We hope to demystify cyber security for you. Learn to speak like a pro and check out the most important security terms with our official explanations from F-Secure Labs.
Article Link: https://business.f-secure.com/security-a-to-z-glossary-of-the-most-important-terms
3. 3SWITCH ON FREEDOM
B
BACKDOOR
A remote administration utility that bypasses normal security mechanisms to secretly
control a program, computer or network. These utilities may be legitimate, and may be
used for legitimate reasons by authorized administrators, but they may also be misused
by attackers. A backdoor is usually able to gain control of a system because it exploits
vulnerabilities, bugs or undocumented processes in the system’s code.
BANKING FRAUD / TROJAN
Malware that attackers use to access their
victim’s online banking.
BOTNET
Anetwork ofdevicesinfectedwith
a specializedformofmalwareknownas
a botthatcanberemotelycontrolledbyan
attacker,usuallyvia a command-and-control
(C&C) server.Eachinfectedcomputer may
beknownasa bot,a zombiecomputer,or
a zombie.Anattacker,or groupofattackers,
canharnessthecollectiveresourcesof
a botnettoperformmajor maliciousactions,
suchassendingmillionsofspamemails,
launchinga distributeddenial-of-service
(DDoS),attack andmuchmore.
BRUTE-FORCE ATTACK
Atypeofattackthattypicallytargets
authenticationmechanismssuchas
passwords.Abrute-forceattackisan
exhaustive,trial-and-errorattemptthat
involvesrapidlycyclingthrough
acomprehensivelistofpossiblepasswords
ordecryptionkeys,untilthecorrectone
isentered.Brute-forceattackscommonly
succeedduetoweakpasswordsand/or
humanerrororlaxness.Often,abrute-force
attackiscombinedwithadictionaryattack,
whichusesalonglistofwordstakenfrom
dictionariesandpopularculturereferences.
Unlikeastandardbrute-forceattack,
adictionaryattackuseswordsthatare
thoughttobethemostlikelytosucceed.
A
ADWARE
AdwareisF-Secure’sclassificationnameforsoftwarethat
displaysadvertisementsonthecomputersordevices.
Theadvertisementsmaybedisplayedonthedesktopor
duringawebbrowsingsession.Adwareisoftenbundled
withfreesoftwarethatprovidessomefunctionalityto
theuser.Revenuefromtheadvertisingisusedtooffset
thecostofdevelopingthesoftware,whichistherefore
knownas‘ad-supported’.
ATTACK SURFACE
Codethatisactiveinatargetsystemandsomehow
involvedinprocessinginputthatcanbeusedinattacks.
Anyvulnerabilitiesthatcanbeexploitedarepartof
attacksurface.Thebasicidea insecurityistodisableall
unnecessaryfeaturesinsoftware,andthuslimitattack
surfaces.Disablingcodeinthismanner preventsitfrom
beingexploited-evenifitcontainsa vulnerability.
ATTACK VECTOR
Method of contact used to
attack victims. Examples of
typical attack vectors include
email, the web, and USB media.
4. 4SWITCH ON FREEDOM
CYBER ATTACK
Cyberattackstargetcomputerized
infrastructure,andcanthereforeproduce
affectsoutsideofthecomputingdomain.
Effectsarewhatdefinecyberattacks,not
methods.Ifadenial-of-serviceattackagainst
abankwebsitecrashespaymentprocessing
servers,andpreventspeoplefrompayingfor
thingswithcreditcardsorwithdrawingmoney
fromanATM,itisacyberattack.Anattack
againstahobbygameservermaybetechnically
identical,butifitonlyaffectsthatparticular
game,itwouldnotbeconsideredacyberattack.
CYBER SECURITY
Security that focuses on preventing
cyber attacks. Basically the same as
information security, except that
one should also consider the effects
that attackers can produce once they
have control of corporate systems and
build custom security mechanisms for
critical resources. A typical example
would be restricting the network
connections for workstations with
access to a corporate bank account,
or a production line controller
computer, etc. Cyber security is also
used by less honest consultants as a way
to rename everything that used to be
called information security in order to
charge bigger fees from customers.
CYBER ESPIONAGE
Espionage using
computers as tools for
espionage. It typically
involves hacking or using
malware to break into
corporate computers and
stealing information.
C
CLIENT / ENDPOINT
PC/Mac workstation or laptop,
or a mobile phone. Basically
anything that runs code, and
capable of running security
software. The basic definition
of a client is a device that can
run independent applications,
while a terminal is just a screen
that input access to computer
that is somewhere else.
CLOUD SECURITY
Security that is provided from a remote server.
The benefit of cloud security is that a remote
server receives information from multiple
sources, so it can make better decisions.
Another security benefit of cloud security
is that attackers cannot reverse engineer
security features that are implemented
at remote cloud server.
COMMAND AND CONTROL / C2
The command and control(C&C, or CC)
server of a botnet is the main control
point for the entire network of enslaved
computers.
5. 5SWITCH ON FREEDOM
D
DATA BREACH
An incident that involves data
leaking from an organization
as the result of a successful attack.
DDOS
AtypeofattackconductedovertheInternet,using
thecombinedresourcesofmanycomputersto
bombard,andfrequentlycrash,atargetedcomputer
systemorresource(e.g.,aprogram,websiteor
network).Therearevarioustypesof distributed
denial-of-service (DDoS) attacksthatcanbe
conductedindifferentways basedonhowtheattack
isconducted.DDoSattacksaresometimesincluded
aspartofawormortrojan’spayload-allinfected
computersaredirectedtoattacktheselectedtarget.
DDoSattacksarealsooftenperformedbybotnets,
asthecombinedresourcesofallthecomputersin
thebotnetcangenerateaterrificamountofdata,
enoughtooverwhelmmosttarget’sdefenseswithin
seconds.DDoSattackshavebecomeoneofthemore
dangerousmenacesofthemodernInternet.
DLP
Data Leakage Prevention -
a software or service used to detect
and possibly prevent information/
data breaches.
DOMAIN
A domain name (e.g. www.f-secure.com) is a human-friendly
text string given to identify a specific resource on the Internet –
in most cases, a website. Each domain name maps to a specific
IP address. Domain names are used because IP addresses, which
are what the computers use to identify common resources,
aren’t easy for humans to remember. Domain names are a part
of the hierarchical Domain Name System (DNS) used to organize
all resources on the Internet.
DRIVE-BY DOWNLOAD
The automatic download of a program from a visited website
onto a user’s computer, almost always without their knowledge
or authorization. Drive-by downloads are often used in conjunction
with Search Engine Optimization (SEO) attacks, in which search
engine results are poisoned in order to redirect users to a malicious
site where the drive-by attack can take place. The term ‘drive-by
download’ is most frequently used to describe the situation of a
website forcibly and silently downloading malware on to a visitor’s
system, but clicking on pop-up ads or viewing an email message
may also result in the user being subjected to this attack.
6. 6SWITCH ON FREEDOM
E
ENCRYPTION
The use of a cipher or algorithm to transform data, such
as a program’s code, into an unintelligible form. There are many
different ways to perform encryption, based on the algorithm
or cipher used. Some examples of encryption algorithms include
ROT13 and the Vigenere cipher. Encryption usually requires a
specific piece of information (a ‘key’) in order to transform the
encrypted information back to a usable state when necessary.
The simplest form of encryption uses a static unchanging key;
more sophisticated encryption may involve changes in the key
itself as well as the code to be transformed. Virus writers use
encryption to create encrypted viruses, which are harder for
antivirus programs to detect. Once installed, the encrypted virus
uses the key to decrypt its own code and execute it.
HACKING
Act of breaking into workstations,
servers or mobile phones through
a network or other connection.
A typical example of hacking would
be someone finding a vulnerability
in a server and then using an exploit
against that vulnerability to access
the system.
HEURISTICS
Reasoning based automation that is used to
detect malware or other attacks. Both clients
and servers in security clouds use heuristics.
Basically, heuristics model human decisions
for computer programs, allowing those
programs to automate decision making
processes. F-Secure uses heuristics to detect
malware and other types of attacks.
EXPLOIT VS EXPLOIT KIT
Exploit: An object - a program, a section of code, even a string of characters - that takes
advantage of a vulnerability in a program or operating system to perform various actions.
An exploit is almost always used in a malicious context. If successfully used, exploits can
provide an attacker with a wide range of possible actions, from viewing data on a restricted-
user database to almost complete control of a compromised system. Exploit kit: A server
which has a selection of exploits targeting vulnerabilities in several softwares or versions,
and a capability to analyze the client and select proper exploit. Typical exploit kit has
a selection of exploits for different web browsers and plugins.
HACKTIVISM
Type of activism which uses hacking in order
to push some agenda. Most typical cases of
hacktivism involve website defacement in
which attackers gain control of a web page
and change it to show political or other
messages. Twitter, Facebook and other
social media accounts are often seized for
hacktivism purposes.
HARDENING
Improving the security of a server
or workstation by modifying
security, server or application
settings. A typical example of
hardening would be to reduce an
attack surface by disabling features
that are not needed by a client or
server application. For example,
disabling JavaScript from a PDF
reader will break most PDF exploits.
H
7. 7SWITCH ON FREEDOM
K
L
M
KEYLOGGER
A program or hardware component that surreptitiously monitors and stores all the strokes
typed into a device’s keyboard. Some keylogger programs will also forward the stored
information to an external server for easier retrieval by the attacker. Keyloggers are typically
used by attackers to steal vital information such as personal details, credit card details, online
account login credentials, and so on. The stolen information can then be used to perpetrate
crimes such as identity theft, online fraud, monetary theft, and so on. Keylogger programs
are typically installed on a device by other malware, though they may also be manually
installed by an attacker with physical access to a device. Hardware components must
be manually installed.
MAN-IN-THE-MIDDLE ATTACK
A type of attack that involves an undetected third-party actively
eavesdropping and controlling communications between
two systems. The specific technical details of how the attack
is performed depends on the type of communication being
intercepted (wireless, Internet, mail, etc.), but for it to be
successful, the attacker must be able to impersonate each side
of the dialogue and convince them that the communication is
private and authentic. MITM attacks are usually done in order
to intercept or modify messages sent between the two systems,
or to inject false information.
LAYERED PROTECTION
A protection principle in which multiple methods are used to
protect against attacks. Layered protection is based on the
reality that it is almost impossible to make one security solution
that can stop 100% of attacks. Providing layered protection
requires the use of multiple technologies in security solutions.
ONLINE SCAMS = PHISHING
A type of social engineering attack in which fraudulent communications are used to trick the
user into giving out sensitive information, such as passwords, account information, and other
details. Phishing is a criminal activity in many jurisdictions. A phishing attack usually involves a
fake communication, often supposedly from a trusted corporation or institution that requires
some kind of response from the user. Usually, the subject matter is enticing or alarming, to
motivate the user into complying. Victims are then directed to a specific (usually fraudulent)
website in order to trick them into providing information to the attackers. Phishing attempts
are most commonly done via email, but attempts made by instant messages, SMS messages,
and even voicemail are also known. Malware may also drop phishing communications as part
of their payload. Phishing can often be executed using spam emails, but targeted phishing
attacks can also occur. The information stolen can have considerable value to a criminal, but
its loss can be even more significant to the victim. Such information theft is rapidly becoming
a major concern for law enforcement agencies and web service operators worldwide.O
8. 8SWITCH ON FREEDOM
P
PATCHING
Aprogramor pieceofcodeissuedbya program
vendor tofix issuesina programor operating
system.Patchesareusuallyissuedtofix bugs,
vulnerabilitiesor usabilityissues.Agoodsecurity
practiceistoinstallpatchesassoonaspossibleafter
theyarereleased.Unfortunately,for manybusinesses
andhomeusers,theremaybea significantdelay
betweenthetimea patchisreleasedandwhen
itisinstalledonanaffectedapplication
or machine,leavingthemvulnerabletoattacks.
RANSOMWARE
Amaliciousapplicationthatstealsor encryptsa user’s
dataorsystem,thendemandsa ransompaymentto
restorethedataornormalsystemaccess.Ransomware
programstypicallyencryptfilesona computer or device,
thendisplaysamessagestatingthattheuser needsto
payacertainsuminaspecifiedmanner.Thespecifics
ofhowtheencryptionisdone,thekindofmessage
displayed,andthepaymentmethodtobeusedusually
differbasedontheransomwarefamilyinvolved.Thisform
ofextortionworksontheassumptionthattheuser values
thedataenoughtopayforitsrecovery.However,there
isnoguaranteeofactualrecovery,evenafter a payment
ismade.Asencryptionisusuallyextremelydifficultto
break,thebestsafeguardagainstlosingaccesstocritical
datathiswayistokeepup-to-datebackupsofyour files
inaseparate,unconnectedlocationor device.
Up-to-dateantivirusprotectionanduser cautionarealso
keyinavoidingunintentional contactwithransomware.R REMOTE CODE EXECUTION
In computer security, remote code execution means
that an outside party being able to run arbitrary
commands on a target machine or in a target process,
almost always with malicious intent. Remote code
execution is usually the goal of a system or program
exploit, as it essentially means an attacker can take
complete control of the compromised machine.
REPUTATION
Information about whether
an application, URL or some
object is malicious, known
to be clean, or unknown.
Reputation is the information
that is used for whitelisting or
blacklisting applications.
9. 9SWITCH ON FREEDOM
SANDBOXING
An isolated, tightly controlled virtual environment that
replicates a normal computer system. Sandboxes are usually
virtual machines installed as a completely contained entity
on a host, or ‘real’ machine. Security researchers often use
sandboxes to run and examine suspect, untested or malicious
code without risking damage to their actual systems. Modern
antivirus programs also use sandboxes to run suspicious
programs found on a device, which allows the program to
be scanned in order to examine its behavior. If the suspect
program performs a harmful routine within the sandbox, it can
be identified as malicious without affecting the actual machine.
As malware evolves constantly, some sophisticated threats are
now ‘VM-aware’. They first check for the presence of a virtual
machine or sandbox on the system. If found, the malware
can refuse to run, or even uninstall itself as a precaution
against detection.
S
SOCIAL ENGINEERING
A general term used to describe attacks that leverage
psychological or social pressures to dupe an unsuspecting victim
into providing sensitive information such as passwords, account
details and so on. Social engineering attacks can take place both
online and offline. Online social engineering attacks usually
take the form of phishing or pharming attempts, which present
unsuspecting users with legitimate looking emails or websites
in order to convince potential victims to part with important
information or money. Another form of online social engineering
involves convincing a user to download a file, usually in the
guise of a security or application update, game or other desired
program. However, once downloaded and run, the file turns out
to be something entirely different, and almost always malicious.
Social engineering attacks tend to be effective in spite of their
simplicity, as they exploit natural human tendencies based on
trust, desire and curiosity.
SPEAR-PHISHING
Phishing in which the attacker has studied the target and
is able to personalize the attack to make it more credible.
Spearphishing is also used for sending malicious documents
with customized content, while conventional phishing attacks
are used to describe attacks which rely for scams rather than
malware or exploits.
10. 10SWITCH ON FREEDOM
SQL INJECTION
A type of attack that exploits poor user-input filtering to inject and run executable
commands in improperly configured Structured Query Language (SQL) databases.
Technically, a few types of SQL injection attacks are possible, but the end result of all
successful SQL injection attacks is that an attacker can manipulate or gain total control over
the database. SQL databases are a common feature of many applications. Often, companies
will use such databases for vital operations such as payrolls and customer records. The
most commonly reported attacks are launched against databases that can be accessed
via a website, simply because these databases are much easier for a hacker to reach. SQL
databases are commonly used on websites with dynamic content, making them popular
targets for hackers. SQL injection attacks only work against databases that don’t sanitize
user input properly. Whenever a user interacts with a database, such as by trying to log into
a “Members Only” section of a website, any input they provide should be ‘sanitized’, or
checked to make sure it doesn’t contain invalid characters. Poor or improper checking of the
data input may cause programming errors, which an alert or malicious user can then exploit.
SPYWARE
Aprogramdesignedtocompromisepersonalor confidential
information.Spywarecanbe installedona systemwithouta user’s
authorizationorknowledge.Spywarecanvarywidelyinthekinds
ofactionstheyperform.Somecommonactionsincludedisplaying
unsolicitedpop-ups,hijackinga browser’shomeor searchpages,
redirectingbrowsingresults,andmonitoringuser activities.These
actionsmayborderon,orbeoutrightconsidered,asmalicious.
Spywareissometimesconsidereda grayarea intermsofethics
andlegality.Dependingonthespecific action,contextofuseand
applicablelaws,spywaremay belegalandacceptable,dubious
butunlegislated,oroutrightillegalandunethical.Complicating
theissueisthatsomespywareisnotintentionallydesignedas
such.Instead,programmingerrorsmayresultinthemperforming
actionsthatmakethembehavelikespyware.Oncetheflawsare
corrected,theprogrammaythenbereclassified.
S
SPOOFING
The act of falsifying characteristics or data. Spoofing is usually
done in order to conduct malicious activities. For example, if
a spam email’s header is replaced with a false sender address
in order to hide the actual source of the spam, the email
header is said to be ‘spoofed’. An attack can also involve
elements of spoofing, as it prevents or complicates the
process of identifying the correct source of the attack. There
are many kinds of such ‘spoofing attacks’: email spoofing,
Internet Protocol spoofing, URL spoofing, and so on.
11. 11SWITCH ON FREEDOM
TCP
Transmission
Control Protocol,
the most commonly
used networking
protocol used to send
packages through
the Internet.
UNWANTED SOFTWARE/APP
Software that is not malware, but has annoying
or intrusive features that make it something
most people would prefer not to run. A typical
example would be adware that focuses only
on information gathering, and does not display
advertisements by itself.
T
U
TROJAN
This is a deceptive program that performs additional actions
without the user’s knowledge or permission. It does not
replicate itself. Trojans were named after the Trojan Horse of
Greek legend, and are sometimes referred to as Trojan Horse
programs. Quite often, the Trojan will have, or pretend to have,
a functionality that offers a useful service to the user -
a screensaver, a utility program, a service pack or application
update and so on - in order to encourage the user to run the
file. While the legitimate action is executing, the Trojan silently
performs its unauthorized routines in the background.
The effects of a Trojan’s payload on a computer system can
range from mildly annoying pranks (like changing desktop icon
positions) to serious, user-inhibiting functions (like disabling
the keyboard or mouse). They can even produce critically
destructive actions (like erasing files or stealing data). Trojans
can cause significant damage by stealing financially sensitive
data such as bank account credentials, or personal information
that can be used for identity theft. There are numerous types
of Trojans, and they can be categorized based on the malicious
action(s) they perform.
TWO-FACTOR
AUTHENTICATION
User login method that requires
information in addition to
a username and password.
A typical example of two-factor
authentication would
be verification through an SMS.
VULNERABILITY
A flaw or security loophole in a program, web service, network, or operating system that
allows a user or attacker to perform unintended actions, or gain unauthorized access.
A vulnerability can be a flaw in a program’s fundamental design, a bug in its code that allows
improper usage of the program, or simply weak security practices that allow attackers to
access the program without directly affecting its code. Fixing a vulnerability requires the
program vendor to create a patch (adding or changing the source code to rectify the flaw
or loophole) and distribute it to all users of the vulnerable product to protect them from
possible exploitation. A publicly announced vulnerability is often targeted by attackers, who
attempt to exploit it before the vendor can create and release a patch (known as a zero-day
attack). Unfortunately, there is often a significant time gap between when a patch is released,
and when it is installed on a vulnerable machine. During that time, the machine remains
exposed to attacks targeting the vulnerability.
V
12. 12SWITCH ON FREEDOM
ZOMBIE (IN CONNECTION TO BOTNETS)
Acomputer,serverormobiledevicethathasbeeninfectedwithspecializedmalwareknown
asabot,whichallowsanattacker tocontrolit.Azombiemachineisalsooftenknownasa bot.
Zombieorbotmachinesareusuallyropedintoa network ofsimilarlyinfecteddevices,known
asabotnet.Thiscollectivegroupofcontrolledmachinesisunder thecontroloftheattacker(s),
whocanbereferredtoasthe botnetcontroller,operator or botherder.Instructionsfromthe
botherdertoazombieinthebotnet- or toallofthem- areusuallysentvia a Commandand
Control(CnC)server,whichrelaysthecommands.TheCnCserver couldbea server,a malicious
orcompromisedwebsite,orevena hijackedsocialmedia account.Somebotnetsalsousea
peer-to-peer(P2P)commandstructure,sothatinstructionsarerelayedbetweeninfected
machines,makingitmuchharder totracetheattacker(s).Thecollectiveresourcesofallthe
machinesinabotnetareoftenusedfor maliciousactivity,suchaslaunchingdistributeddenial
ofservice(DDoS)attacks,sendingoutspam,andsoon.Often,thelegitimateowner or user
ofazombiemachinehasnoidea thatthedevicehasbeenhijackedandputtonefarioususe.
WORM
A program that replicates by sending copies of itself
from one infected system to other systems or devices
accessible over a network. Though most worms only
focus on self-propagating, some also include other
malicious actions in their payload - for example,
installing other malware, changing system settings, and
so on. A worm is usually classified based on the type of
network it uses to spread, such as the Internet, email,
IRC chat channels, peer-to-peer networks, Bluetooth,
SMS, or social media networks. A worm-infected
machine can suffer from productivity and network
issues if the malware’s propagation takes up too
much of the system’s resources. If many machines in a
network are simultaneously sending out worm copies,
the entire network may be affected, causing significant
disruption and inconvenience.
WHALING
Whaling is basically the
same as spear-phishing, i.e.
a type of social engineering
attack in which fraudulent
communications are used
to trick the user into giving
out sensitive information.
The difference is, however,
in the target. Whaling refers
to specifically highly targeted
attacks against the executives
and other high profile targets.
These targets hold business
critical data, and are worth
the extra effort of catching
the “big phis”.
ZERO-DAY
Azero-dayvulnerabilityisa vulnerabilitythatisstillunknownto
thevendor,andtherefore,unpatched.Attacksthatareperformed
beforethevulnerabilityhasa publiclyavailablepatch,or even
beforetheyareknowntothevendor arecalledzerodayattacks.
Evenafter a patchbecomespubliclyavailable,thereisoftena
timegapbeforemostcompaniesor homesuserscaninstallthe
patchona vulnerablemachine,whichgivesattackersanadditional
opportunitytoperforma successfulattack.Duetothehigh
chanceofattackerstargetinga vulnerabilitythathasbeenrecently
announced,manysecurityresearcherswillwork quietlywith
vendorstocreateandreleasethepatchfor a vulnerabilitybefore
publishingthenewstothegeneralpublic.
W
Z