2 min read
The Cyber Security Glossary
To get your head around the world of cyber security, the first step is learning the language. Some words might sound familiar, but will quickly realise they have different implications in the context of cyber security, others might be completely new to you. Have a read of our cyber security glossary and learn the new lingo that is redefining how we protect ourselves in the digital world.
But first, what exactly is cyber security?
The term ‘cyber security’ refers to the protection of computer networks, data and programs, with the intention to deny any unauthorised access and prevent malicious attacks.
A ‘cyber incident’ refers to one of the following:
- An attempt to gain unauthorised access to a system and/or data
- Disruption that has been caused by or is a side effect of malicious intent
- Unauthorised usage of data processing or storage systems
- Changes to a system’s hardware, software or firmware without the system owners or administrators consent
The below is a selection of some of the most important, confusing or emerging words in the cyber security lexicon. If you think we have missed anything or want to see something included, do get in touch and let us know.
Advanced Persistent Threat
Also known as an APT, this term refers to a type of attack that uses sophisticated methods and significant resource over a sustained period of time. The attack will usually come via multiple entry points (cyber, deception and possibly even physical) and are difficult to stop once they have begun. Due to the sophistication of these attacks, they are usually targeted at large organisations or governments.
Adware stands for advertising malware; it is a type of malicious software that presents unwanted advertisements using intrusive and disruptive techniques. It could manifest itself in the form of endless popups, or use a type of spyware that tracks your online activity to make the adverts more targeted.
This refers to the human body’s measurements and statistics. Biometric technology uses these details as a form of identification and access control.
A computer or device that is connected to the internet and has been compromised with malicious logic, is performing malicious activities and is in control of a remote administrator. Also known as a zombie.
A botnet is a network is compromised devices, that work together to commit coordinated cyber attacks. The controller of such an attack is called a bot herder or bot master.
A type of unwanted software that takes control of a computer or device’s browser without the users permission. This software comes in many different forms, from mimicking a familiar website to drive traffic elsewhere or using spyware or keyloggers to gain a user’s personal or secure information.
Brute force attack
A type of attack wherein a malicious computer programme is used to enter vast quantities of letter and number combinations to uncover passwords and gain access. These attacks are why it’s so important to have a password that combines letters, numbers, different cases and special characters.
This is sometimes used as another word for ‘code’. It’s an algorithm that encrypts and decrypts data.
Cross Site Scripting
Also known as XSS, this is a common software vulnerability typically found in web applications. It allows malicious attackers to inject user-facing script or overwrite access controls.
Distributed denial of service attack. Different from a standard denial of service (DOS), this type of attack focuses on multiple computers and several internet connections to overcome the targeted resource.
A combination of deep learning and fake, deepfake uses artificial intelligence to synthesise false videos or pictures of humans. As the technology advances, deepfake becomes harder to spot and could be a potential threat to cyber security.
The process of collecting, preserving, extracting and analysing digital evidence and data for investigative purposes.
A set of computer programmes that, when deployed, uncover system or software vulnerabilities and use them to input harmful code.
A type of malware that scans log-in data and credentials before it is passed over to a secure server. It is even more effective than Keylogger malware, as it has the ability to retrieve credentials even if someone is using auto-fill or a virtual keyboard.
Government Communications Headquarters. They discover and use intelligence to help combat terrorism, cyber crime and child pornography.
A way of disguising a piece of data by using a mathematical algorithm. It is often used to encrypt a piece of data, so it can be transported safely, and decrypted once it has been received.
Honeypot or Honeynet
A system that has been setup with intentional vulnerabilities, with the intention to attract attackers. The attack is then studied for techniques and methods and used to improve security methods.
At face value, you might think this term means the same as cyber security. However, it specifically refers to the protection and integrity of data and information. Sensitive information might be retained offline, and so the method of storage and access must be secure.
When a person inside a company jeopardises or compromises company security by violating security policies, whether that be intentionally or unintentionally.
A type of malware that records what keys are pressed on a keyboard in order to extract security credentials or other sensitive information.
A piece of malicious code that is inserted into a system and activated when a particular action is carried out.
The method of using online advertising to implant malware.
Malicious software that has the potential to negatively impact people or organisations.
Also known as MITM, this is where an attack positions itself between two people or systems who believe they are communicating directly with each other. It is used either to harvest the information being transmitted or perhaps to alter it.
National Cyber Security Centre (NCSC)
Part of GCHQ, this is a UK government organisation that offers advice and support to the public and private sector on how to avoid and prevent cyber security threats, attacks and breaches.
This is when a system is monitored or scanned for information, but no action is taken against or within the system. Due to their nature, passive attacks are much more difficult to detect.
The act of spying on or monitoring network traffic in order to extract password data.
Also known as a pen test or pen testing, it is the practice of testing a computer system, network or web application to locate and expose security weaknesses. Sometimes known as ethical hacking.
In the world of cyber security, this has nothing to do with genetically modifying plants. It refers to when a user is redirected to an illegitimate website, despite having entered the correct address. It’s used to extract details like passwords and account details.
Emails that appear to be from legitimate companies that trick or coerce the user to reveal passwords or account details, usually by leading them to a fake website.
The clue is in the name. This is a type of malware that restricts access to or encrypts the contents of someone’s computer or device, and asks them for money to be paid in order for access to be restored.
As is typical with ransom cases, there is no guarantee that access will be restored once the money has been paid. The most effective protection against this is to backup your data in several different places, to make it more difficult for your digital property to be commandeered.
Remote Access Trojan
Also known as a RAT, this is definitely a pest you don’t want in your computer. A RAT is a malware programme that takes control of a system using a remote network connection. It infects the computer and gives the attacker complete access to all the data on that device. It is typically installed without the users knowledge and can enlist the PC into a botnet.
A more old-fashioned practice, but one that is always worth watching out for, shoulder surfing is the simple act of looking over a users shoulder to extract sensitive data such as a password, PIN or other private details.
Smishing is the same as phishing, except the contact comes in the form of a text message.
This type of attack takes advantage of people’s natural instinct to trust others and take things at face value. It could come in the form of impersonation, lies, psychological tricks and even threats, and is used to extract sensitive data such as passwords and other details that will grant the attacker unauthorised access to their target.
While phishing attacks usually come in the form of mass, untargeted emails, spear phishing is a highly personalised and planned attack designed to look like it’s from someone the recipient knows or trusts. It will often be delivered with a sense of urgency that helps to side-step the victim’s suspicions and leaves them no time to double check information.
This is essentially disguising an online communication with a malicious intention as something benign. Spoofing can come in the form of emails, caller ID, entire websites, IP addresses and more. They are best spotted by closely checking an email sender or website address, and watching out for spelling mistakes or strange use of grammar.
A type of malware that spys on a victim’s computer or device usage to extract sensitive information without their knowledge. Keyloggers and screen scrapers are both types of spyware.
The practice of concealing a file, video, message or image inside another file, video, message or image so it can be transmitted covertly.
Inspired by the Trojan Horse of greek mythology, in cyber security it means a computer program that appears to have a useful function, but has a true purpose of breaching the security of a computer system. It relates to anything that misleads the user about its true intent.
You’re most at risk of coming across typhoid adware when you use a public, non-encrypted wifi hotspots. It works by injecting advertising in whatever website you’re using, and does not need adware to be installed in order to be effective – meaning antivirus software would have no effect. The ads themselves are not harmful, but if acted upon have the potential to be.
Quite literally, this means injecting your site URL so the user is directed to a page created by the hacker. The new page usually contains spam links that lead to malicious locations or outcomes. URL injections occur when there is a vulnerability in the software used to operate your website.
Vishing is just like phishing, except it happens on the phone. On the other end could be a computerised voice giving you some sort of warning unless you act immediately, or it could be an actual person asking you to follow instructions or divulge security details. As with phishing, smishing, spear phishing and social engineering, urgency is usually applied in an attempt to sidestep any kind of urge to double-check or second guess.
Much like the animals biological tendency to reproduce, a wabbit is a type of computer programme that replicates itself repeatedly, with malicious side effects. It does not infect other computers.
Water-holing or Watering Hole Attack
Inspired by a wild predators technique of attacking their prey during a visit to the watering hole, this is a type of cyber attack that is highly targeted towards a specific group of people, who perhaps all work for the same organisation, within the same industry or live in the same region.
The attacker tends to collect information about websites that this group of people frequent and then infects one of those websites with malware. Once one person has fallen foul to the malware, the attacker then uses that breach to access a wider associated network.
Highly targeted phishing attacks that are specifically aimed at senior executives who have a high level of access permissions.
A worm is similar to a wabbit, except it uses network capabilities to spread itself across multiple computers.
A newly discovered vulnerability or bug that is therefore unknown to the wider cyber security industry and ripe for exploitation.
Much like the undead, being in possession of a zombie computer is quite a frightening concept. It’s when a computer, which appears to be functioning normally, has actually been compromised by a hacker that has remote access and uses it to carry out malicious tasks, such as spreading spam, launching cyber attacks or sending infected data to other computers. Usually the user will be unaware that their computer has become zombified.