Access control is the process of either allowing or refusing specific requests to: 1) access and utilize information and associated information processing services; and 2) enter particular physical facilities.
A botnet is a network of compromised computers or devices that are controlled by a central command and used to carry out various malicious activities without the knowledge of their owners. Botnets are often behind a wide range of cyber attacks and hacks due to their ability to execute coordinated actions on a large scale.
Cybersecurity breaches, particularly those involving Account Takeover (ATO), have become alarmingly common in today’s digital landscape. ATO incidents occur when malicious actors illicitly acquire login credentials to gain unauthorized access to online accounts. The repercussions of such breaches are far-reaching, encompassing financial ramifications, identity theft, and reputational harm for both individuals and enterprises.
A botnet is a network of compromised computers or devices that are controlled by a central command and used to carry out various malicious activities without the knowledge of their owners. Botnets are often behind a wide range of cyber attacks and hacks due to their ability to execute coordinated actions on a large scale.
Cybersecurity breaches, particularly those involving Account Takeover (ATO), have become alarmingly common in today’s digital landscape. ATO incidents occur when malicious actors illicitly acquire login credentials to gain unauthorized access to online accounts. The repercussions of such breaches are far-reaching, encompassing financial ramifications, identity theft, and reputational harm for both individuals and enterprises.
The dark web is a segment of the internet that isn’t searchable through standard search engines and can solely be reached via specialized software like the TOR browser. It’s frequently utilized to facilitate illicit activities, such as the trade of illegal goods and services.
The dark web is a segment of the internet that isn’t searchable through standard search engines and can solely be reached via specialized software like the TOR browser. It’s frequently utilized to facilitate illicit activities, such as the trade of illegal goods and services.
The dark web is a segment of the internet that isn’t searchable through standard search engines and can solely be reached via specialized software like the TOR browser. It’s frequently utilized to facilitate illicit activities, such as the trade of illegal goods and services.
Elastic Kubernetes Service (EKS) is Amazon Web Services’ (AWS) fully managed Kubernetes service, designed to simplify the deployment and management of containerized applications at scale
The dark web is a segment of the internet that isn’t searchable through standard search engines and can solely be reached via specialized software like the TOR browser. It’s frequently utilized to facilitate illicit activities, such as the trade of illegal goods and services.
As the name suggests, this type of malware is a malicious program that uses software already present on a computer in order to infect it. Since it does not rely on using files of its own, it can be notably difficult to prevent and detect. By extension, this also makes it difficult to remove.
Geolocation refers to determining the physical location of a person using the digital information emitted by their internet-connected device.
The General Data Protection Regulation (GDPR) is a personal data protection law enacted by the European Union (EU) to safeguard the privacy of EU citizens. Implemented in May 2018, it establishes a cohesive framework of regulations applicable to all organizations handling personal data originating from the EU, irrespective of their location.
A hacker is an individual who utilizes their technical expertise and understanding to unlawfully access computer systems and networks. Their motivations can vary and may include seeking financial gain, engaging in political activism, or satisfying personal curiosity.
Hacktivism refers to the use of hacking techniques and digital activism to promote political or social causes. It originated in the late 20th century as a form of online activism, where individuals or groups would use hacking methods to raise awareness about various issues or to protest against governments, corporations, or organizations.
The term “honeypot” originates from military espionage, where spies used romantic relationships to extract secrets from adversaries. They set up “honey traps” or “honeypots” to lure and capture targets, coaxing them into revealing confidential information. In cybersecurity, cyber honeypots operate similarly to traditional honeypots, aiming to attract and trap cyber threats.
Insider threat refers to the risk posed by an individual with authorized access or knowledge within an organization to cause harm. This harm can result from malicious, complacent, or unintentional actions, which can compromise the integrity, confidentiality, and availability of the organization, its data, personnel, or facilities.
An Indicator of Compromise (IoC) is evidence discovered within a computer network or operating system that strongly suggests a computer intrusion has occurred.
Incident Response (IR) refers to the series of steps an organization undertakes following a cyber attack or breach. Having a well-defined IR plan is crucial for promptly and efficiently addressing incidents. However, 65% of organizations cite fragmented IT and security infrastructure as a hindrance to enhancing cyber resilience.
An Incident Response Plan (IRP) is a predefined and documented set of procedures designed to detect and address cyber incidents promptly and effectively.
Jailbreaking is the process of bypassing software restrictions enforced by the manufacturer on a device, such as a smartphone or tablet. This enables users to gain full access to the device’s operating system and install custom firmware, third-party applications, and other modifications that are typically not allowed.
A keylogger is a software or hardware device used to capture and record every keystroke made on a computer or mobile device keyboard. Keyloggers are commonly employed for monitoring and surveillance purposes, like in employee monitoring or parental control software. They can be installed on a computer or device either with or without the user’s knowledge or consent. Some keyloggers are designed to run invisibly in the background, recording all keystrokes without the user’s awareness. Others may be intentionally installed by the user, such as to track their own activity or troubleshoot device issues. The recorded keystrokes can include sensitive information like passwords, credit card details, and personal messages, making keyloggers susceptible to malicious use for purposes like stealing confidential information, identity theft, or cyber espionage. It’s important to note that using keyloggers without the user’s consent is illegal in many jurisdictions.
Kerberoasting attacks focus on exploiting the Kerberos protocol to obtain encrypted service tickets. By acquiring these tickets, attackers can compromise service accounts, gaining unauthorized access to sensitive information and network resources. To safeguard your organization against such attacks, it’s crucial to implement strong passwords and network segmentation measures.
Adversaries employ various techniques to infiltrate and control remote systems within a network. To achieve their primary objectives, they often explore the network to identify their target and gain access to it. This process frequently involves moving through multiple systems and accounts to reach their goal. In cybersecurity, this movement within a victim’s network is known as lateral movement. Lateral movement aims to expand the scope of the attack and discover new systems or data that can be compromised. While lateral movement can occur at any stage of an attack, it is most commonly observed during the post-compromise phase.
Malicious software designed to download and/or drop malicious payload code onto an infected computer system. Also referred to as a “dropper.”
A macro virus is a form of malicious software disseminated through documents that support macros, like Microsoft Office files. This type of virus is crafted to infect a computer and inflict harm on the system.
Malware as a Service (MaaS) refers to the provision of software or hardware for developing, testing, and/or distributing malware through a leasing model.
Mobile malware refers to malicious software specifically designed to compromise devices like phones, smartwatches, and tablets. Its primary aims include stealing sensitive financial and personal information and gaining remote access to the compromised devices.
A Man-in-the-Middle (MITM) attack is a cyber attack where an attacker intercepts and manipulates communication between two parties. This allows the attacker to eavesdrop on the conversation, modify the messages exchanged, or impersonate one of the parties to access sensitive information.
Money mules are individuals who facilitate the transfer of illegally obtained money, such as stolen funds, either in person, through courier services, or electronically, on behalf of others. These individuals are usually compensated for their services with a portion of the money transferred.
Network sniffing, also known as packet sniffing, is the process of capturing, collecting, and recording packets that traverse a computer network, regardless of their destination. This allows for the gathering of every packet or a specific subset of packets for subsequent analysis.
Windows New Technology LAN Manager (NTLM) is a collection of security protocols provided by Microsoft. These protocols are used to authenticate users’ identities and safeguard the confidentiality and integrity of their activities.
Open Source Intelligence (OSINT) refers to the collection, analysis, and dissemination of information that is publicly available and accessible to anyone. This includes information from sources such as social media, news articles, government reports, and other publicly available data. OSINT is used by individuals and organizations to gather intelligence and insights on various topics, including cybersecurity, market research, and competitive analysis. It can also be used by law enforcement and intelligence agencies to gather intelligence for investigations and operations. OSINT is often used in conjunction with other forms of intelligence gathering, such as human intelligence (HUMINT) and signals intelligence (SIGINT).
Password spraying is a form of brute-force attack where a malicious actor employs a single password across multiple targeted user accounts before proceeding to try another password, and repeating the process iteratively.
A passive attack is an intentional assault carried out by a threat source aiming to gather or utilize information from a system without attempting to modify the system, its resources, data, or operations.
Penetration testing, often referred to as pen testing or ethical hacking, is a security assessment method that simulates cyberattacks on a computer system. Its purpose is to assess the strength or weakness of the system’s security measures through simulated attack scenarios.
Penetration testing, often referred to as pen testing or ethical hacking, is a security assessment method that simulates cyberattacks on a computer system. Its purpose is to assess the strength or weakness of the system’s security measures through simulated attack scenarios.
Point-of-Sale (PoS) malware is malicious software specifically crafted to steal sensitive information related to financial transactions, including payment card data, from compromised PoS (Point of Sale) devices.
Proof-of-Concept (PoC) refers to a demonstration that illustrates, in principle, how a system could be either secured or compromised. It doesn’t require the creation of a fully functional implementation to showcase its potential.
Proxy malware is a form of malicious software, often classified as a trojan, designed to transform an infected computer system into a proxy server. This proxy server enables attackers to conduct nefarious activities anonymously, using the compromised system as an intermediary.
Query Injection is a type of cyber attack that targets databases through manipulation of input data, particularly within query strings. These attacks exploit vulnerabilities in web applications that interact with databases, allowing attackers to insert malicious code into input fields, such as search boxes or login forms. The injected code is often structured in a way that alters the behavior of database queries, enabling attackers to execute unauthorized commands or extract sensitive information from the database.
A Quick Response (QR) code attack involves the exploitation of QR codes to deceive users into accessing malicious content or performing unintended actions. Attackers create or manipulate QR codes containing URLs that lead to phishing sites, malware downloads, or data theft. Users should exercise caution when scanning QR codes from unknown sources and verify their legitimacy. Organizations can mitigate the risk by monitoring QR code usage, educating employees, and implementing security measures on corporate devices.
Ransomware is a type of malicious software designed to deny access to a computer system or data until a ransom is paid, typically in cryptocurrency. Attackers use ransomware to encrypt files or lock systems, demanding payment for decryption keys. If the ransom is not paid, attackers may threaten to publish sensitive data or continue to block access indefinitely.
Ransomware as a Service (RaaS) is a model where cybercriminals sell or lease ransomware services to other malicious actors, enabling them to launch ransomware attacks and share the profits. This model allows non-technical individuals to access and deploy ransomware with relative ease, increasing the prevalence of ransomware attacks across various targets.
A Remote Access Trojan (RAT) is malicious software crafted to grant attackers remote access and control over a computer system or network, enabling them to monitor activities and execute commands from a distance.
Reconnaissance is the systematic process of gathering information about technical, personnel, and organizational aspects to understand how to effectively attack a network (if conducted by a malicious actor) or fortify network defenses (if conducted by a defensive security team). This phase involves collecting data to identify potential vulnerabilities, weak points, and valuable assets within a target network, laying the groundwork for subsequent cyber operations.
Remote Code Execution (RCE) is a critical vulnerability that enables malicious actors to execute arbitrary code on a targeted system, granting them unauthorized access and control. This exploit poses a severe threat as attackers can remotely run commands or programs, potentially compromising the integrity, confidentiality, and availability of the system and its data.
Remote Desktop Protocol (RDP) is a network communication protocol created by Microsoft, enabling users to connect remotely to another computer. Frequently targeted by adversaries, RDP serves as a primary entry point for infiltrating network systems.
Risk management is the systematic process of identifying, analyzing, assessing, and managing risks to an acceptable level within an organization. This involves conducting thorough risk assessments, implementing strategies to mitigate identified risks, continuously monitoring risk factors over time, and documenting the overall risk management program. It also encompasses decision-making processes aimed at accepting, avoiding, transferring, or controlling risks, taking into consideration associated costs and benefits. Related terms include enterprise risk management, integrated risk management, and risk assessment.
In a red team/blue team exercise, the red team consists of offensive security experts tasked with attacking an organization’s cybersecurity defenses. Conversely, the blue team is responsible for defending against and responding to the red team’s attacks.
Security as a Service (SECaaS) provides organizations with a wide range of security solutions delivered via the cloud. This includes services such as threat detection and response, endpoint security, identity and access management, and security monitoring. By outsourcing security functions to a third-party provider, organizations can access expertise and resources that may otherwise be unavailable or costly to maintain in-house. Additionally, SECaaS offers scalability, allowing organizations to adapt their security measures to evolving threats and business needs without the burden of managing infrastructure and personnel internally.
Security testing is a critical component of software development and IT operations, aimed at identifying and mitigating potential security risks and vulnerabilities in applications, systems, and networks. This process involves assessing various aspects of a system’s security, including authentication mechanisms, data encryption, access controls, and potential points of exploitation. By conducting comprehensive security testing, organizations can proactively identify and address security weaknesses before they are exploited by malicious actors, thus enhancing the overall security posture of their digital assets.
Skimming is a type of payment card fraud that involves compromising a payment page on a website using a malicious script. This script captures sensitive payment card information entered by users, such as credit card numbers and security codes, without their knowledge or consent. The stolen information is then used for unauthorized transactions or sold on the dark web for illicit purposes. Skimming attacks can occur on e-commerce websites, payment portals, or any online platform where users input their payment card details, posing a significant threat to online security and financial integrity.
Smishing, short for “SMS phishing,” is a fraudulent practice where cybercriminals use text or SMS messages to deceive users into revealing sensitive personal information or sending money. These messages often impersonate legitimate organizations or individuals, prompting recipients to click on malicious links or provide confidential details such as account numbers, passwords, or credit card information. Smishing attacks exploit the trust and immediacy of text messaging to manipulate users into unwittingly compromising their security and financial well-being.
Social engineering is a deceptive tactic used by cybercriminals to manipulate individuals into divulging confidential information or performing actions that compromise their security. It involves exploiting psychological vulnerabilities rather than technical flaws. Common forms of social engineering include phishing emails, pretexting phone calls, and impersonation scams. These attacks often prey on human emotions such as trust, fear, or curiosity to trick victims into revealing sensitive information or performing actions like transferring money. Social engineering techniques can vary widely and may include pretexting, baiting, or tailgating, among others. It’s essential for individuals and organizations to stay vigilant and educate themselves about social engineering tactics to prevent falling victim to these scams.
Threat analysis, as defined in the NICE Framework, involves identifying and assessing the capabilities and activities of cybercriminals or foreign intelligence entities. The goal is to produce findings that can be used to initiate or support law enforcement and counterintelligence investigations or activities.
Threat hunting involves actively searching for malicious actors and hidden threats on your network. If your security team isn’t currently engaged in this proactive approach to cybersecurity, it’s essential to understand how it can enhance your organization’s security posture.
TTPs, or Tactics, Techniques, and Procedures, form a comprehensive framework of strategies and tactics utilized by cyber adversaries. They provide insight into the motives and methods of these adversaries, aiding in understanding and countering their actions in the cyber domain.
Unified Threat Management (UTM) refers to a comprehensive security solution that integrates multiple security features and functionalities into a single platform. It typically includes firewall, intrusion detection and prevention, antivirus, content filtering, virtual private networking (VPN), and other security capabilities. UTM systems are designed to provide simplified management and administration of security measures across an organization’s network infrastructure, offering enhanced protection against a wide range of cyber threats and attacks.
User Access Control is a security measure that regulates and manages user permissions and privileges within a system or network. It involves controlling what resources or data users can access, modify, or delete based on their roles, responsibilities, and levels of authorization. User access control mechanisms typically include user authentication, authorization, and accountability processes to ensure that only authorized individuals have appropriate access to specific resources or information. This helps to prevent unauthorized access, reduce the risk of data breaches, and maintain the confidentiality, integrity, and availability of sensitive information.
User authentication in Identity and Access Management (IAM) refers to the process of verifying the identity of users before granting them access to systems, applications, or resources. It involves validating the credentials provided by users, such as usernames and passwords, biometric data, security tokens, or digital certificates, to ensure that they are who they claim to be. User authentication is a fundamental component of IAM systems, ensuring that only authorized individuals can access specific resources based on their roles, permissions, and entitlements. This helps organizations secure their digital assets, protect against unauthorized access, and enforce compliance with security policies and regulations.
USB security refers to measures and practices implemented to protect computer systems and data from potential threats and vulnerabilities associated with USB (Universal Serial Bus) devices. It encompasses various strategies aimed at preventing unauthorized access, data leakage, malware infections, and other security risks posed by the use of USB devices such as flash drives, external hard drives, and USB peripherals. USB security measures may include device encryption, access controls, endpoint security solutions, USB port lockdown, secure USB data transfer protocols, and user education on safe USB usage practices. These measures help organizations and individuals mitigate the risks associated with USB devices and maintain the confidentiality, integrity, and availability of their sensitive information.
Vulnerability Assessment and Management involves conducting assessments to identify threats and vulnerabilities, evaluating deviations from acceptable configurations and policies, assessing associated risks, and recommending mitigation countermeasures in both operational and non-operational scenarios within the cybersecurity domain, as outlined in the NICE Framework.
Vishing, short for “voice phishing,” is the fraudulent practice of making phone calls or leaving voice messages that appear to be from legitimate organizations, aiming to deceive individuals into divulging sensitive personal information like bank account details and credit card numbers.
A vulnerability refers to a weakness present in an information system, security procedures, internal controls, or their implementation, which could potentially be exploited or triggered by a threat actor.
A virus is a type of computer program capable of replicating itself and spreading to other computers without the user’s permission or knowledge.
Wiper attacks refer to malicious software-based attacks aimed at permanently deleting or corrupting data on targeted systems.
A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.
Web Injects are modules or packages used in financial malware. They usually inject Hypertext Markup Language (HTML) or JavaScript code into content before it is displayed on a web browser. This alteration modifies what the unsuspecting user sees on the browser, presenting different content than what is actually sent by the server.
A whaling attack is a targeted social engineering tactic aimed at high-ranking executives or senior employees within an organization. The goal is to deceive these individuals into divulging sensitive information, providing access to their computer systems, or transferring funds to the attackers. Whaling attacks often involve sophisticated methods and may lead to significant financial or data breaches if successful.
Cross-Site Scripting (XSS) is a type of cyberattack where attackers inject malicious scripts into web applications that are viewed by other users. These scripts can steal sensitive information, hijack user sessions, or deface websites. XSS attacks typically occur when web applications fail to properly sanitize user input, allowing attackers to execute malicious code in the context of a victim’s browser.
An XML External Entity (XXE) attack is a type of cyberattack that exploits vulnerabilities in XML parsers or processors to access sensitive data or execute arbitrary code on a server. Attackers inject malicious XML entities into an XML document, which are then processed by the XML parser, leading to unauthorized access or data disclosure.
Cross-Site Scripting (XSS) is a type of cyberattack where attackers inject malicious scripts into web applications that are viewed by other users. These scripts can steal sensitive information, hijack user sessions, or deface websites. XSS attacks typically occur when web applications fail to properly sanitize user input, allowing attackers to execute malicious code in the context of a victim’s browser.
Extended Detection and Response (XDR) is a cybersecurity approach that integrates and correlates data from multiple security solutions across endpoints, networks, and cloud environments to provide comprehensive threat detection, investigation, and response capabilities. XDR solutions leverage advanced analytics and machine learning algorithms to detect and prioritize threats, enabling organizations to respond more effectively to cyberattacks.
In cybersecurity, the Yellow Team refers to a group of individuals responsible for conducting exercises or simulations to evaluate and improve an organization’s cybersecurity defenses. The Yellow Team’s role is to provide feedback and insights to both the Red Team (attackers) and Blue Team (defenders) during these exercises.
YARA rules are pattern matching rules written in the YARA language. They are used with the YARA tool to identify and classify malware based on specific patterns or characteristics found in its code or behavior.
In cybersecurity, yield management refers to the practice of maximizing the efficiency and effectiveness of security controls and resources to achieve the best possible outcomes in terms of risk reduction and threat mitigation.
A zero-day (0-day) vulnerability refers to a software security flaw that is exploited by cyber attackers before the software developers become aware of it. These vulnerabilities are called “zero-day” because developers have zero days to fix the issue before it’s exploited. Zero-day attacks can be highly damaging as they occur before a patch or fix is available, leaving systems vulnerable to exploitation. Defending against zero-day attacks often requires proactive security measures, such as advanced threat detection and behavior analysis, as well as timely patching and updates when fixes become available.
Zero Trust Architecture (ZTA) is a cybersecurity framework that emphasizes strict access controls and verification processes, treating every user and device as potentially compromised, even if they are within the internal network perimeter. This approach eliminates the concept of implicit trust traditionally associated with network architectures and instead requires continuous authentication and authorization for all users and devices, regardless of their location or context. By adopting a Zero Trust Architecture, organizations can enhance their security posture by minimizing the potential impact of breaches and unauthorized access attempts.
Zombie computers, also known as botnets, are compromised by malware and controlled remotely by threat actors. These compromised machines are used for various malicious activities, including distributed denial-of-service (DDoS) attacks, spam distribution, credential stuffing, and cryptocurrency mining. Examples of zombie computers include those infected with Mirai, TrickBot, Emotet, and Zeus malware.
Zeus is a notorious banking trojan that steals sensitive information from compromised computers, including banking credentials and personal data. It has been used in various cybercrime campaigns to conduct financial fraud, steal login credentials, and initiate unauthorized transactions.
Empowering Your Defense, One Threat at a Time