Glossary of Terms
Below is a list of the most common terms used in the field of cyber security.
Cyber Attack A cyber attack is an attack on a single device or a multi-computer network launched by cyber attackers on one or more machines. A cyber attack can maliciously deactivate computers, siphon sensitive data out or use a hijacked computer as a leverage point for further attacks.
Malware A computer or smartphone program specifically intended for disrupting, damaging, or acquiring unauthorized device access. Examples of malware are Ransomware, Worm, Trojan, Spyware and Virus.
Virus A computer virus is a malicious software application loaded without consent of the user which executes malicious acts on the computer, smartphone or tablet of the user.
Spyware A computer program that allows an attacker to collect covert knowledge about computing operations by covertly transmitting their data or actions.
Trojan A Trojan horse is a form of malware sometimes masked as legitimate software used to hijack a victim's system. Users are usually fooled into loading and running trojans on their systems by some kind of social engineering.
Worm A machine worm is a kind of malicious program with the primary purpose to propagate itself to as many victim machines or devices as possible.
Ransomware Ransomware is a kind of malicious software (malware) that attempts to post or block data or computer device entry, typically by encrypting it, before a target pays the attacker a ransom charge. Ransomware attacks are far too popular today
Social Engineering Social engineering is a method of deception using human error to obtain or acces private knowledge and useful information. This "human hacking" scams aim to entic suspicious users to disclose details, spread malware or obtain access to internal networks.
Phishing Phishing is an intrusion attack often used to exfiltrate user information including login credentials and credit card numbers. It happens when an attacker masking as a legitimate user deceives a victim into opening an email.
Vishing Vishing, also referred to as voice phishing, is a cyber crime which uses your telephone to rob you off your personal confidential data. Cyber attackers use intelligent social techniques to persuade the victim to respond, to give up sensitive information and even passwords to bank accounts.
Smishing Smishing, also referred to as SMS phishing, is the malicious method of sending text messages purporting to be from legitimate businesses in order to get people to share personal information such as passwords or credit card numbers.
Spam Spam refers to unwanted bulk messages that are sent via emails, text messages, or other digital resources. Spam may also be used, beyond being a mere annoyance, to gather personal user information and to propagate viruses and other malware.
Black Hat Hacking Black Hat hackers are criminals who maliciously interrupt computer networks. They may also leverage malware or ransomware to steal passwords and credit card numbers or even extort money.
White Hat Hacking A white hat hacker unluke black hat hackers is ethical and is usually an IT-security researcher helping organisations with penetration testing and other means for assessing the security levels of systems, applications and data used and kept in an organisation
Penetration Testing A penetration test, also known as a pen test, is a simulated cyber attack to look for exploitable bugs on your device or asset. Penetration testing is widely used to improve and finetune an application or network firewall.
Phyiscal Penetration Testing Physical Penetration Testing, or Physical pentest, is simulated attack attempt intended to find flaws in the company's physical protection such as entry controls, access cards, meeting and server rooms and surveillance systems.
Vulnerability Any flaw in the information infrastructure, organizational controls, or procedures of a company that can be abused by cyber attackers is a cybersecurity vulnerability. Attackers can obtain access to a device and capture data through vulnerabilities.
Exploit An exploit is a code that leverages a vulnerability or loophole present in a program. Using these vulnerabilities, attackers can potentially gain unsolicited remote access to a network and its internal systems. In certain instances, a multi-level attack may be carried out using an exploit.
Brutforce Attack A cryptographic hack that relies on the guessing of a potential combination of targeted passwords before an exact password match is found. The longer and more complex a password is, the longer this attack takes.
DDOS attack DDoS (Distributed Denial of Service) is a malicious cyber-attack class used by hackers or cyber criminals to render online, network resources and host machines inaccessible to their legitimate internet users.
Data Breach An event involving data breach involves data being compromised, or removed from a device without the owner's knowledge or permission.The data collected may include information such as credit card numbers, consumer data, business secrets, national security matters, and may be private, proprietary or confidential.
Credential Stuffing Attack Credential stuffing is a cyber-attack approach in which attackers hack a device by using lists of vulnerable account credentials obtained from previous data breaches. The attack is usually performed by automated bots and is based on the premise that several users reuse their credentials across many platforms.
Two Step Authentication Two-factor authentication (sometimes referred to as "2-step verification" or "2FA") traditionally incorporates a mixture of something you know - a password or a pin, something you have - like your cell phone, a physical safety token, or something you are - like your fingerprint or a biometrics, to identify if a user is legitimate or not. Recent evolvements have also taken into account the location of the user as a fourth factor.
Cloud Computing The use of a remote network and devices for data storage, administration, and processing, as opposed to using a local computer or server.
Clickjacking Malicious practice of manipulating the behavior of a website user, by hiding links under legitimate, clickable components, such as a button, which lead to actions the user is unsuspecting of.
Firewall A Firewall is a network security system that controls the entry and exit traffic of the network and determines if specific traffic should be permitted or blocked by a series of security rules. For more than 25 years, network security firewalls have been the first line of protection. A firewall can take the form of a hardware device or a software program.
Packet Sniffing Packet sniffing is the process of collecting and recording any or all of the packets. Thus, for further study and analysis, any packet or specified subset of packets may be collected.
Blacklist A blacklist is a list of dubious or fraudulent entities that are denied the right to connect or operate on a network or device. Blacklisting is a common access control technique that has been used by anti-virus applications, spam scanners, intrusion prevention systems and other software programs for many years now.
Payment Card Skimmers In the cyber security space, a skimmer usually refers to hardware equipment that steals credit card information as customers shop at ATMs, gas pumps and other payment terminals.
Evil Twin Attack In an evil twin attack, an attacker creates a malicious wireless network – also known as an evil twin – that simulates the features of a lawful Access Point (including SSID). When connected to an evil twin, the victim's internet traffic is routed through the attacker's machine before it makes it to the end server. This allows the attacker to sniff and manipulate data which may result in the attacker obtaining sensitive information such as credentials and credit card details.