a large amount of information to such a location in order to block its processing power and stop its proper operation.
A forensic specialist in IT security is a professional who identifies and analyzes online traffic and data transfer in order to reach a conclusion based on the discovered information.
This type of malware can harvest your confidential data when you're filling a web form, before the data is sent over the Internet, to a secure server. By doing this, the malware can avoid the security ensured by an HTTPS connection. Unfortunately, using a virtual keyboard, autofill or copy/paste won't protect your from this threat. What's more, the malware can categorize data according to type (username, password, etc.) and even grab de URL where you were inputting your information.
Greyhat hackers have a more ambiguous mode of operation compared to blackhat and whitehat hackers. For instance, they may use illegal means to detect a vulnerability, but then disclose it to the targeted organization. Another perspective on greyhat hackers focuses on those that find exploits, and then sell the know-how to governments but only after receiving a payment. Greyhat hackers distinguish themselves from blackhat hackers on a single important criteria: they don’t use or sell the exploit for criminal gain.
A hacker is generally regarded as a person who manages to gain unauthorized access to a computer system in order to cause damage. But keep in mind that there are two types of hackers: whitehat hackers, who do penetration testing and reveal their results to help create more secure systems and software, and blackhat hackers, who use their skills for malicious purposes.
Hacktivism is the activity of using hacking techniques to protest against or fight for political and social objectives. One of the most well known hacktivist groups in the world is Anonymous.
Heartbleed is a security bug that appeared in 2014, which exposed information that was usually protected by SSL/TLS encryption. Because of a serious vulnerability that affected the OpenSSL library, attackers could steal data that was kept confidential by a type of encryption used to secure the Internet. This bug caused around 500.000 web servers (17% of all severs on the Internet) to be exposed to potential data theft.
A hoax is a false computer virus warning. You may receive such hoaxes via email, instant messaging or social media. Before acting on it, be sure to go online and check the validity of the claim. Also, when you have proof that it's fake, it's a good idea to inform the sender as well. Remember that such hoaxes can lead to malicious websites which can infect your devices with malware.
This is an automated system designed to simulate the actions of a user who’s browsing websites on the Internet. The purpose of the system is to identify malicious websites that try to exploit vulnerabilities that the browser might have. Another name for this is Honey Client.
This a program used for security purposes which is able to simulate one or more network services that look like a computer’s ports. When an attacker tries to infiltrate, the honeypot will make the target system appear vulnerable. In the background, it will log access attempts to the ports, which can even include data like the attacker’s keystrokes. The data collected by a honeypot can then be used to anticipate incoming attacks and improve security in companies.
This is another name of a Man-in-the-Middle attack. Scanning HTTPS (Hypertext Transfer Protocol Secure) content allows the attackers to decrypt, analyze, and re-encrypt content between websites that use SSL (Secure Sockets Layer) for security and a user’s browser. This type of attack is usually used to snoop in on information exchanges and steal confidential data.
A hybrid attack makes a dictionary attack (used to crack passwords) even stronger by adding numerals and symbols, so credentials can be hacked even faster.
Identity theft refers to the process of stealing someone’s personal identification data and using it online in order to pose as that person. Hackers can make use of a person’s name, photos, papers, social security number and so on, to gain financial advantage at this person’s expense (by obtaining credit or by blackmailing), or as a means of damaging the person’s reputation etc
This type of security incident involves accidentally exposing information to an individual who doesn’t have access to that particular data.
Incremental backups are extremely important for keeping information safe and up to date. This type of backup will only back up the files that you’ve modified since performing the last backup. This means the backup is faster and you can ensure that you’ll always have all your worked backed up safely.
This is a set of measures designed to protect and defend data and information systems by ensuring that they are always available, that their integrity is safe, that they’re confidential and authentic (non-repudiation principle). These measures include having a data backup to restore information in case of an unfortunate event, having cyber security safeguards in place and ensuring that detection and reaction capabilities are featured.
This is an important safeguard in companies, created to ensure that data transfers in an information system comply with the security policy and are as safe as possible.
The tactics, tools, measures and actions taken to protect data and information systems against unauthorized access, use, disclosure, disruption, modification, or destruction. Its purpose is to ensure the confidentiality, integrity, and availability of the data and information systems.
A must-have for any company, this includes up the directives, regulations, rules, and practices that define how an organization should manage, protect and distribute information.
A risk in this category can be evaluated according to how and how much it threatens a company’s operations (including mission, functions, brand, reputation) or assets, employees, partners etc. A risk is based on the potential for cyber criminals to gain unauthorized access and use it to collect confidential data, disclose it to the public or to unauthorized parties, modify it or destroy it, thus disrupting the organization’s activity.
A resilient information system is a system that can continue to work even while under attack, even if becomes degraded of weakened. Moreover, it has to be able to recover from a successful attack fast and regain operational capabilities, at least for the core functions.
One of the most used terms in cyber security, INFOSEC, is the protection of information systems against unauthorized access or attempts to compromise and modify data, whether it’s stored data, processed data or data that’s being transmitted. The necessary measures to detect, document and counter these threats are also included in INFOSEC.
The insider threat usually refers to employees or other people with authorized access who can potentially harm an information system by destroying it or parts of it, by disclosing or modifying confidential information and by causing denial of service.
This is one of the core principles in cyber security and it refers to the fact that we must ensure that information has not been changes (deliberately or unwillingly), and that the data is accurate and complete.
This refers to useful artistic, technical or industrial information, concepts, ideas or knowledge that clearly show that they’re owned by someone who has control over them, either in physical form or in representation.
This type of testing is conducted from inside an organization, to examine the resilience and strength of a company’s security perimeter and defenses.
Internet worms were created by researchers in the 1980s to find a reliable way of growing the Internet through self-replicating programs that can distribute themselves automatically through the network. An Internet worm does exactly that: it distributes itself across the web by using the computers’ Internet connection to reproduce.
In cyber security, intrusion refers to the act of getting around a system’s security mechanisms to gain unauthorized access.
This is a security management system set up to actively protect computer and networks. It works by analyzing information from various areas of a computer/network o spot potential security breaches. These breaches can be either caused by intrusions (external attacks) and misuse (insider attacks).
This is a Denial of Service attack which aims to send a host an avalanche of pings (echo request packages) that the protocol implementation cannot manage. This causes a system to fail and send a denial of service error.
This is a tactic used by cyber criminals to supply a false IP address that masquerades a legitimate IP. This helps the attacker gain an unfair advantage and trick the user or a cyber security solution that’s in place.
Through keylogging, cyber criminals can use malicious software to record the keystrokes on a users’s keyboard, without the victim realizing it. This way, cyber criminals can collect information such as passwords, usernames, PIN codes and other confidential data.
Kovter is a Trojan whose primary objective is performing click-fraud operations on the PC it compromises. However, in 2015 Kovter incorporated new cloaking tricks in order to evade detection, which is why cyber criminals started using it to deliver other types of malware, such as ransomware, or to recruit PCs into botnets.
This is the rating which indicates which protection tactics and processes should be applied to an information system to keep it safe and operating at an optimum level. A level of concern can be basic, medium or high.
This defines the probability of a specific threats to exploit a given vulnerability, based on a subjective analysis.
Locky is a type of encrypting malware (also known as ransomware) distributed through Microsoft Office Macros and targeting Windows-running PCs. The name comes from the fact that, once the victim’s PC is infected, the ransomware will scramble and encrypt all the data on that PC, setting every file extension to .locky. Locky is spread through spam email campaigns, which make heavy use of spoofing, the same as the cyber criminals behind Dridex operate. In order to get the data decrypted, Locky creators ask for a ransom, which, if not paid, will leave the data useless if the victim doesn’t have a backup.
This is a piece of code that a miscreant can insert into software to trigger a malicious function when a set of defined conditions are met.
This level of impact of a cyber threat or cyber attack on an organization shows that there could be a loss of confidentiality, integrity, or availability, but with limited consequences. This includes reducing the capabilities of the organization, while still retaining the ability to function, but also other minor damages, financial loss or harm to people.
This type of virus attached itself to documents and uses macro programming options in a document application (such as Microsoft Word or Excel) to execute malicious code or propagate itself.
This is a small application that is automatically downloaded and executed, being capable of performing an unauthorized action/function on an information system.
This is a type of software camouflaged to seem useful and suitable for a task, but which actually obtains unauthorized access to system resources or fools a user into executing other malicious actions.
This is an online ad infected with malicious code that can even be injected into a safe, legitimate website, without the website owner’s knowledge. This is short for “malware advertisement".
This is also called “malicious advertising” and it refers to how malware is distributed through online advertising networks. This type of technique is widely use to spread financial malware, data-stealing malware, ransomware and other cyber threats.
This is a short version for “malicious software” and it works as an umbrella term that refers to software that is defined by malicious intent. This type of ill-intentioned software can disrupt normal computer operations, harvest confidential information, obtain unauthorized access to computer systems, display unwanted advertising and more.
This type of malware is developed by cyber criminals to require little or no expertise in hacking, to be flexible, polymorphic, offer a broader reach and often comes packed with ready-coded targets. Malware-as-a-service can be bought or rented on the deep web and in cyber criminal communities, and sometimes can even include technical support from its makers and their team, which they run as a business.The main purpose behind it is making as much money as possible.
Through this attack, cyber criminals can change the victim’s web traffic and interpose themselves between the victim and a web-based service the victim is trying to reach. At that point, the attacker can either harvest the information that’s being transmitted via the web or alter it. This type of attack is often abbreviated to MITM, MitM, MIM, MiM or MITMA.
This refers to the maximum amount of time that organizational processes and activities can be disrupted without causing severe consequences for the organization’s mission.
Mazar BOT is a strain of malware targeting Android devices which first emerged in February 2016. The malware spreads through SMSs sent to random numbers, which include a link shortened through a URL shortner service (such as bit.ly). Once clicked, the link installs the Mazar BOT malware on the affected device, gaining the ability to write, send, receive and read SMS, access Internet connections, call phones, erase the phone it’s installed on and many more. Mazar BOT doesn’t run on smartphones running Android with the Russian language option. Spoofing has also been observed in Mazar BOT attacks.
This type of malware targets mobile phones, tablets and other mobile devices, and it aims to disrupt their normal functions, cause system damage or data leakage and/or data loss.
When this type of impact is estimated or observed on an information system, it means that confidentiality, integrity, or availability have suffered a significant blow. The organization may record barely working primary functions and significant damage to its assets, finances and individuals.
This type of authentication uses two or more factors to achieve authentication. These factors can include: something the users knows (a password or a PIN), something the user has (an authentication token, an SMS with a code or a code generator on the phone/tablet) and/or something the user is (biometric authentication methods, such as fingerprints or retina scans).
Netiquette (short for network etiquette) is a collection of best practices and things to avoid when using the Internet, especially in communities such as forums or online groups. This is more of a set of social conventions that aim to make online interactions constructive, positive and useful. Examples include: posting off-topic, insulting people, sending or posting spam, etc.
This is a technique that uses a software program to monitor and analyze network traffic. This can be used legitimately, to detect problems and keep an efficient data flow. But it can also be used maliciously, to harvest data that’s transmitted over a network.
Neutrino is a famous exploit kit which has been constantly evolving since it first appeared in 2013. This exploit kit rose to fame because of its user friendly features and low entry barrier to using it. Neutrino includes a user-friendly control panel, continuous monitoring of antivirus detection rates, infostealer capabilities, recommendations of which exploits to use and more. Neutrino is a tool often used to compromise PCs and deliver different types of malware, and is itself delivered through malvertising campaigns and web injects. Neutrino is also available through the exploit kit-as-a-service model, where attackers can rent the exploit kit and increase their profits with smaller investments.
This refers to a system’s ability to prove that a specific user (and that user alone) sent a message, and that the message hasn’t been modified in any way.
Nuclear is a highly effective exploit kit which appeared in 2010 and gave cyber criminals the opportunity to exploit a wide range of software vulnerabilities in applications such as Flash, Silverlight, PDF reader, Internet Explorer and more. Polymorphic in nature, Nuclear advanced over the years into a notorious tool used for launching Zero Day attacks, spreading ransomware or for data exfiltration operations. Nuclear was often used in high-volume compromises and gave attackers the possibility to customize their attacks to specific locations and computer configurations. This constantly evolving exploit kit features various obfuscation tactics in order to avoid being detected by traditional anti-virus and anti-malware solutions.
In cyber security, obfuscation is a tactic used to make computer code obscure or unclear, so that humans or certain security programs (such as traditional antivirus) can’t understand it. By using obfuscated code, cyber criminals make it more difficult for cyber security specialists to read, analyze and reverse engineer their malware, preventing them for finding a way to block the malware and suppress the threat.
This type of attack can happen when an attacker manages to gain access to data through offline means, such as eavesdropping, by penetrating a system and stealing confidential information or looking over someone’s shoulder and obtaining credentials to secret data.
Operation Tovar was an international, collaborative effort undertaken by law enforcement agencies and private security companies from multiple countries. The operation’s main objective was to take down the Zeus GameOver botnet, which was believed to be used for distributing the CryptoLocker ransomware. Heimdal Security was also involved in this effort, alongside the U.S. Department of Justice, Europol, the FBI, Microsoft, Symantec, Sophos, Trend Micro and more.
This refers to an unauthorized person from outside the company’s security perimeter who has the capacity to harm an information system by destroying it, modifying or stealing data from it and disclosing it to unauthorized recipients, and/or causing denial of service.
This is a type of software designed to monitor and record traffic on a network. It can be used for good, to run diagnostic tests and troubleshoot potential problems. But it can also be used for malicious purposes, to snoop in on your private data exchanges. This includes: your web browsing history, your downloads, the people you send emails to, etc.
A type of virus that’s capable of associating itself with a file or inserting itself into a file. To remain undetected, this virus will give control back to the software it infected. When the operating system looks at the infected software, it will continue to give it rights to run as usual. This means that the virus will be able to copy itself, install itself into memory or make other malicious changes to the infected PC. Although this type of virus appeared early on in the history of computer infections, it’s now making a comeback.
This is a type of attack during which cyber criminals try to gain unauthorized access to confidential information. It’s called passive because the attacker only extracts information without changing the data, so it’s more difficult to detect as a result.
This is a tactic used by cyber criminals to harvest passwords. They do this through monitoring and snooping in on network traffic to retrieve password data. If the password is sent over an unencrypted connection (for example, you put in a password on a website that isn’t protected by a security certificate – doesn’t start with https), it’s even easier for attackers to get their hands on your passwords.
A patch is a small software update released by manufacturers to fix or improve a software program. A patch can fix security vulnerabilities or other bugs, or enhance the software in terms of features, usability and performance.
This refers to the activity of getting, testing and installing software patches for a network and the systems in it. Patch management includes applying patches both for security purposes and for improving the software programs used in the network and the systems within it.
The act of applying a patch, which is designed to fix or enhance a software program. This includes both security-related updates and improvements in terms of software features and user experience.
In cyber security, the payload is the data cargo transported by a piece of malware onto the affected device or network. The payload contains the fundamental objective of the transmission, which is why the payload is actually the element of the malware that performs the malicious action (i.e. stealing financial information, destroying data, encrypting data on the affected device/network, etc.). When you consider a malware’s damaging consequences, that’s when you can talk about the payload.
In cyber security, penetration occurs when a malicious attacker manages to bypass a system’s defenses and acquire confidential data from that system.
This is a type of attack launched a network or computer system in order to identify security vulnerabilities that can be used to gain unauthorized access to the network’s/system’s features and data. Penetration testing is used to help companies better protect themselves against cyber attacks.
This is a type of firewall that’s installed and runs on personal computers.A firewall is a network security system designed to prevent unauthorized access to public or private networks. Its purpose is to control incoming and outgoing communication based on a set of rules.
This is a type of online scam aimed at extracting information such as passwords, usernames and more from the victim. Pharming means redirecting Internet traffic from a legitimate website to a fake one, so victims can put in their confidential information and attackers can collect it. This type of attacks usually targets banking and ecommerce websites. What makes it difficult to detect is that, even if the victim types in the right URL, the redirect will still take the user to the fake website, operated by IT criminals.
Phishing is a malicious technique used by cyber criminals to gather sensitive information (credit card data, usernames and passwords, etc.) from users. The attackers pretend to be a trustworthy entity to bait the victims into trusting them and revealing their confidential data. The data gathered through phishing can be used for financial theft, identity theft, to gain unauthorized access to the victim’s accounts or to accounts they have access to, to blackmail the victim and more.
This is how ordinary text is called before it’s encrypted or after being decrypted. When someone says that your passwords are stored in plaintext, it means that they can be read by anyone snooping into your private information, because the passwords aren’t encrypted. This is a big lapse in cyber security, so watch out for it.
Polymorphic code is capable of mutating and changing while maintaining the initial algorithm. Each time it runs, the code morphs, but keeps its function. This tactic is usually used by malware creators to keep their attacks covert and undetected by reactive security solutions.
A polymorphic engine is used to generate polymorphic malware. This is a computer program capable of transforming a program in derivative versions (different versions of code), but which perform the same function. Polymorphic engines rely on encryption and obfuscation to work, and are used almost exclusively by malware creators and other cyber criminals. Using this type of engine, malicious hackers can create malware types that can’t be detected by antivirus engines or have a very low detection rate.
Polymorphic malware is capable of transforming itself into various derivative versions that perform the same function and have the same objective. By using obfuscated code and constantly changing their code, polymorphic malware strains can infected information systems without being detected by solutions such as traditional malware, which is a key asset in the perspective of cyber criminals.
This is a software tool used for bundling up different types of malware in a single package (for example, in an email attachment). Malicious actors use polymorphic packers because they’re able to transform over time, so they can remain undetected by traditional security solutions for longer periods of time.
Pop-up ads are windows used in advertising. They appear on top of your browser window when you’re on a website, and they’re often annoying because they are intrusive. While they’re not malicious by nature, sometimes they can become infected with malware, if a cyber attacker compromises the advertising networks that’s serving the pop-up.
When a cyber security risk is assessed, the loss of the 3 essential factors is considered: confidentiality, integrity and availability. If a risk becomes a cyber attack, it can have low, moderate or high impact.
There are applications you might install on your devices which contain adware, which may install toolbars or have confusing purposes. These applications can be non-malicious by nature, but they come with the risk of potentially becoming malicious. Users must seriously consider the risks before they install this type of applications.
Poweliks is a Trojan designed to perform click-fraud operations on the affected PC. Its specific character is given by the fact that it’s a type of fileless malware, which makes it very difficult to be detected by traditional, signature-based anti-malware and antivirus solutions. Poweliks installs itself in the Windows registry, where it can inject itself into essential Windows functions. This also helps Poweliks achieve persistence on the infected PC. This malware can be used to also download other threats onto the victim’s PC, such as ransomware delivered through malvertising.
This type of computer virus is capable of executing a specific code that triggers the maximum CPU power dissipation (heat generated by the central processing units). Consequently, the computer’s cooling ability would be impaired and the virus could cause the system to overheat. One of the potential effects is permanent physical damage to the hardware. Power viruses are used both by good actors, to test components, but can also be used by cyber criminals.
Proprietary information is made of all the data that is unique to a company and ensures its ability to stay competitive. This can include customer details, technical information, costs and trade secrets. If cyber criminals compromise or reveal this information, the impact on the company can be quite severe, as we’ve seen in major data breaches.
A proxy server is a go-between a computer and the Internet. Proxies are used to enhance cyber safety because they prevent attackers from invading a computer/a private network directly.
Ransomware is a type of malware (malicious software) which encrypts all the data on a PC or mobile device, blocking the data owner’s access to it. After the infection happens, the victim receives a message that tells him/her that a certain amount of money must be paid (usually in Bitcoins) in order to get the decryption key. Usually, there is also a time-limit for the ransom to be paid. There is no guarantee that the, if the victim pays the ransom, he/she will get the decryption key. The most reliable solution is to back up your data in at least 3 different places (for redundancy) and keep those backups up to date, so you don’t lose important progress.
This is a type of immediate reaction and response to a spotted compromise attempt. This is done in due time so the victim can ensure protection against unauthorized network access.
This happens when someone uses a dedicated program to access a computer from a remote location. This is a norm for people who travel a lot and need access to their company’s network. But cyber criminals can also use remote access to control a computer they’ve previously hacked into.
Remote Access Trojans (RATs) use the victim’s access permissions and infects computers to give cyber attackers unlimited access to the data on the PC. Cyber criminals can use RATs to exfiltrate confidential information. RATs include backdoors into the computer system and can enlist the PC into a botnet, while also spreading to other devices. Current RATs can bypass strong authentication and can access sensitive applications, which are later used to exfiltrate information to cyber criminal-controlled servers and websites.
This is a maintenance service carried on by authorized companies/individuals who use the Internet to communicate with the company’s network.
This type of attack uses authentication data that cyber criminals have previously gathered to re-transmit this confidential information. The purpose is to gain unauthorized access or produce other malicious effects.
This is a type of risk that remains after all available security measures and tactics have been applied. Because there is no such thing as 100% cyber security, a residual risk remains for each identifiable cyber threat.
This is an organization’s or system’s ability to restore its ability to function and achieve its objectives during and after a cyber attack or other transformations. Resilience includes ensuring contingency plans, doing constant risk management and planning for every crisis scenario.
This is a technique heavily used by cyber security researchers who constantly take malware apart to analyze it. This way, they can understand and observe how the malware works and can devise security solutions that can protect users against that type of malware and its tactics. This is one of the most valuable activities in cyber security intelligence gathering.
This is a risk analysis process that defines an organization’s cyber security risks and their potential impact. Security measures are then suited to match the importance and potential impact of the risks identified as a result of the risk assessment.
This is the process by which an organization manages its cyber security risks to decrease their potential impact and take the adequate measures to avoid cyber attacks. Doing a risk assessment is also part of the process, as well as the risk mitigation strategy and all the procedures that must be applied in order to ensure proper defenses against cyber threats. This is a continuous process and should be viewed as a cycle.
This is the process by which risks are evaluated, prioritized and managed through mitigation tactics and measures. Since any company has a dynamic environment, a periodical revision should be a defining characteristic of the risk mitigation process.
Rogue security software (usually antivirus) is a common Internet scam used by cyber criminals to mislead victims and infect their PCs with malware. Malicious actors could also use fake antivirus to trick victims into paying money or extort them (like ransomware does) into paying for having the rogue software removed. So please only buy security software from trusted vendors or from the software makers themselves.
This is a type of deceitful malware which claims to be a trusted and harmless software program (such as antivirus). Cyber criminals use rogueware to harvest data from their victims or to trick them intro paying money. Often, rogueware also includes adware functions, which adds a burden and a potential risk to the infected PC.
This is the process used to identify the root causes for certain security risks in an organization. This must be done with the utmost attention to detail and by maintaining an objective perspective.
A rootkit is a type of malicious software (but not always) which gives the attackers privileged access to a computer and is activated before the operating system boots up. Rookits are created to conceal the existence of other programs or processes from being spotted by traditional detection methods. For example, rookit malware is capable of covering up the fact that a PC has been compromised. By gaining administrator rights on the affected PC (through exploits or social engineering), attackers can maintain the infection for a long time and are notoriously difficult to remove.
This refers to a set of protection measures that have to meet an information system’s core security requirements, in order to ensure confidentiality, integrity, and availability. This includes everything from employee security to ensuring the safety of physical structures and devices, to management limitations and more.
This is a type of malware (or rogueware) that employs social engineering to intimidate and confuse the victims through shock, anxiety, fear and time reistrictions. The objective is to maliciously persuade the victims into buying unwanted software. The software could be rogue security software, ransomware or other type of malware. For example, malicious actors often try to manipulate users that their computer is infected with a virus and that the only way to get rid of it is to pay for, download and install a fake antivirus, which, of course, turns out to be the malware itself.
This is the action of trying to find confidential or sensitive data by searching through a system’s data residue.
This is a set of safeguards designed to avoid and mitigate the impact of cyber security risks that an organization has.
An organization should always conduct a security impact analysis to determine if certain changes to the information systems have influenced and impacted its security state.
Security requirements are derived from multiple sources and make up for the security necessities of an information system, in order to ensure confidentiality, integrity, and availability of the information that’s managed, transmitted or stored in the system. The sources for security requirements can be legislation, directives, policies, standards, best practices, regulations, procedures or other business necessities.
This type of information is defined by the fact that not everyone can access it. Sensitive information is data that is confidential for a certain category of users, who can view, access and use this data. This type of information is protected for reasons either related to legal aspects or ethical ones. Examples include: personal identification numbers, health information, education records, trade secrets, credit card information, etc.
In cyber security, a signature is an identifiable, differentiating pattern associated with a type of malware, an attack or a set of keystrokes which were used to gain unauthorized access to a system. For example, traditional antivirus solutions can spot, block and remove malware based on their signature, when the AV sees that a piece of software on your PC matched the signature of a malicious software stored in their database.
Skimming happens when a malicious actor uses a tag reader in an unauthorized manner, in order to collect information about a person’s tag. The victim never knows or accepts to be skimmed. For example, card skimming is an illegal practice which consists of the illegal collection of data from a card’s magnetic stripe. This information can then be copied onto a blank card’s magnetic stripe and used by malicious actors to make purchases and withdraw cash in the name of the victim.
A sniffer is a tool used to monitor traffic over a network. It can be used legitimately, to detect issues with the data flow. But it can also be used by malicious actors, to harvest data that’s transmitted over a network.
In information security, social engineering if a form of psychological manipulation used to persuade people to perform certain actions or give away sensitive information. Manipulation tactics include lies, psychological tricks, bribes, extortion, impersonation and other type of threats. Social engineering is often used to extract data and gain unauthorized access to information systems, either of a single, private users or which belong to organizations.
Spam is made up of unsolicited emails or other types of messages sent over the Internet. Spam is often used to spread malware and phishing, which is why you should never open, reply to or download attachments from spam messages. Spam cam come your way in the form of emails, instant messages, comments, etc.
This is a type of program which can analyze emails and other types of messages (i.e. instant messages) to weed out spam. If spam filtering software decides to categorize a message as spam, it’ll probably move that message to a dedicated folder.
Spear phishing is a cyber attacks that aims to extract sensitive data from a victim using a very specific and personalized message. This message is usually sent to individuals or companies, and it’s extremely effective, because it’s very well planned. Attackers invest time and resources into gathering information about the victim (interests, activities, personal history, etc.) in order to create the spear phishing message (which is usually an email). Spear phishing uses the sense of urgency and familiarity (appears to come from someone you know) to manipulate the victim, so the target doesn’t have time to double check the information.
Information spillage happen when data is moved from a safe, protected system to another system, which is less secure. This can happen to all types of data, from health information to financial or personal data. If the system the data is moved to is less secure, people who should not have access to this information may be able to access it.
This is a compromise attempt during which an unauthorized individual tries to gain access to an information system by impersonating an authorized user. For example, email spoofing is when cyber attackers send phishing emails using a forged sender address. You might believe that you’re receiving an email from a trusted entity, which causes you to click on the links in the email, but the link may end up infecting your PC with malware.
This is a type of malware that employs tactics found in both phishing and spyware. By combining these cyber threats, spy-phishing is capable of downloading applications that can run silently on the victim’s system. When the victims open a specific URL, the malware will collect the data the victim puts into that website and send it to a malicious location (like a web server). This technique is used to extend the duration of the phishing attack, even after the phishing website has been taken down.
Spyware is a type of malware designed to collect and steal the victim’s sensitive information, without the victim’s knowledge. Trojans, adware and system monitors and are different types of spyware. Spyware monitors and stores the victim’s Internet activity (keystrokes, browser history, etc.) and can also harvest usernames, passwords, financial information and more. It can also send this confidential data to servers operated by cyber criminals, so it can be used in consequent cyber attacks.
This is a tactic that used code injection to attack applications which are data-driven. The maliciously injected SQL code can perform several actions, including dumping all the data in a database in a location controlled by the attacker. Through this attack, malicious hackers can spoof identities, modify data or tamper with it, disclose confidential data, delete and destroy the data or make it unavailable. They can also take control of the database completely.
SSL comes from Secure Sockets Layer, which is an encryption method to ensure the safety of the data sent and received from a user to a specific website and back. Encrypting this data transfer ensures that no one can snoop on the transmission and gain access to confidential information, such as card details in the case of online shopping. Legitimate websites use SSL (start with https) and users should avoid inputting their data in websites that don’t use SSL.
This is a type of malware which is capable of transferring data or money to a third, malicious party. This type of malware usually targets affiliate transactions. It then uses an HTTP cookie to redirect the commission earned by an affiliate marketer to an unauthorized third party.
This is a specific requirement that calls for employing multiple authentication factors from different categories and sophisticated technology to verify an entity’s identity. Dynamic passwords, digital certificates, protocols and other authentication elements are part of strong authentication standards. This is especially applied in banking and financial services, where access to an account has to be tied to a real person or an organization.
This type of attack aims to inflict damage upon an organization by leveraging vulnerabilities in its supply network. Cyber criminals often manipulate with hardware or software during the manufacturing stage to implant rootkits or tie in hardware-based spying elements. Attackers can later use these implants to attack the organization they’re after.
This can be any action or device used to reduce the security risks in an information system. This is part of the risk mitigation process, aimed at minimizing the security risks of an organization or information system.
Suspicious behavior is identified when files exhibit an unusual behavior pattern. For example, if files start copying themselves to a system folder, this might be a sign that those file have been compromised by malware. Traditional antivirus solutions incorporate this type of detection to spot and block malware.
The sysadmin, how it’s also called, is a person in charge of all the technical aspects of an information system. This includes aspects related to configuration, maintenance, ensuring reliability and the necessary resources for the system to run at optimal parameters while respecting a budget and more.
This state defines an information system which is able to perform its dedicated functions at optimal parameters, without intrusion or manipulation (either intended or not).
The intentional activity of modifying the way an information system works, in order to force it to execute unauthorized actions.
Targeted threats are singled out because of their focus: they are usually directed at a specific organization or industry. These threats are also designed to extract sensitive information from the target, so cyber criminals take a long time to prepare these threats. They are carefully documented, so the chances for successful compromise can be as big as possible. Targeted threats are delivered via email (phishing, vishing, etc.), they employ Zero Days and other vulnerabilities to penetrate an information system, and many more. Government and financial organizations are the most frequent targets for this type of cyber threats.
TeslaCrypt is a ransomware Trojan, which was first designed to target computers that has specific computer games installed. However, in the past months, this strain of cryptoware had broadened its reach to affect all users (mainly Windows users), not just gamers. As with every other ransomware, TeslaCrypt creators use spam to distribute the infection and, once they get into the victim’s PC, all the data on the device will be encrypted and held hostage. The ransom can vary between $150 and $1000 worth of bitcoins which the victim has to pay in order to get the decryption key. In March 2016, TeslaCrypt 4.0 emerged, featuring unbreakable encryption and rendering any available TeslaCrypt decoders useless.
In cyber security, a threat is a possible security violation that can become certainty if the right context, capabilities, actions and events unfold. If a threat becomes reality, it can cause a security breach or additional damages.
This refers to the process of examining the sources of cyber threats and evaluating them in relation to the information system’s vulnerabilities. The objective of the analysis is to identify the threats that endanger a particular information system in a specific environment.
During a threat assessment, cyber threats against an organization are categorized in types, so they can be managed, prioritized and mitigated more easily.
In cyber security, a threat event is defined as a potentially harmful situation for an information system that can have unwanted consequences.
During this process, security audits and other information in this category are gathered, analyzed and reviewed to see if certain events in the information system could endanger the system’s security. This is a continuous process.
A threat scenario draws information from all available resources and focuses on three key elements: Vulnerabilities, Threats and Impact. This helps associate a specific cyber threats to one or more threat sources, and establish priorities.
This is the process of adapting protection measures in response to cyber attackers’ ever-changing tactics. Countermeasures must be constantly updated to meet the challenges posed by polymorphic malware.
This refers to the objective and method used by cyber attackers to exploit a security vulnerability or a certain context in order to compromise an information system. Triggering a system vulnerability may happen accidentally or on purpose.
This is a type of malware that stays dormant on the system for a definite amount of time, until a specific event triggers it. This type of behavior is present in malware to make detection by security software more difficult.
This type of password can be either valid for a limited amount of time or it can be valid for use during a specific interval in a day. Time-dependent passwords are most often generated by an application and are part of the two-factor or multi-factor authentication mechanisms.
In security, a token is a physical electronic device used to validate a user’s identity. Tokens are usually part of the two-factor or multi-factor authentication mechanisms. Tokens can also replace passwords in some cases and can be found under the form of a key fob, a USB, an ID card or a smart card.
This type of cookies are places on users’ computers during web browsing sessions. Their purpose is to collect data about the user’s browsing preferences on a specific website, so they can then deliver targeted advertising or to improve the user’s experience on that website by delivering customized information.
During this process, the traffic on a network is intercepted, examined and reviews in order to determine traffic patterns, volumes and extract relevant statistics about it. This data is necessary to improve the network’s performance, security and general management.
This is a term specific to network security, which depicts the key used to encrypt the traffic within a network.
Probably one of the most notorious terms in cyber security, a Trojan Horse is a type of malware that acts according to the Greek legend: it camouflages itself as a legitimate file or program to trick unsuspecting users into installing it on their PCs. Upon doing this, users will unknowingly give unauthorized, remote access to the cyber attackers who created and run the Trojan. Trojans can be used to spy on a user’s activity (web browsing, computer activity, etc.), to collect and harvest sensitive data, to delete files, to download more malware onto the PC and more.
This is a cyber security threat that employs a Man-in-the-middle attack in order to inject advertising into certain web pages a user visits while using a public network, like a public, non-encrypted WiFi hotspot. In this case, the computer being used doesn’t need to have adware on it, so installing a traditional antivirus can’t counteract the threat. While the ads themselves can be non-malicious, they can expose users to other threats. For example, the ads could promote a fake antivirus that is actually malware or a phishing attack.
When someone gains unauthorized access it means that they’ve illegally or illegitimately accessed protected or sensitive information without permission.
This happens when sensitive, private information is communicated or exposed to parties who are not authorized to access the data.
A URL (or link) injection is when a cyber criminal created new pages on a website owned by someones else, that contain spammy words or links. Sometimes, these pages also contain malicious code that redirects your users to other web pages or makes the website's web server contribute to a DDoS attack. URL injection usually happens because of vulnerabilities in server directories or software used to operate the website, such as an outdated Wordpress or plugins.
In cyber security, a vaccine is a digital solution that focuses on neutralizing attacks once they gain unauthorized access into an information system. Cyber vaccines exploit flaws in the way some malware strains work and spread, so their distribution and effects can be blocked. A cyber vaccine could train an information system to detect and stop cyber attacks after they’ve penetrated the system/PC just before the attacker can do any actual damage. Cyber vaccines are a new concept, so there is a lot of work to be done for their advancement. They can potentially be used to stop ransomware, block data exfiltration, intercept phishing attacks, block Zero Day exploits and more.
Vawtrak (or Neverquest) is a classic infostealer malware, which aims to mainly steal login credentials for banking portals, either stored on the local device or transmitted from the affected PC, but it can also harvest other financial institutions. Vawtrak uses the stolen credentials to gain unauthorized access to bank account and commit financial fraud. The infostealer has other capabilities too, such as taking screenshots of the infected device, capturing videos and launching man-in-the-middle attacks. Vawtrak is delivered through drive-by downloads in compromised websites or by injecting malicious code on legitimate websites, but it also spreads through phishing campaigns in social media networks and spam.
A VPN, short for Virtual Private Network, uses the Internet public infrastructure to connect to a private network. VPNs are usually created and owned by corporations. By using encryption and other security means, a VPN will hide your online activity from attackers and offer extra shield when you want to safely navigate online.
A computer virus is a type of malicious software capable of self-replication. A virus needs human intervention to be ran and it can copy itself into other computer programs, data files, or in certain sections of your computer, such as the boot sector of the hard drive. Once this happens, these elements will become infected. Computer viruses are designed to harm computers and information systems and can spread through the Internet, through malicious downloads, infected email attachments, malicious programs, files or documents. Viruses can steal data, destroy information, log keystrokes and more.
A computer virus hoax is a message that warns about a non-existent computer virus threat. This is usually transmitted via email, and tells the recipients to forward it to everyone they know. Computer hoaxes are usually harmless, but their intent is not innocent, since they exploit lack of knowledge, concern or ability to investigate before taking the action described in the hoax.
Vishing (short for Voice over IP phishing) is a form of phishing performed over the telephone or voice over IP (VoIP) technology, such as Skype. Unsuspecting victims are duped into revealing sensitive or personal information via telephone calls, VoIP calls or even voice mail.
A vulnerability is a hole in computer security, that leaves the system open to damages caused by cyber attackers. Vulnerabilities have to solved as soon as they are discovered, before a cyber criminal takes advantage and exploits them.
A wabbit is one of four main classes of malware, among viruses, worms and Trojan horses. It's a form of computer program that repeatedly replicates on the local system. Wabbits can be programmed to have malicious side effects. A fork bomb is an example of a wabbit: it's a form of DoS attack against a computer that uses the fork function. A fork bomb quickly creats a large number of procceses, eventually crashing the system.
Wabbits don't attempt to spread to other computers across network.
Watering Hole is the name of a computer attack strategy that was detected as early as 2009 and 2010. The victim is a particular, very targeted group, such as a company, organization, agency, industry, etc. The attacker spends time to gain strategic information about the target: observes which legitimate websites are more often visited by the members of the group. Then the attacker exploits a vulnerability and infects one of those trusted websites with malware, without the knowledge of the site's owner. Eventually, someone from that organization will fall into the trap and get their computer infected. This way, the attacker gains access to the target's entire network. These attacks work because of the constant vulnerabilities in website technologies, even with the most popular systems, such as WordPress, making it easier than ever to stealthily compromise websites.
A web bug, also called a web beacon or pixel tag, is a small, transparent GIF image, usually not bigger than 1 pixel. It's embedded in an email or webpage and is usually used in connection with cookies. Web bugs are designed to monitor your activity and they load when you open an email or visit a website. Most common uses are marketing-related: for email tracking (to see if readers are opening the emails they receive, when they open them), web analytics (to see how many people visited a website), advertisement statistics (to find out how often an ad appears or is being viewed), IP addresses gathering, type of browser used.
A web content filtering software is a program that will screen an incoming web page and restrict or control its content. It is used by governments that can apply them for censorship, by ISPs to block copyright infringement, by employers to sometimes block personal email clients or social media networks, by a school, by parents, etc. This software can block pages that include copyright infringement material, pornographic content, social networks, etc.
Webattacker is a do-it-yourself malware creation kit that demands minimal technical knowledge to be manipulated and used. It includes scripts that simplify the task of infecting computers and spam-sending techniques.
Whaling is a form of sophisticated phishing whose objective is to collect sensitive data about a target. What’s different from phishing is that whaling goes after high-profile, famous and wealthy targets, such as celebrities, CEO’s, top-level management and other powerful or rich individuals. By using the phished information, fraudsters and cyber criminals can trick victims into revealing even more confidential or personal data or they can be extorted and suffer from financial fraud.
Also known as ethical hackers, these are usually cybersecurity specialists, researchers or just skilled techies who find security vulnerabilities for companies and then notify them to issue a fix. Unlike blackhat hackers, they do not use the vulnerabilities except for demonstration purposes. Companies often hire whitehat hackers to test their security systems (known as “penetration testing”). As their expertise has grown to be more in demand and sought after, whitehat hackers started to collect rewards for their work, ranging from 500$ all the way to 100,000$.
A whitelist is a list of email addresses or IP addresses that are considered to be spam-free. It's the opposite of a blacklist, which usually includes a list of blocked users. Spam filters have both whitelists and blacklists of senders, and also keywords to look for in emails, which enable them to help detect a spam email.
A computer worm is one of the most common types of malware. It's similar to a virus, but it spreads differently: worms have the ability to spread independently and self-replicate automatically by exploiting operating system vulnerabilities, while viruses rely on human activity in order to spread. It's usually "caught" via mass emails that contain infected attachments. Worms may also include "payloads" that damage host computers, commonly designed to steal data, delete files, send documents via email or install backdoors.
A Zero Day or Zero Hour attack are attacks that use vulnerabilities in computer software that cyber criminals have discovered and software makers have not patched (because they weren't aware that those vulnerabilities exist). These are often exploited by cyber attackers before the software or security companies become aware of them. Sometimes, Zero Days are discovered by security vendors or researchers and kept private until the company patches the vulnerabilities.
A Zero Day virus, also known as Zero Day malware is a computer virus, Trojan horse or other malware, previously unknown by the software maker or by traditional antivirus producers. This means the vulnerability is also undisclosed publicly, though it might be known and quietly exploited by cyber attackers. Because it's not known yet, this means patches and antivirus software signatures are not yet available for it and there is little protection against an attack.
A Zero Day (or Zero Hour or Day Zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer. Zero Day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software developer finds out about the vulnerability.
Zeus, also known as Zbot, is a notorious banking Trojan which infects Windows users and tries to retrieve confidential information from the infected computers. Once installed, it also tries to download configuration files and updates from the Internet. Its purpose is to steal private data from the victims, such as system information, passwords, banking credentials or other financial details. Zeus could be customized to gather banking details in specific countries and by using a vast array of methods. Using the retrieved information, cyber criminals could log into banking accounts and make unauthorized money transfers through a complex network of computers, thus leading to severe banking fraud. Operation Tovar, carried out in 2014, took down the ZeuS network of control and command servers, as it had done millions of dollars in damages and spread very quickly.
Zeus GameOver is a variant of the ZeuS/Zbot family – the infamous financial stealing malware – which relied on a peer-to-peer botnet infrastructure to work. Zeus GameOver was used by cyber criminals to collect financial information (credentials, credit card numbers, passwords, etc.) and any other personal information which could be used to access the victim’s online banking accounts. GameOver Zeus is estimated to have infected 1 million users around the world and it was taken down in mid-2014 through Operation Tovar.
A Zip Bomb, also known as Zip of Death or Decompression Bomb, is a malicious archive file. When uncompressed, it expands dangerously, requiring large amounts of time, disk space and memory, causing the system to crash. Usually it's a small file, only up to a few hundred kylobytes, in the form of a loop, which will continuosly unpack itself until all system resources are exhausted. It's designed in order to disable the antivirus software, so that a more traditional virus sent afterwards could get into the system wihtout being detected.
A zombie computer is one connected to the Internet, that in appearance is performing normally, but can be controlled by a hacker who has remote access to it and sends commands through an open port. Zombies are mostly used to perform malicious tasks, such as spreading spam or other infected data to other computers, or launch of DoS (Denial of Service) attacks, with the owner being unaware of it.
Upcoming LIVE Webinar: Cyber on a Budget?! Plug & Play XDR. (September 28th, at 11AM CEST)