Cyber Security Terminology

We have put together a glossary of cyber security terms which you may find useful.

Advanced Persistent Threat

A cyber attack that uses sophisticated techniques to conduct cyber espionage or other malicious activity on an ongoing basis against targets such as governments and companies. Typically conducted by an adversary with sophisticated levels of expertise and significant resources – frequently associated with nation-state players.

Antivirus

Antivirus software is used to monitor a computer or network, to detect cyber security threats ranging from malicious code to malware. As well as alerting you to the presence of a threat, antivirus programs may also remove or neutralise malicious code.

Attack signature

A characteristic or distinctive pattern that can help link one attack to another, identifying possible actors and solutions.

Attacker

The agent behind the threat: a malicious actor who seeks to change, destroy, steal or disable the information held on computer systems and then exploit the outcome.

Authentication

The process of verifying the identity or other attributes of a user, process or device

Behaviour monitoring

Observing the activities of users, information systems, and processes. Can be used to measure these activities against organisational policies and rule, baselines of normal activity, thresholds, and trends.

Blacklist

A list of entities (users, devices) that are either blocked, denied privileges or access.

Bot

A computer connected to the Internet that has been compromised with malicious logic to undertake activities under the command and control of a remote administrator.

Botnet

A network of infected devices, connected to the Internet, used to commit coordinated cyber attacks without their owner’s knowledge.

Breach

The unauthorised access of data, computer systems or networks.

Brute force attack

An attack in which computational power is used to automatically enter a vast quantity of number combinations in order to discover passwords and gain access.

Certificate

A digital certificate is a form of digital identity verification that allows a computer, user or organisation to securely exchange information.

Certified Information Systems Auditor (CISA)

A certification for professionals who monitor, audit, control and assess information systems.

Cipher

An algorithm for encrypting and decrypting data. Sometimes used interchangeably with the word ‘code’.

Credentials

The information used to authenticate a user’s identity – for example, password, token, certificate.

Cross Site Scripting (XSS)

Cross-site scripting (XSS) is a software vulnerability usually found in Web applications that allows online criminals to inject client-side script into pages that other users view.

The cross-site scripting vulnerability can be employed at the same time by attackers to over-write access controls. This issue can become a significant security risk unless the network administrator or the website owner doesn’t take the necessary security means.

Cryptography

The study of encoding. Also, the use of code/cipher/mathematical techniques to secure data and provide authentication of entities and data.

Cyber attack

Deliberate and malicious attempts to damage, disrupt or gain access to computer systems, networks or devices, via cyber means.

Cyber Essentials

A UK Government-backed self-assessment certification that helps you protect against cyber attacks while also demonstrating to others that your organisation is taking measures against cyber crime.

Cyber security

Cyber security is a collective term used to describe the protection of electronic and computer networks, programs and data against malicious attacks and unauthorised access.

Data breach

The unauthorised movement or disclosure of information, usually to a party outside the organisation.

Data integrity

The quality of data that is complete, intact, and trusted and has not been modified or destroyed in an unauthorized or accidental manner.

Data loss

No longer having data, whether because it has been stolen, deleted, or its location forgotten.

Data security

The measures taken to protect confidential data and prevent it from being accidentally or deliberately disclosed, compromised, corrupted or destroyed.

Decryption

The process of deciphering coded text into its original plain form.

Denial of service (DoS)

This is a type of cyber attack that prevents the authorised use of information system services or resources, or impairs access, usually by overloading the service with requests.

Dictionary attack

Known dictionary words, phrases or common passwords are used by the attacker to gain access to your information system. This is a type of brute force attack.

Distributed denial of service (DDoS)

A denial of service technique where multiple systems are used to perform the attack, overwhelming the service.

Download attack

Malicious software or a virus that is installed on a device without the user’s knowledge or consent – sometimes known as a drive-by download.

The use of energy, such as radio waves or lasers, to disrupt or disable the enemy’s electronics. An example would be frequency jamming to disable communication equipment.

Encode

The use of a code to convert plain text to cipher text.

Encryption

The use of a cipher to protect information, making it unreadable to anyone who doesn’t have the key to decode it.

Endpoint

A collective term for internet-capable computer devices connected to a network – for example, modern smartphones, laptops and tablets are all endpoints.

Ethical hacking

The use of hacking techniques for legitimate purposes – i.e. to identify and test cyber security vulnerabilities. The actors in this instance are sometimes referred to as ‘white hat hackers’.

Exfiltration

The transfer of information from a system without consent.

Exploit

The act of taking advantage of a vulnerability in an information system. Also used to describe a technique that is used to breach network security.

Firewall

A virtual boundary surrounding a network or device that is used to protect it from unwanted access. Can be hardware or software.

GDPR

General Data Protection Regulations. European legislation designed to prevent the misuse of data by giving individuals greater control over how their personal information is used online

Hacker

Someone who breaks into computers, systems and networks.

Hashing

Using a mathematical algorithm to disguise a piece of data.

Honeypot (honeynet)

A decoy system or network that serves to attract potential attackers, protecting actual systems by detecting attacks or deflecting them. A good tool for learning about attack styles. Multiple honeypots form a honeynet.

An information system used to control industrial processes or infrastructure assets. Commonly found in manufacturing industries, product handling, production and distribution.

Information security policy

The directives, regulations, rules, and practices that form an organisation’s strategy for managing, protecting and distributing information.

IP spoofing

A tactic used by attackers to supply a false IP address in an attempt to trick the user or a cyber security solution into believing it is a legitimate actor.

ISO 27001

The gold standard in information security management systems (ISMS), demonstrating the highest level of accreditation.

Jailbreak

The removal of a device’s security restrictions, with the intention of installing unofficial apps and making modifications to the system. Typically applied to a mobile phone.

Keylogger

A type of software or hardware that tracks keystrokes and keyboard events to monitor user activity

Logic bomb

A piece of code that carries a set of secret instructions. It is inserted in a system and triggered by a particular action. The code typically performs a malicious action, such as deleting files.

Malicious code

Program code designed for evil. Intended to hurt the confidentiality, integrity or availability of an information system.

Malvertising

The use of online advertising to deliver malware.

Malware

Short for malicious software. Any viruses, Trojans, worms, code or content that could adversely impact organisations or individuals.

Man-in-the-middle Attack (MitM)

Cyber criminals interpose themselves between the victim and the website the victim is trying to reach, either to harvest the information being transmitted or alter it. Sometimes abbreviated as MITM, MIM, MiM or MITMA.

Mitigation

The steps taken to minimise and address cyber security risks.

Mobile Device Management (MDM)

Mobile device management (MDM) is a type of security software, specifically for monitoring, managing and securing mobile, tablet and other devices, allowing remote administration and management of the device

Packet sniffer

Software designed to monitor and record network traffic. It can be used for good or evil – either to run diagnostics and troubleshoot problems, or to snoop in on private data exchanges, such as browsing history, downloads, etc.

Passive attack

Attackers try to gain access to confidential information in order to extract it. Because they’re not trying to change the data, this type of attack is more difficult to detect – hence the name ‘passive’.

Password sniffing

A technique used to harvest passwords by monitoring or snooping on network traffic to retrieve password data.

Patch management

Patches (updates) are provided by developers to fix flaws in software. Patch management is the activity of getting, testing and installing software patches for a network and the systems within it.

Patching

Applying updates (patches) to firmware or software, whether to improve security or enhance performance.

Payload

The element of the malware that performs the malicious action – the cyber security equivalent of the explosive charge of a missile. Usually spoken of in terms of the damaging wreaked.

Payment Card Industry Data Security Standard (PCI-DSS)

The security practices of the global payment card industry. Retailers and service providers that accept card payments (both debit and credit) must comply with PCI-DSS.

Penetration testing

A test designed to explore and expose security weaknesses in an information system so that they can be fixed.

Pharming

An attack on network infrastructure where a user is redirected to an illegitimate website, despite having entered the right address.

Phishing

Mass emails asking for sensitive information or pushing them to visit a fake website. These emails are generally untargeted.

Proxy server

A go-between a computer and the internet, used to enhance cyber security by preventing attackers from accessing a computer or private network directly.

Ransomware

Ransomware is a type of malware (malicious software) which encrypts all the data on a PC or mobile device, blocking the data owner’s access to it.

After the infection happens, the victim receives a message that tells him/her that a certain amount of money must be paid (usually in Bitcoins) in order to get the decryption key. Usually, there is also a time-limit for the ransom to be paid. There is no guarantee that the decryption key will be handed over if the victim pays the ransom. The most reliable solution is to back up your data in at least three different places (for redundancy) and keep those backups up to date, so you don’t lose important progress.

Remote Access Trojan (RAT)

Remote Access Trojans (RATs) use the victim’s access permissions and infect computers to give cyber attackers unlimited access to the data on the PC.

Cyber criminals can use RATs to exfiltrate confidential information. RATs include backdoors into the computer system and can enlist the PC into a botnet, while also spreading to other devices. Current RATs can bypass strong authentication and can access sensitive applications, which are later used to exfiltrate information to cyber criminal-controlled servers and websites.

Rootkit

A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools.

Secret key

A cryptographic key that is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme.

Security automation

The use of information technology in place of manual processes for cyber incident response and management.

Security monitoring

The collection of data from a range of security systems and the correlation and analysis of this information with threat intelligence to identify signs of compromise.

Security Operations Center (SOC)

A central unit within an organisation that is responsible for monitoring, assessing and defending security issues.

Security policy

A rule or set of rules that govern the acceptable use of an organisation’s information and services to a level of acceptable risk and the means for protecting the organisation’s information assets.

Single Sign-On (SSO)

A software process to enable computer users to access more than one application using a single set of credentials, such as a username and password.

Smishing

Phishing via SMS: mass text messages sent to users asking for sensitive information (eg bank details) or encouraging them to visit a fake website.

Social engineering

Manipulating people into carrying out specific actions or divulging information that is of use to an attacker. Manipulation tactics include lies, psychological tricks, bribes, extortion, impersonation and other type of threats. Social engineering is often used to extract data and gain unauthorised access to information systems, either of single, private users or which belong to organisations.

Spam

The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.

Spear phishing

Spear phishing is a cyber attacks that aims to extract sensitive data from a victim using a very specific and personalised message designed to look like it’s from a person the recipient knows and/or trusts.

This message is usually sent to individuals or companies, and it is extremely effective because it’s very well planned. Attackers invest time and resources into gathering information about the victim (interests, activities, personal history, etc.) in order to create the spear phishing message (which is usually an email). Spear phishing uses the sense of urgency and familiarity (appears to come from someone you know) to manipulate the victim, so the target doesn’t have time to double check the information.

Spoofing

Faking the sending address of a transmission to gain unauthorised entry into a secure system.

Spyware

Spyware is a type of malware designed to collect and steal the victim’s sensitive information, without the victim’s knowledge. Trojans, adware and system monitors are different types of spyware. Spyware monitors and stores the victim’s Internet activity (keystrokes, browser history, etc.) and can also harvest usernames, passwords, financial information and more. It can also send this confidential data to servers operated by cyber criminals so it can be used in consequent cyber attacks.

SQL injection

This is a tactic that uses code injection to attack applications that are data-driven. The maliciously injected SQL code can perform several actions, including dumping all the data in a database in a location controlled by the attacker. Through this attack, malicious hackers can spoof identities, modify data or tamper with it, disclose confidential data, delete and destroy the data or make it unavailable. They can also take control of the database completely.

SSL / Secure Sockets Layer

This is an encryption method to ensure the safety of the data sent and received from a user to a specific website and back. Encrypting this data transfer ensures that no one can snoop on the transmission and gain access to confidential information, such as card details in the case of online shopping. Legitimate websites use SSL (start with https). Users should avoid inputting their data in websites that don’t use SSL.

Steganography

A way of encrypting data, hiding it within text or images, often for malicious intent.

Symmetric key

A cryptographic key that is used to perform both the cryptographic operation and its inverse, for example to encrypt plain text and decrypt cipher text, or create a message authentication code and to verify the code.

Threat analysis

The detailed evaluation of the characteristics of individual threats.

Threat assessment

The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property.

Threat hunting

Cyber threat hunting is the process of proactively searching across networks and endpoints to identify threats that evade existing security controls.

Threat management

There is no silver bullet to prevent 100% of cyber threats. Successful threat management requires a multi-layered approach encompassing prevention, detection, response and recovery.

Threat monitoring

During this process, security audits and other information in this category are gathered, analysed and reviewed to see if certain events in the information system could endanger the system’s security. This is a continuous process.

Token

In security, a token is a physical electronic device used to validate a user’s identity. Tokens are usually part of the two-factor or multi-factor authentication mechanisms. Tokens can also replace passwords in some cases and can be found in the form of a key fob, a USB, an ID card or a smart card.

Traffic light protocol

A set of designations employing four colours (RED, AMBER, GREEN, and WHITE) used to ensure that sensitive information is shared with the correct audience.

Trojan horse

A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorisations of a system entity that invokes the program.

Two-factor authentication (2FA)

The use of two different components to verify a user’s claimed identity. Also known as multi-factor authentication.

Typhoid adware

This is a cyber security threat that employs a Man-in-the-middle attack in order to inject advertising into certain web pages a user visits while using a public network, like a public, non-encrypted WiFi hotspot. In this case, the computer being used doesn’t need to have adware on it, so installing a traditional antivirus can’t counteract the threat. While the ads themselves can be non-malicious, they can expose users to other threats. For example, the ads could promote a fake antivirus that is actually malware or a phishing attack.

URL injection

A URL (or link) injection is when a cyber criminal creates new pages on a website owned by someone else that contain spam words or links. Sometimes, these pages also contain malicious code that redirects your users to other web pages or makes the website’s web server contribute to a DDoS attack. URL injection usually happens because of vulnerabilities in server directories or software used to operate the website, such as an outdated WordPress or plugins.

Virtual Private Network (VPN)

An encrypted network often created to allow secure connections for remote users, for example in an organisation with offices in multiple locations.

Virus

Programs that can self-replicate and are designed to infect legitimate software programs or systems. A form of malware.

Vulnerability

A weakness, or flaw, in software, a system or process. An attacker may seek to exploit a vulnerability to gain unauthorised access to a system.

Wabbits

A wabbit is one of four main classes of malware, among viruses, worms and Trojan horses. It’s a form of computer program that repeatedly replicates on the local system. Wabbits can be programmed to have malicious side effects. A fork bomb is an example of a wabbit: it’s a form of DoS attack against a computer that uses the fork function. A fork bomb quickly creates a large number of processes, eventually crashing the system. Wabbits don’t attempt to spread to other computers across networks.

Whitelist

A list of entities that are considered trustworthy and are granted access or privileges.

Worm

A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself

Zero-day

Recently discovered vulnerabilities (or bugs), not yet known to vendors or antivirus companies, that hackers can exploit.

Zombie

A zombie computer is one connected to the Internet that, in appearance, is performing normally, but can be controlled by a hacker with remote access to it who sends commands through an open port. Zombies are mostly used to perform malicious tasks, such as spreading spam or other infected data to other computers, or launching DoS (Denial of Service) attacks, with the owner being unaware of it.