A hacking attack that tricks victims into clicking on an unintended link or button, usually disguised as a harmless element.
An audio or video clip that has been edited and manipulated to seem real or believable. The most dangerous consequence of the popularity of deepfakes is that they can easily convince people into believing a certain story or theory that may result in user-behavior with a bigger impact as in political or financial.
When speaking in cyber security terms, the differences in hacker “hats” refers to the intention of the hacker. For example:
- White hat: Breaches the network to gain sensitive information with the owner’s consent – making it completely legal. This method is usually employed to test infrastructure vulnerabilities.
- Black hat: Hackers that break into the network to steal information that will be used to harm the owner or the users without consent. It’s entirely illegal.
In an APT attack a threat actor uses the most sophisticated tactics and technologies to penetrate a high profile network. APTs aim to stay ‘under the radar’ and explore the network while remaining undetected for weeks, months and even years. APTs are most often used by nation-state threat actors wishing to cause severe disruption and damage to the economic and political stability of a country. They can be considered the cyber equivalent of espionage ‘sleeper cells’.
Advanced Threat Protection (ATP) are security solutions that defend against sophisticated malware or hacking attacks targeting sensitive data. Advanced Threat Protection includes both software and managed security services.
Adware bombards users with endless ads and pop-up windows and cause a nuisance to user experience. Adware can also pose a real danger to devices and the unwanted ads can included malware or redirect user searches to malicious websites that collect personal data about users. Adware programs are often built into freeware or shareware programs, where the adware operator collects an indirect fee for using the program. Adware programs usually do not show themselves in the system in any way. Adware programs seldom include a de-installation procedure, and attempts to remove them manually may cause the original carrier program to malfunction
Anti-Botnet tools automatically generate botnet checks when a user browses to a website. If a risk is detected, it sends back a warning message to the device. The most common anti-botnet solution is, CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart)
Anti-Phishing protects users from fraudulent websites, often perfect replicas of legitimate websites, undetectable to the human eye. Protection is enforced by detecting fraudulent emails, and by blocking phishing websites.
Anti-Virus solutions integrate the latest generation of virus detection technology to protect users from viruses, spyware, trojans, and worms that can infect equipment through email or internet browsing.
An Attack Vector is the collection of all vulnerable points by which an attacker can gain entry into the target system. Attack vectors include vulnerable points in technology as well as human behavior, skillfully exploited by attackers to gain access to networks. The growth of IoT devices and (Work from Home) have greatly increased the attack vector, making networks increasingly difficult to defend.
Authentication is the process of verifying the identity of a user or piece of information and the veracity of information provided. In computing, it is the process of identifying a person or system with the username, password, etc. Authentication helps individuals and systems gain authorization based on their identity and prevent unauthorized access.
A Backdoor is used by attackers to gain access to a computer or a network. A programmer may bypass security steps and gain access to a computer by trapdoor programs, in the event of an attack on the computer system or networks. Attackers may also use such mechanisms to enter computers or networks without proper permission.
A Banker Trojan is a malicious computer program that intercepts sensitive personal information and credentials for accessing online bank or payment accounts.
Blacklist, Blocklist or Denylist is a basic access control mechanism that allows elements such as email addresses, users, passwords, URLs, IP addresses, domain names, file hashes, etc. through the system, except those explicitly mentioned which are denied access.
Bot A Bot is a program that automates actions on behalf of an agent for some other program or person, and is used to carry out routine tasks. Their use for malicious purposes includes spam distribution, credentials harvesting, and the launching of DDoS attacks.
A Botnet is a collection of compromised computers running malicious programs that are controlled remotely by a C&C (command & control) server operated by a cyber-criminal. Cybercriminals exercise remote control through automated processes (bots) in public IRC channels or web sites. (Such web sites may either be run directly by the ‘bot herder,’ or they may be legitimate web sites that have been subverted for this purpose.)
This is a method for guessing a password (or the key used to encrypt a message) that involves systematically trying a high volume of possible combinations of characters until the correct one is found. One way to reduce the susceptibility to a Brute Force Attack is to limit the number of permitted attempts to enter a password – for example, by allowing only three failed attempts and then permitting further attempts only after 15 minutes.
A Business Continuity Plan is an organization’s playbook for how to operate in am emergency situation, like a massive cyberattack. The business continuity plan provides safeguards against a disaster, and outlines the strategies and action plan on how to continue business as usual in the event of any large-scale cyber event.
The term Business Disruption refers to any interruption in the usual way that a system, process, or event works. Cyberattacks cause disruption to business operations and the associated risk of losses to the organization.
Bring Your Own Computer (BYOC) is a fairly recent enterprise computing trend by which employees are encouraged or allowed to bring and use their own personal computing devices to perform some or part of their job roles, specifically personal laptop computers.
Bring Your Own Laptop (BYOL) is a specific type of BYOC by which employees are encouraged or allowed to bring and use their own laptops to perform some or part of their job roles, including possible access to enterprise systems and data.
A Firewall is a security system that forms a virtual perimeter around a network of workstations preventing viruses, worms, and hackers from penetrating.
A Greylist contains items that are temporarily blocked (or temporarily allowed) until an additional step is performed.
A Hacker is a term commonly used to describe a person who tries to gain unauthorized access into a network or computer system.
Honeypots are computer security programs that simulate network resources that hackers are likely to look for to lure them in and trap them. An attacker may assume that you’re running weak services that can be used to break into the machine. A honeypot provides you advanced warning of a more concerted attack. Two or more honeypots on a network form a honeynet.
Identity and Access Management (IAM) is the process used by an organization to grant or deny access to a secure system. IAM is an integration of work flow systems that involves organizational think tanks who analyze and make security systems work effectively.
Theft Identity Theft occurs when a malicious actor gathers enough personal information from the victim (name, address, date of birth, etc.) to enable him to commit identity fraud – i.e., the use of stolen credentials to obtain goods or services by deception. Stolen data can be used to create a new account in the victim’s name (e.g., a bank account), to take over an existing account held by the victim (e.g., a social network account), or to masquerade as the victim while carrying out criminal activities.
Indicators of Compromise (IoC) are bits of forensic data from system log entries or files that identify potentially malicious activity on a system or network. Indicators of Compromise aid information security and IT professionals in detecting data breaches, malware infections, or other threat activity.
An In-line Network Device is one that receives packets and forwards them to their intended destination. In-line network devices include routers, switches, firewalls, and intrusion detection and intrusion prevention systems, web application firewalls, anti-malware and network taps
An Insider Threat is when an authorized system user, usually an employee or contractor, poses a threat to an organization because they have authorized access to inside information and therefore bypass most perimeter basedperimeterbased security solutions.
An Intrusion Prevention System (IPS) is a network security system designed to prevent network penetration by malicious actors.
The term Internet of Things (IoT) is used to describe everyday objects that are connected to the internet and are able to collect and transfer data automatically, without the need for human interaction. The Internet of Things encompasses any physical object (not just traditional computers) that can be assigned an IP address and can transfer data: this includes household appliances, utility meters, cars, CCTV cameras, and even people (e.g., heart implants).
A Keylogger is a kind of spyware software that records every keystroke made on a computer’s keyboard. It can record everything a user types including instant messages, email, usernames and passwords.
Malvertising is the use of online ads to distribute malicious programs. Cybercriminals embed a special script in a banner, or redirect users who click on an ad to a special page containing code for downloading malware. Special methods are used to bypass large ad network filters and place malicious content on trusted sites. In some cases, visitors do not even need to click on a fake ad — the code executes when the ad is displayed.
Malware is a general term for any type of intrusive computer software with malicious intent against the user.
A man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other. For example, a victim believes he’s connected to his bank’s web site and the flow of traffic to and from the real bank site remains unchanged, so the victim sees nothing suspicious. However, the traffic is re-directed through the attacker’s site, allowing the attacker to gather any personal data entered by the victim (login, password, PIN, etc.).
The MITRE ATT&CK™ framework is a comprehensive matrix of tactics and techniques used by threat hunters, red teamers, and defenders to better classify attacks and assess an organization’s risk. The aim of the framework is to improve post-compromise detection of adversaries in enterprises by illustrating the actions an attacker may have taken.
Mass-market cybersecurity services (e.g., anti-malware, anti-phishing) that operate from within a CSP’s network and not at the endpoint, such as a PC or a mobile device. Network-based services can protect any connected device regardless of model or operating system. This type of service, however, cannot be bypassed like other cybersecurity solutions and they can be implemented with no software installation, upgrades or configuration required on the part of the end user, leading to high rates of service adoption.
Parental Controls are features which may be included in digital television services, computer and video games, mobile devices and software that allow parents to restrict the access of content to their children. These controls were created to help parents control which types of content can be viewed by their children.
A Patch provides additional, revised or updated code for an operating system or application. Except for open source software, most software vendors do not publish their source code. So, patches are typically pieces of binary code that are patched into an existing program (using an install program).
Pen (Penetration) Testing is the practice of intentionally challenging the security of a computer system, network or web application to discover vulnerabilities that an attacker or hacker could exploit.
Phishing is a type of internet fraud that seeks to acquire a user’s credentials by deception. It includes theft of passwords, credit card numbers, bank account details, and other confidential information. Phishing messages usually take the form of fake notifications from banks, providers, e-pay systems, and other organizations. The phishing attempt will try to encourage a recipient, for one reason or another, to enter/update personal data. Common reasons given can include “suspicious login to the account,” or “expiration of the password.”
Personal Identifiable Information (PII or pii) is a type of data that identifies the unique identity of an individual.
Process Hollowing is a security exploit in which an attacker removes code in an executable file and replaces it with malicious code. The process hollowing attack is used by hackers to cause an otherwise legitimate process to execute malicious code. This attack can be done while evading potential defenses, such as detection analysis software.
Ransomware is the name given to malicious programs designed to extort money from victims by blocking access to the computer or encrypting stored data. The malware displays a message offering to restore the system/data in return for payment. Sometimes, cybercriminals behind the scam try to lend credibility to their operation by masquerading as law enforcement officials. Their ransom message asserts that the system has been blocked, or the data encrypted, because the victim is running unlicensed software or has accessed illegal content, and that the victim must pay a fine.
RDP is a protocol for remotely connecting to computers running Windows. It enables interaction with desktop elements as well as access to other device resources. RDP was conceived as a remote administration tool. However, it is often used by intruders to penetrate targeted computers. By exploiting incorrectly configured RDP settings or system software vulnerabilities, cybercriminals can intercept an RDP session and log into the system with the victim’s permissions.
Risktool programs have various functions, such as concealing files in the system, hiding the windows of running applications, or terminating active processes. They are not malicious in themselves, but include cryptocurrency miners that generate coins using the target device’s resources. Cybercriminals usually use them in stealth mode. Unlike NetTool, such programs are designed to operate locally.
A Rootkit is a collection of software tools or a program that gives a hacker remote access to, and control over, a computer or network. Rootkits themselves do not cause direct harm - and there have been legitimate uses for this type of software, such as to provide remote enduser support. However, most rootkits open a backdoor on targeted computers for the introduction of malware, viruses, and ransomware, or use the system for further network security attacks. A rootkit is typically installed through a stolen password, or by exploiting system vulnerabilities without the victim’s knowledge. In most cases, rootkits are used in conjunction with other malware to prevent detection by endpoint antivirus software.
In cybersecurity, a sandbox is an isolated environment on a network that mimics end-user operating environments. Sandboxes are used to safely execute suspicious code without risking harm to the host device or network.
Scareware is malware that uses scare tactics, often in the form of pop-ups that falsely warn users they have been infected with a virus, to trick users into visiting malware containing websites.
Security as a Service (SECaaS) is a type of cloud computing service where the provider offers the customer the ability to use a provided application. Examples of a SECaaS include online e-mail services or online document editing systems. A user of a SECaaS solution is only able to use the offered application and make minor configuration tweaks. The SECaaS provider is responsible for maintaining the application. Allot Secure is the first solution to offer SECaaS en mass to network service subscribers.
Threat Intelligence, or cyber threat intelligence, is intelligence proactively obtained and used to understand the threats that are targeting the organization. Trojan Trojans are malicious programs that perform actions that are not authorized by the user: they delete, block, modify or copy data, and they disrupt the performance of computers or computer networks. Unlike viruses and worms, Trojans are unable to make copies of themselves or self-replicate.
Two-factor Authentification combines a static password with an external authentication device such as a hardware token that generates a randomly-generated one-time password, a smart card, an SMS message (where a mobile phone is the token), or a unique physical attribute like a fingerprint.
Two-step Authentification is commonly used on websites and is an improvement over single factor authentication. This form of authentication requires the visitor to provide their username (i.e. claim an identity) and password (i.e. the single factor authentication) before performing an additional step. The additional step could be receiving a text message with a code, then typing that code back into the website for confirmation. Alternatives include receiving an email and needing to click on a link in the message for confirmation, or viewing a pre-selected image and statement before typing in another password or PIN.
A Virus is a malicious computer program that is often sent as an email attachment or a download with the intent of infecting that device. Once the device is infected, a virus can hijack the web browser, display unwanted ads, send spam, provide criminals with access to the device and contact list, disable security settings, scan, and find personal information like passwords.
A Virtual Private Network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. It is essentiallyIt essentially a virtual, secure corridor.
Vulnerabilities are weaknesses in software programs that can be exploited by hackers to compromise computers.
This term is used to describe exploit code that has been written to take advantage of a vulnerability before the software vendor knows about it and can publish a patch for it. The result is that would-be attackers are free to exploit the vulnerability, unless proactive exploit prevention technologies have been implemented to defend the computer being targeted by the attacker.
Zero-Touch Provisioning (ZTP) is an automatic device configuration process that frees IT administrators for more important tasks. The automated process reduces the possibility of errors when manually configuring devices and slashes the time it takes to set up devices for employee use, often without requiring IT intervention. Users can set up their devices with a few clicks, eliminating the need for administrators to create and track system images or manage the infrastructure required to push those images to new or repurposed devices.