Dictionary of Cyber

Breach
A breach can include any unauthorised access to data, IT systems and endpoints. From a broader perspective this can also include handling or processing data in a way which does not comply with data protection laws.

Black Hat
A Black Hat Hacker is someone who violates cyber security for malicious reasons or personal gain. Hackers can also share information so that the same vulnerabilities can be exploited again.

Brute force
Brute force is a technique which uses automation is used to crack passwords by continuously trying different combinations to gain access.

Bot
A computer which has been compromised so a remote administrator can take control and use it to undertake activities.

Botnet
A network of infected devices connected to the Internet which used to commit cyber attacks without the knowledge of the owner.

Brute force attack
An attack in which computational power is used to automatically enter a vast quantity of number combinations in order to discover passwords and gain access.

Business impact
This the effect a cyber incident can have on your business financially, operationally and on your reputation.

CEO fraud
This is an attack where a senior company executive (usually the CEO) is impersonated and sends social engineering emails to persuade colleagues into making payments to fraudulent accounts.

Certificate
A digital certificate is a form of verification that allows the secure exchange of information.

Chatter
Discussion of an organisation on Dark Web forums.

Command and control
Communication channel set up by an attacker after an initial system compromise in order to continue interaction with the system.

Compromise
Unauthorised access to information stored on an IT system.

Cookie
A cookie is a small unit of information that your browser stores when you visit a web server which is then used to customize your next visit to the same web server.

Credential harvesting
The illegal gathering of usernames and passwords by cyber criminals.

Credential stuffing
A cyber attack where stolen account credentials are used to access to user accounts through automated login requests directed against a web application.

Darknet
Darknets are an anonymous private file sharing networks between trusted peers using non-standard protocols. The anonymity means that there is little scope for authorities to intervene.

Dark Web
Content existing on Darknets that is only accessible by means of special software which allows users to remain anonymous or untraceable.

Database Encryption
Encrypting databases will stop cyber criminals being able to read sensitive data even if they are able to access the database.

Data Dump
A large amount of data transferred from one system or location to another.

Deep Web
The deep web is the part of the internet which is not discoverable by means of standard search engines. It includes password protected or dynamic pages and encrypted networks.

Denial of Service (DoS) and Distributed Denial of Service (DDoS)
This is a type of cyber attack that prevents the use of system services or resources, or impairs access, usually by overloading the service with requests. This can occur with many types of businesses who process transactions online including e-commerce.

Dictionary attack
This is a type of brute force attack. Words, phrases and common passwords are used to gain access to your system.

DMARC
An internet protocol to prevent spoofing

DNS Filtering
A technique to block known IP addresses.

Domain Hijacking
A cyber criminal hijacks a domain by first blocking access to the domain’s DNS server and then putting his own server up in its place.

Domain Name Server (DNS)
DNS translates alphabetical website addresses into numerical IP addresses which identify the location of the website.

Dwell time
The length of time an attacker is present on an IT system without being detected.

Encryption
A mathematical function that protects information by making it unreadable by everyone except those with the key to decode it.

End-to-End Encryption
Data is encrypted when passing through a network while the routing information still visible.

Ethical hacking
The use of hacking techniques to identify and test cyber security vulnerabilities.

Exfiltration
The transfer of data from a system without consent.

Firewall
A system designed to prevent unauthorised network traffic to or from a trusted network.

Flooding
A common denial of service attack that takes systems offline by overloading the target with surplus requests, which disrupts services and blocks legitimate requests from getting through.

GDPR
A European regulation that sets out the rules for the protection of personal data and how this may be handled or processed.

Hacktivism
Hacking activity that is used for political and social purposes.

Honeypot (honeynet)
Decoy system to attract potential attackers that helps limit access to actual systems by detecting and deflecting or learning from an attack. Multiple honeypots form a honeynet.

Host
A host is a computer. Each host has a unique identifier called a hostname that allows other computers to access it.

Insider Risks
The damage that could be done by legitimate user with privileged access to systems, networks or data. This can be intentional or unintentional.

Internet of Things (IoT)
A term used to describe all objects with internet connectivity. This includes phones, wearable tech and household appliances.

IP Address
An Internet Protocol address is a numerical label that is assigned to any device that is using Internet Protocol and is connected to an Internet network.

Junk mail/Spam
Spam includes legitimate adverts, misleading adverts, and phishing messages designed to trick recipients into giving up personal and financial information.

Keylogger
A programme that records keystrokes on a computer without the user being aware.

Log file
A record of time-stamped events that have occurred within an operating system or software programme.

Logic Bomb
A logic bomb is a malicious program designed to execute when a certain criterion is met such as at a certain time or when a particular file is accessed.

Macro
A small program that can automate tasks in applications which attackers can use to gain access to a system.

Malware
A generic term used to describe malicious software such as viruses, Trojans and spyware.

Malvertising
A method of attack using online advertising to distribute malware.

Managed Service Provider
A managed service provider (MSP) delivers services such as network, infrastructure and security.

Man-in-the-middle Attack (MitM)
Cyber criminals interpose themselves between the victim and the website the victim is trying to reach.

Mobile Device Encryption
When encryption is enabled the device’s hard drive will be encrypted while the device is locked with the user’s passcode acting as the key.

Network
A group of interconnected endpoints and systems.

Outsource
Organisations may choose to outsource parts of their infrastructure to reputable firms if they lack the resources or expertise to do these themselves.

Patching
Applying updates (patches) to firmware or software in order to address vulnerabilities, to improve security or enhance performance.

Payload
The component of an attack which causes malware to initiate.

Penetration testing
A test designed to explore and expose security weaknesses in an information system so that they can be fixed.

Permissions
Permissions are the authorized actions that a user can perform

Privilege escalation
A cyber criminal may gain more powers on a network, for example using a normal user profile to compromise an administrator’s credentials

Pharming
An attack where a user can be redirected to an illegitimate website despite the user having entered the correct address.

Phishing
A method of cyber attack that uses social engineering techniques via email or instant messaging, in an attempt to fraudulently acquire personal information, such as passwords and credit card details, or divert payments to a criminal’s account.

Quarantine
Emails and files can be stored safely to assess whether they are harmful.

Ransomware
Ransomware a type of malware that prevents users from accessing their system or personal files by encrypting them and demands payment of a ransom to regain access.

RDP
Allows a user connect remotely into a target computer.

Reconnaissance
Locate key systems (e.g. domain controllers and backups), accounts and data within a network.
Attacker then selects target, researches it, and attempts to identify vulnerabilities.

Remote Access Trojan (RAT)
A type of malware that allows threat actors remote access to networks, and a backdoor for unauthorised control and surveillance of the target.

Rootkit
A rootkit is malware which enables access to an area of its software that is not otherwise allowed.

Sandboxing
Sandboxing is a security system to run suspicious programmes in an isolated environment.

Sextortion
Cyber criminals email their target claiming to have evidence of a compromising nature – sometimes obtained through a user’s webcam. The blackmailer threatens to share the evidence unless a ransom is paid.

Signature
A pattern expected to be found in every instance of a particular virus.

Skimming
Skimming is a method used by cyber criminals using a device called a skimmer to capture your personal or account information from your credit card, driver’s license or even passport. Skimmers can be purchased online for under $5.

Smishing
Phishing via SMS text messaging.

Spam
Unsolicited or unwanted electronic messages.

Spear phishing
Spear phishing is social engineering attack that targets a specific person. It usually tailors the attack to the target and may contain requests for sensitive information or contain malicious links.

Spoofing
Spoofing is faking an IP address or masking/changing the sender information on an email so as to deceive the recipient as to its origin. Malicious spoof attacks are made to look like it come from a safe source but like to a page that will infect your system with malware.

Spray attack
Password spraying is an attack that attempts to access a large number of accounts with a few commonly used passwords.

Spyware
Spyware monitors and stores the victim’s Internet activity including keystrokes and browser history to harvest usernames, passwords, financial information and more.

Threat actors
Cyber criminals who use the internet to commit crimes such as identity theft, illegal spamming, phishing, and fraud.

Threat hunting
Proactively searching through data to identify threats that evade existing security defences such as anti-virus solutions.

Threat landscape
The range of current cyber threats you could encounter.

Trojan horse
A computer program that appears to have a useful function but hides a malicious function.

Two Factor Authentication
Where a user is authenticated by two different means such as a password and passcode sent to a mobile device.

Unintentional insider threat
An employee who unwittingly allows a cyber criminal to achieve their goal.

URL Obfuscation
URL Obfuscation is when scammers use phishing emails to guide recipients to fraudulent sites with names very similar to established sites. They use a slight misspelling or other subtle difference such as Arnazon.

Virus
A file capable of attaching to disks or other files and replicating itself repeatedly.

Virtual Private Network (VPN)
An encrypted network often created to allow secure connections for remote users.

Vulnerability
An exploitable weakness or loophole which allows an attacker to compromise a system.

Watering hole
This is cyberattack targeting a particular organisation. Malware is installed on a website or websites regularly visited by the members in order to infect computers used within the organisation itself.

Whaling
Highly targeted phishing attacks that are aimed at senior executives.

Worm
Self-replicating malware that spreads onto other connected devices.

XSS
Cross-site scripting (XSS) is a web application vulnerability that allows malicious scripts to be injected into otherwise harmless websites then executed in the user’s browser.

YARA
A tool that helps with the identification and classification of malware samples.

Zero day attack
A brand new attack which has not been seen before and so there is no immediate vendor solution.

Zero day vulnerability
A brand new vulnerability discovered in software for which there is no patch.

Zombie
A zombie is compromised computer that is connected to the internet and can be used remotely to carry out malicious tasks.