Advanced Persistent Threat / APT
An advanced persistent threat is deployed by cyber-criminals who have a high level of expertise and important resources to infiltrate a network. They usually use this type of attack to target large organizations seeking to retrieve economic or financial information. In some cases, they might even try to use this form of attack to stop or block a company's program or agenda. Since an advanced persistent threat is executed over long periods of time, it is difficult to be detected and blocked by average users and requires a specialized security program or a team of experts to find a solution.Share your knowledge: URL copied successfully!
Adware is a type of software that delivers ads on your system. Usually, these pop-up ads appear while visiting sites, like annoying pop-up ads or banners. They come in "bundle" versions with other applications. Most types of adware are not dangerous, maybe a bit annoying since they deliver pop-up ads while visiting a website, but there is another dangerous form of adware that delivers spyware, which can track down your activity and retrieve sensitive information. For this reason, users must not download an application from unsafe websites and pay attention to software that comes bundled. Less serious issues caused by adware can be slow down problems or too many annoying pop-up ads that can fill your computer screen. Not to mention the stability issues which could affect your system. To remove malicious adware or spyware from the system, check online for specialized tools like Malwarebytes or Spybot.Share your knowledge: URL copied successfully!
Google survey finds more than five million users infected with adware
What is Adware and Spyware?
Angler Exploit Kit
Angler emerged in 2013 and now is one of the most famous and sophisticated exploit kits in the cyber criminal community. It features aggressive tactics to avoid being detected by security products and it’s capable of exploiting a vast array of software vulnerabilities in order to infect unsuspecting victims with malware. Because it’s usually spread through drive-by downloads, Angler is extremely difficult to detect and can infect users without any interaction. It also features fileless infection capabilities and it’s able to deliver a variety of payloads, from ransomware, to Trojans, rootkits and backdoor Trojans. Its prevalence is also consolidated by the fact that cyber criminals don’t need advanced technical skills to use it and the fact that it's a constantly evolving threat.Share your knowledge: URL copied successfully!
Anomaly-based Intrusion Detection is a new technology that protects systems or networks against malicious and cyber-criminal activities using a heuristics-based detection, and less the classic signature-based methods. This detection type is still new and delivers a high number of False Positives. The problem is that a system must recognize abnormal activities and flag them as dangerous, but it is yet difficult to instruct a computer on what exactly a normal usage of the system is.Share your knowledge: URL copied successfully!
An anonymizing proxy is a way to hide your online activity and/or make it really difficult to be disclosed by third-parties, like countries that apply Internet censorship. These proxy servers act like an intermediary connection between your computer and the final target. From an outsider's point of view, they access those web locations and hide your computer's IP from further identification. Usually, they are used to access freely Internet content under strict censorship.Share your knowledge: URL copied successfully!
Anonymizing Proxies - What They Are and How they Work
The general usage of this term - Anti-malware - refers to a number of software programs and applications that are capable to detect and remove malware from individual systems or from larger networks. Though the term is usually used in connection with classic antivirus products, the anti-malware abilities can include anti-spyware, anti-phishing or anti-spam solutions. Lately, the term has spread to name specialized software that fights data stealing malware delivered by online criminals.Share your knowledge: URL copied successfully!
Anti-spam term or better said the anti-spam techniques are employed by special software programs that fight spam, which is unsolicited e-mail. The spam problem needs to be solved not only at the individual level of each user, but at an even greater level, that of system administrators that need to secure thousands of computers from spam. Spamming attempts become a greater problem for everybody because this is one of the main ways to deliver the most dangerous malware in the wild and additional phishing threats.Share your knowledge: URL copied successfully!
Anti-spoofing techniques are used in order to stop the DDoS (Distributed Denial-of-Service) attacks that affect so many websites. To deliver these attacks, hackers are "spoofing" IP addresses, from where they send a great number of requests. When the website server attempts to reply to the requests, it gets stalled by waiting to access servers that actually do not exist. In this case again, it is difficult to detect the source of the attacks, therefore the only available solution is to use a software that can detect these fake IP addresses and refuse the connection.Share your knowledge: URL copied successfully!
Anti-spyware technology is used in detecting and blocking spyware attempts. Spyware is a type of software that allows advertisers or online criminals to discover personal data from a computer, without the user's permission. Spyware can infect your computer if you visit certain websites, by pop-up messages that ask you to download an application or program. If such a software gets on your computer, it will attempt to track down your online activity and send that information to third parties. Usually, spyware is detected when it starts using system resources, finally affecting the overall stability.Share your knowledge: URL copied successfully!
Antivirus software, sometimes called an anti-malware program, appeared a few years ago to protect computers from viruses and other threats that affected the initial modern computers. Nowadays, antivirus programs protect users from more advanced online dangers, like ransomware, rootkits, trojans, spyware, phishing attacks or botnets. Nevertheless, the name "antivirus" was preserved for these software solutions that protect computers from a large number of threats.Share your knowledge: URL copied successfully!
Online attacks come in many forms and target average individuals and large corporations alike. They usually attempt to steal financial and commercial information, disclose important data and sometimes, they are delivered to simply destroy data or block access to a server. One of the most famous online attacks have been deployed in 2014 against Sony Pictures, but many others have made the news ever since.Share your knowledge: URL copied successfully!
An attack signature is a unique piece of information that is used to identify a particular cyber attack aimed at exploiting a known computer system or a software vulnerability. Attack signatures include certain paths used by cyber criminals in their malicious compromise attempts. These paths can define a certain piece of malicious software or an entire class of malware.Share your knowledge: URL copied successfully!
The process of authentication (or identification) of an individual is usually based on a username and a password. This process is used to allow access to an online location or resource to the right individual by validating the identification.Share your knowledge: URL copied successfully!
Autorun worms are malware programs that use the Windows AutoRun feature to launch automatically when the device, usually a USB drive, is plugged into a PC. AutoPlay, a similar technology has been used recently to deliver the infamous Conficker worm. Microsoft has set on new systems the AutoRun setting to off, so this issue should disappear in the future.Share your knowledge: URL copied successfully!
A backdoor Trojan is a way to take control of a system without permission. Usually, a backdoor Trojan poses as a legitimate program spreading though phishing campaigns and fooling users into clicking a malicious link or accessing malware on a website. Once the system is infected, the Trojan can access sensitive files, send and receive data online and track the browsing history. To avoid this type of infection, you should keep the system up-to-date with the latest patches and have strong anti-malware protection.Share your knowledge: URL copied successfully!
A backup is an exact copy of your files, your system files or any other system resources you need to protect. This precaution is necessary for all types of unpredictable events, like a system crash or when you remove or lose those files. The backup is supposed to be independent from your system and be used only when necessary. There are also cases when the system or those files become infected and you need to recover them. Or when the system is blocked by a ransomware.Share your knowledge: URL copied successfully!
How to backup your computer – the best advice in one place
The Importance of Backup Systems
An IT security baseline check is a set of basic measures and objectives that any service or network system should be able to meet. This baseline methodology is usually a set of security steps that are implemented and imposed in an organization's IT security level.Share your knowledge: URL copied successfully!
Skilled computer users with malicious intents, they seek to compromise the security of a person or organization for personal gain. Blackhat hackers frequently specialize, for example in malware development, spam delivery, exploit discovery, DDoS attacks and more. Not all blackhat hackers use the malware they developed or the exploits they discover. Some just find them and sell the know-how to the highest bidder. Their favorite targets are financial information (such as credit card data or bank accounts), personal information (like email accounts and passwords), as well as sensitive company data (such as employee/client databases).Share your knowledge: URL copied successfully!
To blacklist in IT security means to organize a list of senders that have developed malicious activities, like phishing or spam. At the same time, a blacklist can contain a number of applications or programs that should not be launched on a system. For a firewall solution, blacklisting refers to a number of IP addresses that have been blocked and to which the system cannot connect for safety reasons.Share your knowledge: URL copied successfully!
A blended threat is a widely-used term that describes an online attack that spreads by using a combination of methods, usually a combination of worms, trojans, viruses and other malware. This combination of malware elements that uses multiple attack vectors increases the damage and makes individual systems and networks difficult to defend.Share your knowledge: URL copied successfully!
Boot sector malware
A boot sector malware is capable of replicating the original boot sector of the system, so that at the following system boot-up, the malware may become active. This way, the bootkit in the boot sector manages to hide its presence before the operating system can load up. This is a clear advantage for the malware, which is loaded before the system and the anti-malware solution. Since it loads before the security solution, it can even disable it and make it useless against it. This type of infection is usually difficult to clean.Share your knowledge: URL copied successfully!
Internet bots or web bots are software programs that perform automated tasks and specific operations. Though some bots serve harmless purposes in video games or online locations, there are a number of bots that can be employed in large networks, from wher they can deliver malicious ads on popular sites or launch distributed online attacks against a number of designated targets.Share your knowledge: URL copied successfully!
A botnet is a network of infected computers that communicate with each other in order to perform the same malicious actions, like launching spam campaigns or distributed denial-of-service attacks. The network can be controlled remotely by online criminals to serve their interests and, at the same time, this allows the hackers to avoid detection or legal actions by law agencies.Share your knowledge: URL copied successfully!
Browser hijacking is the process of changing the default homepage or search engine in your web browser by a malicious program without your permission. The user can notice that the affected changes can not be reversed and a security tool needs to be used against this type of software. It is not considered a serious threat to the overall system security, but it needs to be addressed fast since web browsing is affected.Share your knowledge: URL copied successfully!
Brute force attack
A buffer overflow takes place when a program or an application tries to store excess data in a temporary storage area (a buffer) and that extra information overflows into other parts of a computer's memory. This is something hackers took advantage from and these types of attacks can lead to unauthorized code running or system crashes.Share your knowledge: URL copied successfully!
A bug is a software flaw that produces an unexpected result that may affect the system's performance. Usually, a bug may cause system crashing or freezing. The main security issue that could appear is that bugs allow hackers to bypass access privileges or retrieve sensitive data from a network.Share your knowledge: URL copied successfully!
Business Impact Analysis (BIA)
Business Impact Analysis is an important key element of an organization's business continuity plan that detects vulnerabilities and analyzes their operational and financial impact on the overall business plan. According to the analysis, strategies are planned to minimize the detected risks.Share your knowledge: URL copied successfully!
BYOD (acronym for Bring Your Own Device) is a company policy by which employees are allowed to bring their own devices (laptops, smartphones, tablets, etc.) to work. This type of flexibility increases the number of vulnerabilities in a company’s environment, since the devices are managed and secured individually.Share your knowledge: URL copied successfully!
A cache is a technology to store data and allow future requests to be served at a higher speed. This high-speed storage method is usually used for web pages and online documents, like HTML pages and images, to increase the loading speed and avoid unwanted lag.Share your knowledge: URL copied successfully!
Cache cramming is a technique to trick a browser into running malicious Java code from the local disk, instead of the Internet. The execution of local code (which runs with less permissions) enables online criminals access the target computer.Share your knowledge: URL copied successfully!
The process of creating a fake online profile in order to trick people into believing they are someone else. Catifishing is frequently done for financial gain. The impersonator fools the victim into believing there is a genuine relationship between the two, carried out through text or phone but never in person. At some point, the impersonator will ask for a large favor, usually monetary, with an attached promise that after this the two will finally meet face to face. Even after the favor is completed, the impersonator still finds reasons to not meet, and will keep trying to extract money from the victim until he/she gives up.Share your knowledge: URL copied successfully!
How to tell if you are being catfished
Catfishing on Wikipedia
Chief Information Officer (CIO)
The Chief Information Officer is the title name of the person that is responsible for the information technology system in a company. The job responsibilities include planning the technology architecture, align corporate network to the business developed and develop a secure financial management system for the company.Share your knowledge: URL copied successfully!
CISO (acronym for Chief Information Security Officer) is a senior-level executive job in a company, in the IT or cyber security department. A CISO’s responsibilities include ensuring and maintaining adequate protection for the company’s assets and technology, in terms of both strategy and development, to mitigate and manage cyber security risks. CSO (Chief Security Officer) is another name used for the same job.Share your knowledge: URL copied successfully!
Citadel is a form of financial malware which emerged in 2012, after the source code for the infamous ZeuS malware was leaked online. Because the code was open source, cyber criminals started improving it to get newer, more sophisticated and stealthier malware types. Just like ZeuS/Zbot, Citadel aims to retrieve confidential information, especially banking and financial information, from the victim. On top of financial fraud, Citadel can also run different types of malware, such as ransomware or scareware, which makes it advanced toolkit for cyber criminals.Share your knowledge: URL copied successfully!
The code injection technique is usually used by online attackers to change the course of execution of a computer program. This method is used by online criminals to spread malicious software by infecting legitimate websites with malicious code.Share your knowledge: URL copied successfully!
Command and control center
A command and control center (C&C) is a network server that controls a large network of compromised systems. The malicious server is used by hackers to send and receive commands from and to the infected computers. Using this type of network, hackers can launch distributed denial-of-service attacks by instructing the computers to perform the same action.Share your knowledge: URL copied successfully!
Computer forensics is connected to digital forensic science and is the practice by which digital data is collected and analyzed for legal purposes. The main goal is to identify, analyze and present facts about digital information. The conclusions can be used in fight against cyber-crime or for civil proceedings.Share your knowledge: URL copied successfully!
Computer Incident Response Team (CIRT)
The Computer Incident Response Team investigates network security incidents that occur when unauthorized access takes place to network resources or protected data. Their job is to analyze how the incident took place and provide a response, by discovering how the breach occurred and what information has been lost.Share your knowledge: URL copied successfully!
CoreBOT is a modular Trojan from the infostealer category. As the name says, CoreBOT was initially designed to collect and loot information from the infected computer or network. In time, CoreBOT quickly evolved and went to add other capabilities, such as browser-based web injects, real-time form-grabbing, Man-in-the-middle attacks, etc. Now, its structure and tactics are similar to infamous financial malware strains, such as Dyreza or Neverquest. Its modular character makes CoreBOT appealing to cyber criminals because they can pack it with other types of malware and use it in complex cyber attacks.Share your knowledge: URL copied successfully!
Crimeware is distinct from adware or spyware and it's created for identity theft operations that use social enginering schemes to gain access to a user's online accounts. Crimeware is a growing issue for networks' security, as numerous types of malware look to steal valuable data from the systems. The retrieved information may be sent to other interested parties for a certain price.Share your knowledge: URL copied successfully!
Cross Site Scripting (XSS)
Cross-site scripting (XSS) is a software vulnerability usually found in Web applications. This XSS allows online criminals to inject client-side script into pages that other users view. The cross-site scripting vulnerability can be employed at the same time by attackers to over-write access controls. This issue can become a significant security risk unless the network administrator or the website owner doesn't take the necessary security means.Share your knowledge: URL copied successfully!
CryptoLocker is a type of ransomware which emerged in 2013 and whose objective is to infect victims using PCs with Microsoft Windows installed. As is the case with most ransomware, the main distribution method is spam emails with a malicious attachment. CryptoLocker relies on external infrastructure (a botnet) to launch its attacks and, when activated, encrypts the files and data stored on the local device, but also those in cloud storage accounts, if, for example, the Dropbox account is synced locally on the affected PC. CryptoLocker then displays a message so the victims can know that paying a ransom in bitcoins is necessary if they want to get the decryption key (which is stored on the servers controlled by the cyber criminals).Share your knowledge: URL copied successfully!
CryptoWall is a ransomware Trojan which emerged as a CryptoLocker variant. Like most data-stealing ransomware, CryptoWall spreads mainly through phishing and spam campaigns that invite users to click a malicious link or download and execute an email attachment. Moreover, in order to increase distribution, cyber criminals included CryptoWall code in websites ads. The ransomware, once executed, encrypts all the data on the victim’s PC and any other PC tied to the first affected computer by the same network. The victim is then prompted to pay the ransom in bitoins so they can get the decryption key and regain access to their data. CryptoWall has already reached its fourth iteration and there is reason to believe that this won’t be the last one.Share your knowledge: URL copied successfully!
CSO (acronym for Chief Security Officer) is a top-level executive in charge of ensuring the security of a company’s personnel, financial, physical and digital assets. A CSO has both security and business oriented objectives, as he is responsible for aligning cyber protection with the company’s business goals. All security strategies, tactics and programs have to be directed and approved by the CSO. CISO (acronym for Chief Information Security Officer) is another name used for the same job.Share your knowledge: URL copied successfully!
CTB Locker if a type of file-encrypting ransomware that emerged in 2014. Its name is an acronym and comes from Curve-Tor-Bitcoin Locker: Curve stands for its persistent cryptography based on elliptic curves, which encrypts the affected files with a unique RSA key; Tor comes from the malicious server placed in onion-domain (TOR), which is very difficult to take down; and Bitcoin refers to the possibility to pay the ransom in Bitcoins, avoiding normal payment systems that can lead back to online criminals. CTB Locker achieved very high infection rates because of its capabilities and multi-lingual adaptations, but most of because it employed an affiliate model to recruit malicious actors that could spread the infection further in return for a percentage of the profits. CTB Locker is delivered through aggressive spam campaigns and achieved a large volume of infections based on this affiliate business model.Share your knowledge: URL copied successfully!
A cyber-attack is considered to be any type of offensive action used by an individual or an organized group that targets computer networks, information systems or a large IT infrastructure by using various means to deploy malicious code for the purpose of stealing, altering or taking any advantage from this type of action. A cyber-attack can appear under different names, from cyber-campaign, cyber-warfare to cyber-terrorism or online attack. In the recent years the software deployed in the online attacks seems to have become more and more sophisticated and the law enforcement agencies around the world have a hard time trying to keep up with this global menace.Share your knowledge: URL copied successfully!
Cyber security is a general term that refers to the possibility of organizing a defensive strategy against online criminals and their malicious actions. A complete cyber security strategy includes multiple tools and methods to protect an operating system from classical viruses and trojans, spyware, financial and data stealing malware. At the same time, online security is important and needs to be protected with other means, like VNP software and backup solutions.Share your knowledge: URL copied successfully!
The term "cyber-weapon" refers to an advanced and sophisticated piece of code that can be employed for military or intelligence purposes. The term has recently emerged from the military area to name malicious software that can be used to access enemy computer networks.Share your knowledge: URL copied successfully!
The dark web refers to websites and online content that exists outside the reach of traditional search engines and browsers. This content is hidden by encryption methods (in most cases, these sites use the Tor encryption tool to hide their identity and location) and can only be accessed with specific software, configuration settings or pending approval from their admins. The dark web is known for being a hub for illegal activities (drug and crime transactions, dark hat hacking and so on).Share your knowledge: URL copied successfully!
A data asset is a piece of information that contains valuable records. It can be a database, a document or any type of information that is managed as a single entity. Like any asset, the information involved contains financial value that is directly connected to the number of people that have access to that data and for this reason it needs to be protected accordingly.Share your knowledge: URL copied successfully!
Data leakage describes a data loss of sensitive information, usually from a corporation or large company, that results in unauthorized personnel access to valuable data assets. The sensitive data can be company information, financial details or other forms of data that puts the company name or its financial situation at risk.Share your knowledge: URL copied successfully!
Data loss is a process in which information is destroyed by failure or neglect in transmission, processing or sometimes by cybercriminal hands. To prevent data loss, IT teams install back-up and recovery equipment to avoid losing important information.Share your knowledge: URL copied successfully!
Data theft describes illegal operations in which private information is retrieved from a company or an individual. Usually, the stolen data includes credentials for online accounts and banking sites, credit card details or valuable corporate information. In the last years these types of operations have increased and it has now become necessary to protect data by additional security means.Share your knowledge: URL copied successfully!
The deep web is a similar concept to the dark web, but has a less shady nature. The world wide web content which is not indexed by traditional search engines is known as the deep web, and preferred by certain groups for its increased privacy levels. However, unlike the dark web, the deep web doesn’t require its users to be particularly tech-savvy, and is not hidden by sophisticated methods; all you need is to know the address of the website you want to access.Share your knowledge: URL copied successfully!
Denial of service attack (DDoS)
This type of online attack is used to prevent normal users from accessing an online location. In this case, a cybercriminal can prevent legitimate users from accessing a website by targeting its network resources and flooding the website with a huge number of information requests.Share your knowledge: URL copied successfully!
A dialer in the information security world is a spyware device or program that is used to maliciously redirect online communication. Such a software disconnects the legitimate phone connection and reconnects to a premium rate number, which results in an expensive phone bill received by the user. It usually installs itself on the user's system.Share your knowledge: URL copied successfully!
A digital signature is a technique used to encrypt and validate the authenticity and integrity of a message, software or digital document. The digital signature is difficult to duplicate by a hacker, that's why it is important in information security.Share your knowledge: URL copied successfully!
Learn what a digital signature is
Public Key Encryption and Digital Signature: How do they work?
Disaster Recovery Plan (DRP)
A recovery plan is a set of procedures that are meant to protect or limit potential loss in a business IT infrastructure in case of an online attack or major hardware or software failure. A recovery plan should be developed during the business impact analysis process.Share your knowledge: URL copied successfully!
DNS Cache Poisoning
DNS cache poisoning is a method used by online criminals to launch online attacks. This method supposes the domain name system's modification, which results in returning an incorrect IP address. The purpose is to divert traffic to a malicious server, which is controlled by hackers. That's why the DNS is considered poisoned and it should be taken down by the authorities.Share your knowledge: URL copied successfully!
ObliqueRAT Infiltrates into Victims’ Endpoints Using Malicious Documents
Domain generation algorithm (DGA)
Domain generation algorithm (DGA) is a computer program used by various malware families to generate a large number of domains by creating slightly different variations of a certain domain name. The generated domains are used to hide traffic transmitted between the infected machines/networks and the command and control servers. This way, cyber criminals can cover their tracks and keep their anonymity from law enforcement and private cyber security organizations. For example, DGA domains are heavily used to hide botnets and the attacks they help launch.Share your knowledge: URL copied successfully!
Domain shadowing is a malicious tactic used by cyber criminals to build their infrastructure and launch attacks while remaining undetected. First, attackers steal and gather credentials for domain accounts. Using these stolen credentials, they log into the domain account and create subdomains which redirect traffic towards malicious servers, without the domain owner having any knowledge of this. Domain shadowing allows cyber attackers to bypass reputation-based filters and pass their malicious traffic as safe.Share your knowledge: URL copied successfully!
Modern, advanced malware often has modular structure, including multiple components. One of them is dormant code, which means that the malware needs specific triggers to execute the task is was created for. This type of behavior is coded into the malware to it can bypass signature-based detection in products such as traditional antivirus and anti-malware solutions. There is also another reason for using dormant code: since advanced malware, such as ransomware or financial malware, usually rely on extern infrastructure to download components for infection, the malware can remain dormant and undetected if it can’t reach its Control and Command servers to execute further.Share your knowledge: URL copied successfully!
Awakening Dormant Functionality in Malware Programs
Dridex is a strain of financial malware that uses Microsoft Office macros to infect information systems. Dridex is engineered to collect and steal banking credentials and additional personal information and its fundamental objective is banking fraud.Share your knowledge: URL copied successfully!
A drive-by attack is the unintentional download of a virus or malicious software (malware) onto your system. A drive-by attack will usually take advantage of (or “exploit”) a browser, app, or operating system that is out of date and has a security flaw.Share your knowledge: URL copied successfully!
What is dumpster diving?
Dyreza / Dyre
Dyreza (also called Dyre) is a banking Trojan (financial malware) that appeared in 2014, whose behavior is similar to the ZeuS family, although there is no connection between Dyreza and ZeuS. The malware hides in popular web browsers that millions of users employ to access the web and aims to retrieve sensitive financial information every time the victim connects to a banking website. Dyreza is capable of key-logging, circumventing SSL mechanisms and two-factor authentication, and is usually spread through phishing emails.Share your knowledge: URL copied successfully!
Network Eavesdropping or network sniffing is an attack that aims to capture information transmitted over a network by other computers. The objective is to acquire sensitive information like passwords, session tokens, or any kind of confidential information.Share your knowledge: URL copied successfully!
Email malware distribution
Although outdated, some malware families still use email attachments as a mean of spreading malware and infecting users’ computers. This type of infection relies on the user double clicking on the attachment. A current method that uses email as a dispersion mechanism is inserting links to malicious websites.Share your knowledge: URL copied successfully!
This process involves using communications encryption to make information unavailable to third parties. When being passed through a networking, the information will only be available to the sender and the receiver, preventing ISPs or application service providers to discover or tamper with the content of the communication.Share your knowledge: URL copied successfully!
Enterprise Risk Management
The methods and processes that organizations use to identify and manage cyber security risks that could endanger its corporate mission. As part of this plan, the organization will also establish a plan to protect its assets and a plan to react in case a cyber security risk becomes reality.Share your knowledge: URL copied successfully!
Cybersecurity: Global risk management moves beyond regulations
A piece of software, a chunk of data or a sequence of commands that take advantage of a bug, a glitch or a vulnerability in software in order to penetrate a user’s system with malicious intentions. These malicious intentions may include gaining control of a computer system, allowing privilege escalation, or launching a denial-of-service attack.Share your knowledge: URL copied successfully!
Exploit kits (EKs) are computer programs designed to find flaws, weaknesses or mistakes in software apps (commonly known as vulnerabilities) and use them to gain access into a system or a network. They are used in the first stages of a cyber attack, because they have the ability to download malicious files and feed the attacked system with malicious code after infiltrating it.Share your knowledge: URL copied successfully!
Exploit kits as-a-service are a relatively recent business model employed by cyber criminals in which they create, manage and sell or rent exploit kits which are accessible and easy to use in cyber attacks. Exploit kits-as-a-service don’t require much technical expertise to be used, they are cheaper (especially if rented), they’re flexible and can be packed with different types of malware, offer broader reach, are usually difficult to detect and can be used to exploit a wide range of vulnerabilities. This business model makes it very profitable for exploit kit makers to sell their malicious code and increase their revenues.Share your knowledge: URL copied successfully!
Fake antivirus malware
A false positive is identified when a security solution detects a potential cyber threat which is, in fact, a harmless piece of software or a benign software behavior. For example, your antivirus could inform you that there's a malware threat on your PC, but it could happen that the program it's blocking is safe.Share your knowledge: URL copied successfully!
What is a false positive and why are false positives a problem?
What is a False Positive?
Fileless malware are types of malicious code used in cyber attacks that don’t use files to launch the attack and carry on the infection on the affected device or network. The infection is run in the RAM memory of the device, so traditional antivirus and antimalware solutions can’t detect it at all. Malicious hackers use fileless malware to achieve stealth, privilege escalation, to gather sensitive information and achieve persistence in the system, so the malware infection can continue to carry on its effect for a longer period of time.Share your knowledge: URL copied successfully!
Financial malware is a category of specialized malicious software designed to harvest financial information and use it to extract money from victims’ accounts. Because it is a rather new type of malware, it is also very sophisticated and it can easily bypass traditional security measures, such as antivirus. Financial malware is capable of persisting in the affected system for a long time, until it gathers the information associated with financial transactions and it can start to leak money from the targeted account. Banking fraud cyber crimes are one of the most serious cyber threats in the current risk landscape.Share your knowledge: URL copied successfully!
Financial malware explained
The Top 10 Most Dangerous Malware That Can Empty Your Bank Account
Flooding is a security attack used by hackers against a number of servers or web locations. Flooding is the process of sending a large amount of information to such a location in order to block its processing power and stop its proper operation.Share your knowledge: URL copied successfully!
Career & Salary Information for Forensic Analysts/Investigators
This type of malware can harvest your confidential data when you're filling a web form, before the data is sent over the Internet, to a secure server. By doing this, the malware can avoid the security ensured by an HTTPS connection. Unfortunately, using a virtual keyboard, autofill or copy/paste won't protect your from this threat. What's more, the malware can categorize data according to type (username, password, etc.) and even grab de URL where you were inputting your information.Share your knowledge: URL copied successfully!
Greyhat hackers have a more ambiguous mode of operation compared to blackhat and whitehat hackers. For instance, they may use illegal means to detect a vulnerability, but then disclose it to the targeted organization. Another perspective on greyhat hackers focuses on those that find exploits, and then sell the know-how to governments but only after receiving a payment. Greyhat hackers distinguish themselves from blackhat hackers on a single important criteria: they don’t use or sell the exploit for criminal gain.Share your knowledge: URL copied successfully!
A hacker is generally regarded as a person who manages to gain unauthorized access to a computer system in order to cause damage. But keep in mind that there are two types of hackers: whitehat hackers, who do penetration testing and reveal their results to help create more secure systems and software, and blackhat hackers, who use their skills for malicious purposes.Share your knowledge: URL copied successfully!
Heartbleed is a security bug that appeared in 2014, which exposed information that was usually protected by SSL/TLS encryption. Because of a serious vulnerability that affected the OpenSSL library, attackers could steal data that was kept confidential by a type of encryption used to secure the Internet. This bug caused around 500.000 web servers (17% of all severs on the Internet) to be exposed to potential data theft.Share your knowledge: URL copied successfully!
Everything you need to know about the Heartbleed SSL bug
A hoax is a false computer virus warning. You may receive such hoaxes via email, instant messaging or social media. Before acting on it, be sure to go online and check the validity of the claim. Also, when you have proof that it's fake, it's a good idea to inform the sender as well. Remember that such hoaxes can lead to malicious websites which can infect your devices with malware.Share your knowledge: URL copied successfully!
This is an automated system designed to simulate the actions of a user who’s browsing websites on the Internet. The purpose of the system is to identify malicious websites that try to exploit vulnerabilities that the browser might have. Another name for this is Honey Client.Share your knowledge: URL copied successfully!
This a program used for security purposes which is able to simulate one or more network services that look like a computer’s ports. When an attacker tries to infiltrate, the honeypot will make the target system appear vulnerable. In the background, it will log access attempts to the ports, which can even include data like the attacker’s keystrokes. The data collected by a honeypot can then be used to anticipate incoming attacks and improve security in companies.Share your knowledge: URL copied successfully!
Honeypots: The sweet spot in network security
Honeypots: A Security Manager's Guide to Honeypots
This is another name of a Man-in-the-Middle attack. Scanning HTTPS (Hypertext Transfer Protocol Secure) content allows the attackers to decrypt, analyze, and re-encrypt content between websites that use SSL (Secure Sockets Layer) for security and a user’s browser. This type of attack is usually used to snoop in on information exchanges and steal confidential data.Share your knowledge: URL copied successfully!
What are the differences between dictionary attack and brute force attack?
Identity theft refers to the process of stealing someone’s personal identification data and using it online in order to pose as that person. Hackers can make use of a person’s name, photos, papers, social security number and so on, to gain financial advantage at this person’s expense (by obtaining credit or by blackmailing), or as a means of damaging the person’s reputation etcShare your knowledge: URL copied successfully!
Incremental backups are extremely important for keeping information safe and up to date. This type of backup will only back up the files that you’ve modified since performing the last backup. This means the backup is faster and you can ensure that you’ll always have all your worked backed up safely.Share your knowledge: URL copied successfully!
Information Assurance (IA)
This is a set of measures designed to protect and defend data and information systems by ensuring that they are always available, that their integrity is safe, that they’re confidential and authentic (non-repudiation principle). These measures include having a data backup to restore information in case of an unfortunate event, having cyber security safeguards in place and ensuring that detection and reaction capabilities are featured.Share your knowledge: URL copied successfully!
The tactics, tools, measures and actions taken to protect data and information systems against unauthorized access, use, disclosure, disruption, modification, or destruction. Its purpose is to ensure the confidentiality, integrity, and availability of the data and information systems.Share your knowledge: URL copied successfully!
Information Security Risk
A risk in this category can be evaluated according to how and how much it threatens a company’s operations (including mission, functions, brand, reputation) or assets, employees, partners etc. A risk is based on the potential for cyber criminals to gain unauthorized access and use it to collect confidential data, disclose it to the public or to unauthorized parties, modify it or destroy it, thus disrupting the organization’s activity.Share your knowledge: URL copied successfully!
Information System Resilience
A resilient information system is a system that can continue to work even while under attack, even if becomes degraded of weakened. Moreover, it has to be able to recover from a successful attack fast and regain operational capabilities, at least for the core functions.Share your knowledge: URL copied successfully!
Information Systems Security (INFOSEC)
One of the most used terms in cyber security, INFOSEC, is the protection of information systems against unauthorized access or attempts to compromise and modify data, whether it’s stored data, processed data or data that’s being transmitted. The necessary measures to detect, document and counter these threats are also included in INFOSEC.Share your knowledge: URL copied successfully!
Inside Information Systems Security
The insider threat usually refers to employees or other people with authorized access who can potentially harm an information system by destroying it or parts of it, by disclosing or modifying confidential information and by causing denial of service.Share your knowledge: URL copied successfully!
What is an Insider Threat? An Insider Threat Definition
CERT Insider Threat Center
The CIA principle
Internet worms were created by researchers in the 1980s to find a reliable way of growing the Internet through self-replicating programs that can distribute themselves automatically through the network. An Internet worm does exactly that: it distributes itself across the web by using the computers’ Internet connection to reproduce.Share your knowledge: URL copied successfully!
The MySpace Worm that Changed the Internet Forever
What is a Computer Virus or a Computer Worm?
Intrusion Detection Systems (IDS)
This is a security management system set up to actively protect computer and networks. It works by analyzing information from various areas of a computer/network o spot potential security breaches. These breaches can be either caused by intrusions (external attacks) and misuse (insider attacks).Share your knowledge: URL copied successfully!
Through keylogging, cyber criminals can use malicious software to record the keystrokes on a users’s keyboard, without the victim realizing it. This way, cyber criminals can collect information such as passwords, usernames, PIN codes and other confidential data.Share your knowledge: URL copied successfully!
Kovter is a Trojan whose primary objective is performing click-fraud operations on the PC it compromises. However, in 2015 Kovter incorporated new cloaking tricks in order to evade detection, which is why cyber criminals started using it to deliver other types of malware, such as ransomware, or to recruit PCs into botnets.Share your knowledge: URL copied successfully!
Locky is a type of encrypting malware (also known as ransomware) distributed through Microsoft Office Macros and targeting Windows-running PCs. The name comes from the fact that, once the victim’s PC is infected, the ransomware will scramble and encrypt all the data on that PC, setting every file extension to .locky. Locky is spread through spam email campaigns, which make heavy use of spoofing, the same as the cyber criminals behind Dridex operate. In order to get the data decrypted, Locky creators ask for a ransom, which, if not paid, will leave the data useless if the victim doesn’t have a backup.Share your knowledge: URL copied successfully!
Security Alert: New Locky Ransomware Shows Off through Rampant Distribution
This level of impact of a cyber threat or cyber attack on an organization shows that there could be a loss of confidentiality, integrity, or availability, but with limited consequences. This includes reducing the capabilities of the organization, while still retaining the ability to function, but also other minor damages, financial loss or harm to people.Share your knowledge: URL copied successfully!
Crooks inject malicious Java applet into FOREX trading website
This is also called “malicious advertising” and it refers to how malware is distributed through online advertising networks. This type of technique is widely use to spread financial malware, data-stealing malware, ransomware and other cyber threats.Share your knowledge: URL copied successfully!
This is a short version for “malicious software” and it works as an umbrella term that refers to software that is defined by malicious intent. This type of ill-intentioned software can disrupt normal computer operations, harvest confidential information, obtain unauthorized access to computer systems, display unwanted advertising and more.Share your knowledge: URL copied successfully!
Common Malware Types: Cybersecurity 101
This is a short version for “malicious software” and it works as an umbrella term that refers to software that is defined by malicious intent. This type of ill-intentioned software can disrupt normal computer operations, harvest confidential information, obtain unauthorized access to computer systems, display unwanted advertising and more.Share your knowledge: URL copied successfully!
Common Malware Types: Cybersecurity 101
This type of malware is developed by cyber criminals to require little or no expertise in hacking, to be flexible, polymorphic, offer a broader reach and often comes packed with ready-coded targets. Malware-as-a-service can be bought or rented on the deep web and in cyber criminal communities, and sometimes can even include technical support from its makers and their team, which they run as a business.The main purpose behind it is making as much money as possible.Share your knowledge: URL copied successfully!
Man-in-the-middle Attack (MitM)
Through this attack, cyber criminals can change the victim’s web traffic and interpose themselves between the victim and a web-based service the victim is trying to reach. At that point, the attacker can either harvest the information that’s being transmitted via the web or alter it. This type of attack is often abbreviated to MITM, MitM, MIM, MiM or MITMA.Share your knowledge: URL copied successfully!
What Is A Man-In-The-Middle Attack? Security Jargon Explained
Business impact analysis for business continuity: Recovery time requirements
Mazar BOT is a strain of malware targeting Android devices which first emerged in February 2016. The malware spreads through SMSs sent to random numbers, which include a link shortened through a URL shortner service (such as bit.ly). Once clicked, the link installs the Mazar BOT malware on the affected device, gaining the ability to write, send, receive and read SMS, access Internet connections, call phones, erase the phone it’s installed on and many more. Mazar BOT doesn’t run on smartphones running Android with the Russian language option. Spoofing has also been observed in Mazar BOT attacks.Share your knowledge: URL copied successfully!
When this type of impact is estimated or observed on an information system, it means that confidentiality, integrity, or availability have suffered a significant blow. The organization may record barely working primary functions and significant damage to its assets, finances and individuals.Share your knowledge: URL copied successfully!
This type of authentication uses two or more factors to achieve authentication. These factors can include: something the users knows (a password or a PIN), something the user has (an authentication token, an SMS with a code or a code generator on the phone/tablet) and/or something the user is (biometric authentication methods, such as fingerprints or retina scans).Share your knowledge: URL copied successfully!
Why You Should Start Using Two-Factor Authentication Now
Multi Multi-Factor Authentication
Netiquette (short for network etiquette) is a collection of best practices and things to avoid when using the Internet, especially in communities such as forums or online groups. This is more of a set of social conventions that aim to make online interactions constructive, positive and useful. Examples include: posting off-topic, insulting people, sending or posting spam, etc.Share your knowledge: URL copied successfully!
What is netiquette?
Netiquette: Rules of Behavior on the Internet
This is a technique that uses a software program to monitor and analyze network traffic. This can be used legitimately, to detect problems and keep an efficient data flow. But it can also be used maliciously, to harvest data that’s transmitted over a network.Share your knowledge: URL copied successfully!
Neutrino is a famous exploit kit which has been constantly evolving since it first appeared in 2013. This exploit kit rose to fame because of its user friendly features and low entry barrier to using it. Neutrino includes a user-friendly control panel, continuous monitoring of antivirus detection rates, infostealer capabilities, recommendations of which exploits to use and more. Neutrino is a tool often used to compromise PCs and deliver different types of malware, and is itself delivered through malvertising campaigns and web injects. Neutrino is also available through the exploit kit-as-a-service model, where attackers can rent the exploit kit and increase their profits with smaller investments.Share your knowledge: URL copied successfully!
Nuclear Exploit Kit
Nuclear is a highly effective exploit kit which appeared in 2010 and gave cyber criminals the opportunity to exploit a wide range of software vulnerabilities in applications such as Flash, Silverlight, PDF reader, Internet Explorer and more. Polymorphic in nature, Nuclear advanced over the years into a notorious tool used for launching Zero Day attacks, spreading ransomware or for data exfiltration operations. Nuclear was often used in high-volume compromises and gave attackers the possibility to customize their attacks to specific locations and computer configurations. This constantly evolving exploit kit features various obfuscation tactics in order to avoid being detected by traditional anti-virus and anti-malware solutions.Share your knowledge: URL copied successfully!
In cyber security, obfuscation is a tactic used to make computer code obscure or unclear, so that humans or certain security programs (such as traditional antivirus) can’t understand it. By using obfuscated code, cyber criminals make it more difficult for cyber security specialists to read, analyze and reverse engineer their malware, preventing them for finding a way to block the malware and suppress the threat.Share your knowledge: URL copied successfully!
The Role of Deliberate Obfuscation for Overall Data Security and Privacy
This type of attack can happen when an attacker manages to gain access to data through offline means, such as eavesdropping, by penetrating a system and stealing confidential information or looking over someone’s shoulder and obtaining credentials to secret data.Share your knowledge: URL copied successfully!
Operation Tovar was an international, collaborative effort undertaken by law enforcement agencies and private security companies from multiple countries. The operation’s main objective was to take down the Zeus GameOver botnet, which was believed to be used for distributing the CryptoLocker ransomware. Heimdal Security was also involved in this effort, alongside the U.S. Department of Justice, Europol, the FBI, Microsoft, Symantec, Sophos, Trend Micro and more.Share your knowledge: URL copied successfully!
This refers to an unauthorized person from outside the company’s security perimeter who has the capacity to harm an information system by destroying it, modifying or stealing data from it and disclosing it to unauthorized recipients, and/or causing denial of service.Share your knowledge: URL copied successfully!
This is a type of software designed to monitor and record traffic on a network. It can be used for good, to run diagnostic tests and troubleshoot potential problems. But it can also be used for malicious purposes, to snoop in on your private data exchanges. This includes: your web browsing history, your downloads, the people you send emails to, etc.Share your knowledge: URL copied successfully!
A type of virus that’s capable of associating itself with a file or inserting itself into a file. To remain undetected, this virus will give control back to the software it infected. When the operating system looks at the infected software, it will continue to give it rights to run as usual. This means that the virus will be able to copy itself, install itself into memory or make other malicious changes to the infected PC. Although this type of virus appeared early on in the history of computer infections, it’s now making a comeback.Share your knowledge: URL copied successfully!
This is a type of attack during which cyber criminals try to gain unauthorized access to confidential information. It’s called passive because the attacker only extracts information without changing the data, so it’s more difficult to detect as a result.Share your knowledge: URL copied successfully!
Security Attacks - Passive Attacks
This is a tactic used by cyber criminals to harvest passwords. They do this through monitoring and snooping in on network traffic to retrieve password data. If the password is sent over an unencrypted connection (for example, you put in a password on a website that isn’t protected by a security certificate – doesn’t start with https), it’s even easier for attackers to get their hands on your passwords.Share your knowledge: URL copied successfully!
What is a software patch?
This refers to the activity of getting, testing and installing software patches for a network and the systems in it. Patch management includes applying patches both for security purposes and for improving the software programs used in the network and the systems within it.Share your knowledge: URL copied successfully!
In cyber security, the payload is the data cargo transported by a piece of malware onto the affected device or network. The payload contains the fundamental objective of the transmission, which is why the payload is actually the element of the malware that performs the malicious action (i.e. stealing financial information, destroying data, encrypting data on the affected device/network, etc.). When you consider a malware’s damaging consequences, that’s when you can talk about the payload.Share your knowledge: URL copied successfully!
This is a type of attack launched a network or computer system in order to identify security vulnerabilities that can be used to gain unauthorized access to the network’s/system’s features and data. Penetration testing is used to help companies better protect themselves against cyber attacks.Share your knowledge: URL copied successfully!
This is a type of firewall that’s installed and runs on personal computers.A firewall is a network security system designed to prevent unauthorized access to public or private networks. Its purpose is to control incoming and outgoing communication based on a set of rules.Share your knowledge: URL copied successfully!
This is a type of online scam aimed at extracting information such as passwords, usernames and more from the victim. Pharming means redirecting Internet traffic from a legitimate website to a fake one, so victims can put in their confidential information and attackers can collect it. This type of attacks usually targets banking and ecommerce websites. What makes it difficult to detect is that, even if the victim types in the right URL, the redirect will still take the user to the fake website, operated by IT criminals.Share your knowledge: URL copied successfully!
Phishing is a malicious technique used by cyber criminals to gather sensitive information (credit card data, usernames and passwords, etc.) from users. The attackers pretend to be a trustworthy entity to bait the victims into trusting them and revealing their confidential data. The data gathered through phishing can be used for financial theft, identity theft, to gain unauthorized access to the victim’s accounts or to accounts they have access to, to blackmail the victim and more.Share your knowledge: URL copied successfully!
How to recognize phishing email messages, links, or phone calls
This is how ordinary text is called before it’s encrypted or after being decrypted. When someone says that your passwords are stored in plaintext, it means that they can be read by anyone snooping into your private information, because the passwords aren’t encrypted. This is a big lapse in cyber security, so watch out for it.Share your knowledge: URL copied successfully!
Storing passwords in plaintext
Sony hacked yet again, plaintext passwords, e-mails, DOB posted
Polymorphic code is capable of mutating and changing while maintaining the initial algorithm. Each time it runs, the code morphs, but keeps its function. This tactic is usually used by malware creators to keep their attacks covert and undetected by reactive security solutions.Share your knowledge: URL copied successfully!
A polymorphic engine is used to generate polymorphic malware. This is a computer program capable of transforming a program in derivative versions (different versions of code), but which perform the same function. Polymorphic engines rely on encryption and obfuscation to work, and are used almost exclusively by malware creators and other cyber criminals. Using this type of engine, malicious hackers can create malware types that can’t be detected by antivirus engines or have a very low detection rate.Share your knowledge: URL copied successfully!
Polymorphic malware is capable of transforming itself into various derivative versions that perform the same function and have the same objective. By using obfuscated code and constantly changing their code, polymorphic malware strains can infected information systems without being detected by solutions such as traditional malware, which is a key asset in the perspective of cyber criminals.Share your knowledge: URL copied successfully!
What Is Polymorphic Malware and Why Should I Care?
The rise of polymorphic malware
This is a software tool used for bundling up different types of malware in a single package (for example, in an email attachment). Malicious actors use polymorphic packers because they’re able to transform over time, so they can remain undetected by traditional security solutions for longer periods of time.Share your knowledge: URL copied successfully!
Pop-up ads are windows used in advertising. They appear on top of your browser window when you’re on a website, and they’re often annoying because they are intrusive. While they’re not malicious by nature, sometimes they can become infected with malware, if a cyber attacker compromises the advertising networks that’s serving the pop-up.Share your knowledge: URL copied successfully!
Potentially unwanted application (PUA)
There are applications you might install on your devices which contain adware, which may install toolbars or have confusing purposes. These applications can be non-malicious by nature, but they come with the risk of potentially becoming malicious. Users must seriously consider the risks before they install this type of applications.Share your knowledge: URL copied successfully!
Poweliks is a Trojan designed to perform click-fraud operations on the affected PC. Its specific character is given by the fact that it’s a type of fileless malware, which makes it very difficult to be detected by traditional, signature-based anti-malware and antivirus solutions. Poweliks installs itself in the Windows registry, where it can inject itself into essential Windows functions. This also helps Poweliks achieve persistence on the infected PC. This malware can be used to also download other threats onto the victim’s PC, such as ransomware delivered through malvertising.Share your knowledge: URL copied successfully!
This type of computer virus is capable of executing a specific code that triggers the maximum CPU power dissipation (heat generated by the central processing units). Consequently, the computer’s cooling ability would be impaired and the virus could cause the system to overheat. One of the potential effects is permanent physical damage to the hardware. Power viruses are used both by good actors, to test components, but can also be used by cyber criminals.Share your knowledge: URL copied successfully!
Proprietary Information (PROPIN)
Proprietary information is made of all the data that is unique to a company and ensures its ability to stay competitive. This can include customer details, technical information, costs and trade secrets. If cyber criminals compromise or reveal this information, the impact on the company can be quite severe, as we’ve seen in major data breaches.Share your knowledge: URL copied successfully!
Ransomware is a type of malware (malicious software) which encrypts all the data on a PC or mobile device, blocking the data owner’s access to it. After the infection happens, the victim receives a message that tells him/her that a certain amount of money must be paid (usually in Bitcoins) in order to get the decryption key. Usually, there is also a time-limit for the ransom to be paid. There is no guarantee that the, if the victim pays the ransom, he/she will get the decryption key. The most reliable solution is to back up your data in at least 3 different places (for redundancy) and keep those backups up to date, so you don’t lose important progress.Share your knowledge: URL copied successfully!
Cyber security and real-time electric control center operations
This happens when someone uses a dedicated program to access a computer from a remote location. This is a norm for people who travel a lot and need access to their company’s network. But cyber criminals can also use remote access to control a computer they’ve previously hacked into.Share your knowledge: URL copied successfully!
Remote access Trojan / RAT
Remote Access Trojans (RATs) use the victim’s access permissions and infects computers to give cyber attackers unlimited access to the data on the PC. Cyber criminals can use RATs to exfiltrate confidential information. RATs include backdoors into the computer system and can enlist the PC into a botnet, while also spreading to other devices. Current RATs can bypass strong authentication and can access sensitive applications, which are later used to exfiltrate information to cyber criminal-controlled servers and websites.Share your knowledge: URL copied successfully!
Security Alert: Adwind RAT Spotted in Targeted Attacks with Zero AV Detection
The 7 ‘Most Common’ RATS In Use Today
Improving operations and maintenance with remote optimization
Five steps to determine residual risk during the assessment process
Inherent and Residual Risk
This is an organization’s or system’s ability to restore its ability to function and achieve its objectives during and after a cyber attack or other transformations. Resilience includes ensuring contingency plans, doing constant risk management and planning for every crisis scenario.Share your knowledge: URL copied successfully!
What Is Security and Resilience?
This is a technique heavily used by cyber security researchers who constantly take malware apart to analyze it. This way, they can understand and observe how the malware works and can devise security solutions that can protect users against that type of malware and its tactics. This is one of the most valuable activities in cyber security intelligence gathering.Share your knowledge: URL copied successfully!
About reverse engineering
A Crypto Trick That Makes Software Nearly Impossible to Reverse-Engineer
This is a risk analysis process that defines an organization’s cyber security risks and their potential impact. Security measures are then suited to match the importance and potential impact of the risks identified as a result of the risk assessment.Share your knowledge: URL copied successfully!
This is the process by which an organization manages its cyber security risks to decrease their potential impact and take the adequate measures to avoid cyber attacks. Doing a risk assessment is also part of the process, as well as the risk mitigation strategy and all the procedures that must be applied in order to ensure proper defenses against cyber threats. This is a continuous process and should be viewed as a cycle.Share your knowledge: URL copied successfully!
This is the process by which risks are evaluated, prioritized and managed through mitigation tactics and measures. Since any company has a dynamic environment, a periodical revision should be a defining characteristic of the risk mitigation process.Share your knowledge: URL copied successfully!
Rogue security software
Rogue security software (usually antivirus) is a common Internet scam used by cyber criminals to mislead victims and infect their PCs with malware. Malicious actors could also use fake antivirus to trick victims into paying money or extort them (like ransomware does) into paying for having the rogue software removed. So please only buy security software from trusted vendors or from the software makers themselves.Share your knowledge: URL copied successfully!
This is a type of deceitful malware which claims to be a trusted and harmless software program (such as antivirus). Cyber criminals use rogueware to harvest data from their victims or to trick them intro paying money. Often, rogueware also includes adware functions, which adds a burden and a potential risk to the infected PC.Share your knowledge: URL copied successfully!
A rootkit is a type of malicious software (but not always) which gives the attackers privileged access to a computer and is activated before the operating system boots up. Rookits are created to conceal the existence of other programs or processes from being spotted by traditional detection methods. For example, rookit malware is capable of covering up the fact that a PC has been compromised. By gaining administrator rights on the affected PC (through exploits or social engineering), attackers can maintain the infection for a long time and are notoriously difficult to remove.Share your knowledge: URL copied successfully!
This refers to a set of protection measures that have to meet an information system’s core security requirements, in order to ensure confidentiality, integrity, and availability. This includes everything from employee security to ensuring the safety of physical structures and devices, to management limitations and more.Share your knowledge: URL copied successfully!
This is a type of malware (or rogueware) that employs social engineering to intimidate and confuse the victims through shock, anxiety, fear and time reistrictions. The objective is to maliciously persuade the victims into buying unwanted software. The software could be rogue security software, ransomware or other type of malware. For example, malicious actors often try to manipulate users that their computer is infected with a virus and that the only way to get rid of it is to pay for, download and install a fake antivirus, which, of course, turns out to be the malware itself.Share your knowledge: URL copied successfully!
Critical Security Controls overview
Reducing Risk with SANS 20 CSC (Critical Security Controls)
Security requirements are derived from multiple sources and make up for the security necessities of an information system, in order to ensure confidentiality, integrity, and availability of the information that’s managed, transmitted or stored in the system. The sources for security requirements can be legislation, directives, policies, standards, best practices, regulations, procedures or other business necessities.Share your knowledge: URL copied successfully!
How to define security requirements and manage risk in software development
This type of information is defined by the fact that not everyone can access it. Sensitive information is data that is confidential for a certain category of users, who can view, access and use this data. This type of information is protected for reasons either related to legal aspects or ethical ones. Examples include: personal identification numbers, health information, education records, trade secrets, credit card information, etc.Share your knowledge: URL copied successfully!
What does Sensitive Information mean?
What is Sensitive Information?
In cyber security, a signature is an identifiable, differentiating pattern associated with a type of malware, an attack or a set of keystrokes which were used to gain unauthorized access to a system. For example, traditional antivirus solutions can spot, block and remove malware based on their signature, when the AV sees that a piece of software on your PC matched the signature of a malicious software stored in their database.Share your knowledge: URL copied successfully!
What is a digital signature? Fundamental principles
Understanding Digital Signatures
Skimming happens when a malicious actor uses a tag reader in an unauthorized manner, in order to collect information about a person’s tag. The victim never knows or accepts to be skimmed. For example, card skimming is an illegal practice which consists of the illegal collection of data from a card’s magnetic stripe. This information can then be copied onto a blank card’s magnetic stripe and used by malicious actors to make purchases and withdraw cash in the name of the victim.Share your knowledge: URL copied successfully!
Spam is made up of unsolicited emails or other types of messages sent over the Internet. Spam is often used to spread malware and phishing, which is why you should never open, reply to or download attachments from spam messages. Spam cam come your way in the form of emails, instant messages, comments, etc.Share your knowledge: URL copied successfully!
How to Report Spam
Spam filtering software
This is a type of program which can analyze emails and other types of messages (i.e. instant messages) to weed out spam. If spam filtering software decides to categorize a message as spam, it’ll probably move that message to a dedicated folder.Share your knowledge: URL copied successfully!
Spear phishing is a cyber attacks that aims to extract sensitive data from a victim using a very specific and personalized message. This message is usually sent to individuals or companies, and it’s extremely effective, because it’s very well planned. Attackers invest time and resources into gathering information about the victim (interests, activities, personal history, etc.) in order to create the spear phishing message (which is usually an email). Spear phishing uses the sense of urgency and familiarity (appears to come from someone you know) to manipulate the victim, so the target doesn’t have time to double check the information.Share your knowledge: URL copied successfully!
Information spillage happen when data is moved from a safe, protected system to another system, which is less secure. This can happen to all types of data, from health information to financial or personal data. If the system the data is moved to is less secure, people who should not have access to this information may be able to access it.Share your knowledge: URL copied successfully!
This is a compromise attempt during which an unauthorized individual tries to gain access to an information system by impersonating an authorized user. For example, email spoofing is when cyber attackers send phishing emails using a forged sender address. You might believe that you’re receiving an email from a trusted entity, which causes you to click on the links in the email, but the link may end up infecting your PC with malware.Share your knowledge: URL copied successfully!
This is a type of malware that employs tactics found in both phishing and spyware. By combining these cyber threats, spy-phishing is capable of downloading applications that can run silently on the victim’s system. When the victims open a specific URL, the malware will collect the data the victim puts into that website and send it to a malicious location (like a web server). This technique is used to extend the duration of the phishing attack, even after the phishing website has been taken down.Share your knowledge: URL copied successfully!
Spyware is a type of malware designed to collect and steal the victim’s sensitive information, without the victim’s knowledge. Trojans, adware and system monitors and are different types of spyware. Spyware monitors and stores the victim’s Internet activity (keystrokes, browser history, etc.) and can also harvest usernames, passwords, financial information and more. It can also send this confidential data to servers operated by cyber criminals, so it can be used in consequent cyber attacks.Share your knowledge: URL copied successfully!
This is a tactic that used code injection to attack applications which are data-driven. The maliciously injected SQL code can perform several actions, including dumping all the data in a database in a location controlled by the attacker. Through this attack, malicious hackers can spoof identities, modify data or tamper with it, disclose confidential data, delete and destroy the data or make it unavailable. They can also take control of the database completely.Share your knowledge: URL copied successfully!
SSL / Secure Sockets Layer
SSL comes from Secure Sockets Layer, which is an encryption method to ensure the safety of the data sent and received from a user to a specific website and back. Encrypting this data transfer ensures that no one can snoop on the transmission and gain access to confidential information, such as card details in the case of online shopping. Legitimate websites use SSL (start with https) and users should avoid inputting their data in websites that don’t use SSL.Share your knowledge: URL copied successfully!
This is a type of malware which is capable of transferring data or money to a third, malicious party. This type of malware usually targets affiliate transactions. It then uses an HTTP cookie to redirect the commission earned by an affiliate marketer to an unauthorized third party.Share your knowledge: URL copied successfully!
This is a specific requirement that calls for employing multiple authentication factors from different categories and sophisticated technology to verify an entity’s identity. Dynamic passwords, digital certificates, protocols and other authentication elements are part of strong authentication standards. This is especially applied in banking and financial services, where access to an account has to be tied to a real person or an organization.Share your knowledge: URL copied successfully!
Supply chain attack
This type of attack aims to inflict damage upon an organization by leveraging vulnerabilities in its supply network. Cyber criminals often manipulate with hardware or software during the manufacturing stage to implant rootkits or tie in hardware-based spying elements. Attackers can later use these implants to attack the organization they’re after.Share your knowledge: URL copied successfully!
Suspicious files and behavior
Suspicious behavior is identified when files exhibit an unusual behavior pattern. For example, if files start copying themselves to a system folder, this might be a sign that those file have been compromised by malware. Traditional antivirus solutions incorporate this type of detection to spot and block malware.Share your knowledge: URL copied successfully!
System administrator / Sysadmin
The sysadmin, how it’s also called, is a person in charge of all the technical aspects of an information system. This includes aspects related to configuration, maintenance, ensuring reliability and the necessary resources for the system to run at optimal parameters while respecting a budget and more.Share your knowledge: URL copied successfully!
Targeted threats are singled out because of their focus: they are usually directed at a specific organization or industry. These threats are also designed to extract sensitive information from the target, so cyber criminals take a long time to prepare these threats. They are carefully documented, so the chances for successful compromise can be as big as possible. Targeted threats are delivered via email (phishing, vishing, etc.), they employ Zero Days and other vulnerabilities to penetrate an information system, and many more. Government and financial organizations are the most frequent targets for this type of cyber threats.Share your knowledge: URL copied successfully!
TeslaCrypt is a ransomware Trojan, which was first designed to target computers that has specific computer games installed. However, in the past months, this strain of cryptoware had broadened its reach to affect all users (mainly Windows users), not just gamers. As with every other ransomware, TeslaCrypt creators use spam to distribute the infection and, once they get into the victim’s PC, all the data on the device will be encrypted and held hostage. The ransom can vary between $150 and $1000 worth of bitcoins which the victim has to pay in order to get the decryption key. In March 2016, TeslaCrypt 4.0 emerged, featuring unbreakable encryption and rendering any available TeslaCrypt decoders useless.Share your knowledge: URL copied successfully!
Security Alert: TeslaCrypt 4.0 – Unbreakable Encryption and Worse Data Leakage
This refers to the process of examining the sources of cyber threats and evaluating them in relation to the information system’s vulnerabilities. The objective of the analysis is to identify the threats that endanger a particular information system in a specific environment.Share your knowledge: URL copied successfully!
An Overview of Threat and Risk Assessment
The 5 cyber attacks you're most likely to face
How Enterprises Are Safeguarding Against Cybersecurity Threats
This type of password can be either valid for a limited amount of time or it can be valid for use during a specific interval in a day. Time-dependent passwords are most often generated by an application and are part of the two-factor or multi-factor authentication mechanisms.Share your knowledge: URL copied successfully!
In security, a token is a physical electronic device used to validate a user’s identity. Tokens are usually part of the two-factor or multi-factor authentication mechanisms. Tokens can also replace passwords in some cases and can be found under the form of a key fob, a USB, an ID card or a smart card.Share your knowledge: URL copied successfully!
During this process, the traffic on a network is intercepted, examined and reviews in order to determine traffic patterns, volumes and extract relevant statistics about it. This data is necessary to improve the network’s performance, security and general management.Share your knowledge: URL copied successfully!
Trojan (Trojan horse)
Probably one of the most notorious terms in cyber security, a Trojan Horse is a type of malware that acts according to the Greek legend: it camouflages itself as a legitimate file or program to trick unsuspecting users into installing it on their PCs. Upon doing this, users will unknowingly give unauthorized, remote access to the cyber attackers who created and run the Trojan. Trojans can be used to spy on a user’s activity (web browsing, computer activity, etc.), to collect and harvest sensitive data, to delete files, to download more malware onto the PC and more.Share your knowledge: URL copied successfully!
This is a cyber security threat that employs a Man-in-the-middle attack in order to inject advertising into certain web pages a user visits while using a public network, like a public, non-encrypted WiFi hotspot. In this case, the computer being used doesn’t need to have adware on it, so installing a traditional antivirus can’t counteract the threat. While the ads themselves can be non-malicious, they can expose users to other threats. For example, the ads could promote a fake antivirus that is actually malware or a phishing attack.Share your knowledge: URL copied successfully!
A URL (or link) injection is when a cyber criminal created new pages on a website owned by someones else, that contain spammy words or links. Sometimes, these pages also contain malicious code that redirects your users to other web pages or makes the website's web server contribute to a DDoS attack. URL injection usually happens because of vulnerabilities in server directories or software used to operate the website, such as an outdated Wordpress or plugins.Share your knowledge: URL copied successfully!
In cyber security, a vaccine is a digital solution that focuses on neutralizing attacks once they gain unauthorized access into an information system. Cyber vaccines exploit flaws in the way some malware strains work and spread, so their distribution and effects can be blocked. A cyber vaccine could train an information system to detect and stop cyber attacks after they’ve penetrated the system/PC just before the attacker can do any actual damage. Cyber vaccines are a new concept, so there is a lot of work to be done for their advancement. They can potentially be used to stop ransomware, block data exfiltration, intercept phishing attacks, block Zero Day exploits and more.Share your knowledge: URL copied successfully!
Vawtrak / Neverquest
Vawtrak (or Neverquest) is a classic infostealer malware, which aims to mainly steal login credentials for banking portals, either stored on the local device or transmitted from the affected PC, but it can also harvest other financial institutions. Vawtrak uses the stolen credentials to gain unauthorized access to bank account and commit financial fraud. The infostealer has other capabilities too, such as taking screenshots of the infected device, capturing videos and launching man-in-the-middle attacks. Vawtrak is delivered through drive-by downloads in compromised websites or by injecting malicious code on legitimate websites, but it also spreads through phishing campaigns in social media networks and spam.Share your knowledge: URL copied successfully!
Virtual Private Network / VPN
A VPN, short for Virtual Private Network, uses the Internet public infrastructure to connect to a private network. VPNs are usually created and owned by corporations. By using encryption and other security means, a VPN will hide your online activity from attackers and offer extra shield when you want to safely navigate online.Share your knowledge: URL copied successfully!
A computer virus is a type of malicious software capable of self-replication. A virus needs human intervention to be ran and it can copy itself into other computer programs, data files, or in certain sections of your computer, such as the boot sector of the hard drive. Once this happens, these elements will become infected. Computer viruses are designed to harm computers and information systems and can spread through the Internet, through malicious downloads, infected email attachments, malicious programs, files or documents. Viruses can steal data, destroy information, log keystrokes and more.Share your knowledge: URL copied successfully!
A computer virus hoax is a message that warns about a non-existent computer virus threat. This is usually transmitted via email, and tells the recipients to forward it to everyone they know. Computer hoaxes are usually harmless, but their intent is not innocent, since they exploit lack of knowledge, concern or ability to investigate before taking the action described in the hoax.Share your knowledge: URL copied successfully!
Vishing (short for Voice over IP phishing) is a form of phishing performed over the telephone or voice over IP (VoIP) technology, such as Skype. Unsuspecting victims are duped into revealing sensitive or personal information via telephone calls, VoIP calls or even voice mail.Share your knowledge: URL copied successfully!
A wabbit is one of four main classes of malware, among viruses, worms and Trojan horses. It's a form of computer program that repeatedly replicates on the local system. Wabbits can be programmed to have malicious side effects. A fork bomb is an example of a wabbit: it's a form of DoS attack against a computer that uses the fork function. A fork bomb quickly creats a large number of procceses, eventually crashing the system. Wabbits don't attempt to spread to other computers across network.Share your knowledge: URL copied successfully!
What is Wabbits
The very first viruses: Creeper, Wabbit and Brain.
Watering Hole is the name of a computer attack strategy that was detected as early as 2009 and 2010. The victim is a particular, very targeted group, such as a company, organization, agency, industry, etc. The attacker spends time to gain strategic information about the target: observes which legitimate websites are more often visited by the members of the group. Then the attacker exploits a vulnerability and infects one of those trusted websites with malware, without the knowledge of the site's owner. Eventually, someone from that organization will fall into the trap and get their computer infected. This way, the attacker gains access to the target's entire network. These attacks work because of the constant vulnerabilities in website technologies, even with the most popular systems, such as WordPress, making it easier than ever to stealthily compromise websites.Share your knowledge: URL copied successfully!
Watering Hole 101
Watering hole attack
A web bug, also called a web beacon or pixel tag, is a small, transparent GIF image, usually not bigger than 1 pixel. It's embedded in an email or webpage and is usually used in connection with cookies. Web bugs are designed to monitor your activity and they load when you open an email or visit a website. Most common uses are marketing-related: for email tracking (to see if readers are opening the emails they receive, when they open them), web analytics (to see how many people visited a website), advertisement statistics (to find out how often an ad appears or is being viewed), IP addresses gathering, type of browser used.Share your knowledge: URL copied successfully!
Web content filtering software
A web content filtering software is a program that will screen an incoming web page and restrict or control its content. It is used by governments that can apply them for censorship, by ISPs to block copyright infringement, by employers to sometimes block personal email clients or social media networks, by a school, by parents, etc. This software can block pages that include copyright infringement material, pornographic content, social networks, etc.Share your knowledge: URL copied successfully!
Whaling is a form of sophisticated phishing whose objective is to collect sensitive data about a target. What’s different from phishing is that whaling goes after high-profile, famous and wealthy targets, such as celebrities, CEO’s, top-level management and other powerful or rich individuals. By using the phished information, fraudsters and cyber criminals can trick victims into revealing even more confidential or personal data or they can be extorted and suffer from financial fraud.Share your knowledge: URL copied successfully!
Also known as ethical hackers, these are usually cybersecurity specialists, researchers or just skilled techies who find security vulnerabilities for companies and then notify them to issue a fix. Unlike blackhat hackers, they do not use the vulnerabilities except for demonstration purposes. Companies often hire whitehat hackers to test their security systems (known as “penetration testing”). As their expertise has grown to be more in demand and sought after, whitehat hackers started to collect rewards for their work, ranging from 500$ all the way to 100,000$.Share your knowledge: URL copied successfully!
12 Whitehat Hackers You Should Know
A whitelist is a list of email addresses or IP addresses that are considered to be spam-free. It's the opposite of a blacklist, which usually includes a list of blocked users. Spam filters have both whitelists and blacklists of senders, and also keywords to look for in emails, which enable them to help detect a spam email.Share your knowledge: URL copied successfully!
A computer worm is one of the most common types of malware. It's similar to a virus, but it spreads differently: worms have the ability to spread independently and self-replicate automatically by exploiting operating system vulnerabilities, while viruses rely on human activity in order to spread. It's usually "caught" via mass emails that contain infected attachments. Worms may also include "payloads" that damage host computers, commonly designed to steal data, delete files, send documents via email or install backdoors.Share your knowledge: URL copied successfully!
Worm - Definition
The Difference Between a Computer Virus, Worm and Trojan Horse
A Zero Day or Zero Hour attack are attacks that use vulnerabilities in computer software that cyber criminals have discovered and software makers have not patched (because they weren't aware that those vulnerabilities exist). These are often exploited by cyber attackers before the software or security companies become aware of them. Sometimes, Zero Days are discovered by security vendors or researchers and kept private until the company patches the vulnerabilities.Share your knowledge: URL copied successfully!
Zero Day virus / malware
A Zero Day virus, also known as Zero Day malware is a computer virus, Trojan horse or other malware, previously unknown by the software maker or by traditional antivirus producers. This means the vulnerability is also undisclosed publicly, though it might be known and quietly exploited by cyber attackers. Because it's not known yet, this means patches and antivirus software signatures are not yet available for it and there is little protection against an attack.Share your knowledge: URL copied successfully!
A Zero Day (or Zero Hour or Day Zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer. Zero Day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software developer finds out about the vulnerability.Share your knowledge: URL copied successfully!
What are zero-day attacks?
What are Zero-Day Attacks and 3 Ways to Avoid Them
ZeuS / Zbot
Zeus, also known as Zbot, is a notorious banking Trojan which infects Windows users and tries to retrieve confidential information from the infected computers. Once installed, it also tries to download configuration files and updates from the Internet. Its purpose is to steal private data from the victims, such as system information, passwords, banking credentials or other financial details. Zeus could be customized to gather banking details in specific countries and by using a vast array of methods. Using the retrieved information, cyber criminals could log into banking accounts and make unauthorized money transfers through a complex network of computers, thus leading to severe banking fraud. Operation Tovar, carried out in 2014, took down the ZeuS network of control and command servers, as it had done millions of dollars in damages and spread very quickly.Share your knowledge: URL copied successfully!
ZeuS Banking Trojan Report
The Big Four Banking Trojans
Zeus GameOver / Zeus P2P
Zeus GameOver is a variant of the ZeuS/Zbot family – the infamous financial stealing malware – which relied on a peer-to-peer botnet infrastructure to work. Zeus GameOver was used by cyber criminals to collect financial information (credentials, credit card numbers, passwords, etc.) and any other personal information which could be used to access the victim’s online banking accounts. GameOver Zeus is estimated to have infected 1 million users around the world and it was taken down in mid-2014 through Operation Tovar.Share your knowledge: URL copied successfully!
A Zip Bomb, also known as Zip of Death or Decompression Bomb, is a malicious archive file. When uncompressed, it expands dangerously, requiring large amounts of time, disk space and memory, causing the system to crash. Usually it's a small file, only up to a few hundred kylobytes, in the form of a loop, which will continuosly unpack itself until all system resources are exhausted. It's designed in order to disable the antivirus software, so that a more traditional virus sent afterwards could get into the system wihtout being detected.Share your knowledge: URL copied successfully!
A zombie computer is one connected to the Internet, that in appearance is performing normally, but can be controlled by a hacker who has remote access to it and sends commands through an open port. Zombies are mostly used to perform malicious tasks, such as spreading spam or other infected data to other computers, or launch of DoS (Denial of Service) attacks, with the owner being unaware of it.Share your knowledge: URL copied successfully!
What is a zombie (bot)
What is a Botnet & How to Prevent Your PC From Being Enslaved
What is Advanced Persistent Threat 0 /APT?
An advanced persistent threat is deployed by cyber-criminals who have a high level of expertise and important resources to infiltrate a network. They usually use this type of attack to target large organizations seeking to retrieve economic or financial information. In some cases, they might even try to use this form of attack to stop or block a company’s program or agenda. Since an advanced persistent threat is executed over long periods of time, it is difficult to be detected and blocked by average users and requires a specialized security program or a team of experts to find a solution.Share your knowledge: