9 November 2021

Cyber security dictionary

Cyber risk is increasing, cyber attackers are becoming more aggressive and are creating new ways to reach their goals. What methods are they using to get closer to you and your data? How to become more aware of what is waiting for you in the cybersecurity world? We created a cybersecurity dictionary to help you better understand the attacker’s behavior, so you won’t get fooled (anymore). Read more about cybersecurity terminology in our growing dictionary.

Botnet

is a network created out of malware infected devices (computers, smartphones, IoT devices) which is remotely controlled by an attacker. Infected devices working altogether as a botnet are performing malicious tasks, such as DDoS attacks or sending spam emails. Created botnets can be further leased to third parties (other hackers).

Exploit

can be explained as a special program, a piece of code or a sequence of commands. It takes advantage of vulnerability or bug in software or hardware aiming to take over control, gain privileged access or disrupt the service completely. Therefore it is important for developers to identify software or app bug/vulnerability and patch it before it may get misused. Exploits are unknown to everyone/not known to everyone but the people that developed them are called “zero day” exploits and are dangerous because there is no defense against them yet. Users should always keep their software or apps updated to secure it against all the known bugs and vulnerabilities.

Honeypot

is a security mechanism (usually a server), which aims to attract potential attacks and record them for further analysis. It is a kind of trap which lures attackers and fools them into thinking it is a legitimate target. Since honeypot has no other function, almost any interaction with it is a signal of suspicious activity. Honeypot is usually used to obtain information about attackers, their behavior, methods or tools. Understanding attacker’s behavior helps to find better and more effective ways of defense.

Malware

is an abbreviation for malicious software. It is any software intentionally designed to damage computers, serves or networks. Malware is an inclusive term for different types of malicious software, such as virus, worm, trojan horse, spyware, adware or ransomware.

Phishing

is a type of attack in which attackers try to lure confidential information from users through messages. Their goal is to collect usernames, passwords or credit card information and further use it to rob the user, gain unauthorized access to devices, networks, information or other people, install a malware or steal user’s identity. Phishing often starts with a fraudulent email, that appears to be legitimate. This fools the victim and makes him/her click on a malicious link or open infected attachment. Be careful when you receive an email from unknown or suspiciously looking email address with many grammatical or factual errors. Don’t click on links or suspicious attachments and always think before you click.

Ransomware

encrypts or blocks user’s data and then blackmails him/her and requires a ransom for making them available again. The threat of sharing the obtained data is often involved in this attack

Smishing

is basically a type of phishing using fraudulent SMS or text messages. Term smishing is combination of words SMS and phishing. As people are getting more aware of phishing and email scams are being filtered out, attackers are moving to a different device – mobile phones.

Spam

is unsolicited bulk message, mostly an email that distributes ad. Spam itself is more annoying than dangerous, but be careful, because spam campaigns may contain elements of phishing, smishing or spread malicious links and attachments.

Spyware

is a malicious software, that collects information about a user or organization in order to send it to another entity or to cause harm. It may cause a breach of privacy by sharing the obtained data or a security threat to the device. This behavior can be present in malware, but also in a legitimate software. For instance some websites use spyware-like practices to track user’s activity.

Social engineering

is a psychological manipulation of people into performing certain actions in order to obtain confidential information or an unauthorized access to a system or device. It does not require any technical skills as attackers rely on human error. The well-known types of social engineering are phishing, vishing, smishing or spam.

Tabnabbing

is a type of phishing attack designed to gain user’s login details to popular websites and services. Having multiple tabs open and getting back to them later? Then you may easily become a target of this attack. Tabnabbing causes browser to navigate user to a fake page after the page has been left unattended. Page often imitates well-known internet services and it looks pretty much the same as the legitimate one, so user doesn’t hesitate to log in. It is more difficult to avoid tabbnabbing, as it does not rely on human error.

Trojan horse

is a type of malware which fakes its true intent and pretends to be a useful and safe file. Trojans are spread by some form of social engineering, they may be hidden in email attachment, or are obtained by clicking on a fake advertisement on social media or anywhere on the web. Ransomware attacks are also often carried out using trojan horses.

Vishing

is a type of phishing carried out via phone calls, using methods of social engineering. Term vishing is a combination of words voice and phishing. Attacker tries to convince the victim to be a reputable company or person (police, bank, telecommunications company or a new colleague). After gaining victim’s trust, attacker asks for credentials or other confidential information. Vishing is quite popular because it is more difficult to track.

Virus (worm)

is a type of malware, that spreads through the network and makes copies of itself from one computer to another. It slows down the infected device, makes system unstable and destroys data.

Whaling

is a targeted phishing attack on a high-ranking, important person in the company structure (“big fish” or “whale”). Unlike phishing, it is more targeted, thoughtful and better prepared. The goal isto is to lure confidential information or to manipulate victim into performing certain actions (e.g.,money transfer).

Related articles