In our first post on Talking Tech, we covered a few of the most basic terms that come up in conversations about information technology. But you’re not visiting this site just because you care about IT in general—you’re here because you care about cybersecurity. So let’s take our vocabulary to the next level.
This brief cyberglossary includes many major terms in the cybersecurity parlance. It’s the jargon that gets hurled about in both the media and inside businesses, and you’ll be ahead of the game if you can understand these terms.
Advanced persistent threat (APT): An APT says what it does and does what it says—it’s a coordinated, persistent, resilient, adaptive attack against a target. APTs are primarily used to steal data. They can take a long time to research, plan, coordinate, and execute, but when they succeed, they are frequently devastating.
Botnet: A composite name made up from roBOT and NETwork. It is used to describe both the tool (software) and the collection of connected compromised computers that can be used to launch a large-scale cyberattack, typically in the form of denial of service attacks, which we’ll explore more further on.
Brute force attack: A brute force attack, much like a brute, doesn’t use any brains, only force—in this case, computing force. So, if I wanted to guess your password with a brute force attack, I would use a very fast computer to try every single combination possible of the number—a task that can take a large amount of time or a startlingly brief amount, depending on the complexity of the password. For example, a 4-digit numerical PIN takes only a few hours to crack by brute force.
If you would like to test your own password to determine how long it would take for a brute-force attack to crack it, go to Proxy Nova’s brute-force calculator page and give it a try. The results may surprise or disturb you.
Denial of Service (DoS) attack: DoS attacks come in two flavors: single-source and distributed. A single-source DoS attack occurs when one computer is used to drown another computer with so many requests that the targeted one can’t function, while a distributed DoS (DDoS) attack achieves the same result through many (meaning thousands or millions) of computers.
Key loggers: These are a subset of a larger class called spyware that can record everything as you type it and send it off. As you might imagine, they can be quite devastating since you type your passwords, secret documents, and even that secret recipe for grandma’s meatloaf. Key loggers continue to evolve, and modern key loggers can trap keystrokes, mouse movement, and screen content. Nasty little bugs.
Malware: This is the general term for software designed to do bad things. A key logger is malware. So is adware, and so is spyware (see below for more on that one). It doesn’t sound good to call them badware, so malware it is. You get the picture, and yes, it seems these days there is more malware than goodware.
Man-in-the-Middle attack: In this type of an attack, the hacker intercepts the communication between two systems, replacing it with his own, eventually leading to his gaining control of both systems. For example, a man-in-the-middle attack can be used to gain access to credentials and to then fake normal operations while the attacker compromises the target.
Phishing: Phishing and spear phishing are attacks that use social engineering methods. Social engineering in this context is just a fancy word for lying. Hackers convince a victim that the attacker is a trusted entity (friend, established business, institution, or government agency) and trick the victim into giving up their data willingly. The goal of these attacks is to gain your trust so that you divulge sensitive information to the attacker. The degree of sophistication of such attacks vary, from the now-famous Nigerian prince, to emails that appear to be from a bank or the Internal Revenue Service, to extremely sophisticated cons that can trick even the best-prepared and skeptical victim.
Ransomware: A ransomware attack happens when a hacker locks your computer (typically by encrypting data) and extorts you for money to unlock it. The dark beauty of ransomware is that you can go big (as when hackers took over the computer system of a hospital in California and demanded thousands of dollars in ransom), or you can go small and hit thousands of computers asking for a few hundred bucks from each user.
Rootkit: A rootkit is a collection of software that, once installed, modifies the operating system to hide itself and other nasty little bugs that are within it or will soon be forthcoming. A rootkit is the endgame, the goal of any sophisticated attack. Once a rootkit is installed, the intruders are set. They can stay as long as they want undetected, compromise additional systems, exfiltrate or corrupt data, and in general have their wicked way with your assets.
SCADA: Stands for “supervisory control and data acquisition.” Do you remember an incident in 2010 when the Iranian centrifuges at their super-secret plant went all crazy and spun themselves to oblivion? That’s because a SCADA controller was hacked. So the best way to understand a SCADA device is by thinking about any of those fancy industrial controllers that monitor and direct industrial devices, such as centrifuges, refrigeration systems, or power generators. They monitor them, they process data from them, and directly interact with these devices to effect a result (such as the opening or closing of a valve, spinning up or down a centrifuge, or cooling or heating a reactor). SCADA systems are often vulnerable because they generally run on older technologies that are difficult to patch and upgrade.
Spyware: This is the general name of a class of software designed to—you guessed it!—spy on you. Key loggers, already discussed, are part of this ever-growing family tree. There are “legal” spywares that an employer or a parent can deploy on a computer to monitor usage. I put “legal” in quotes because although you can purchase, install, and deploy these tools, their use is frequently challenged. For example, if a company has a bring-your-own-device (BYOD) policy to work, are they within legal bounds to install spyware on it?
Trojan: This term refers to the infamous Trojan horse that the Greeks used to take Troy. In case you’re not up to speed with your Homer, after a futile ten-year siege against the city of Troy, the Greek army pretended to leave, built a huge statue of a wooden horse, hid a team of commandos in its belly, and when the Trojans (thinking the war was over) wheeled the horse in, the Greeks got out of the horse, opened the gates for the waiting army, and burned the place to the ground. Similarly, this class of malware disguises itself as a legitimate application, gains entry, and the rest is history.
Viruses: Viruses are a type of malware that your run-of-the-mill antivirus programs are supposed to catch before they do damage. They mimic biological viruses (hence the name), requiring a host and a trigger (don’t click that link!). The problem with computer viruses is much the same as in the biological world: To inoculate against a virus, you must first kill it, rendering it harmless, and then inoculate the host to build antibodies against it. That’s why the flu inoculations don’t always work: You’re being inoculated with last year’s virus signature. If this season’s virus is similar, you’re in luck, but if not, you’re in bed wheezing and sneezing. The same goes with your computer. If there is a signature for the incoming virus, then your antivirus application should catch it and stop it. If not, or if you haven’t gotten the update, then get yourself a good backup!
Vulnerability: Vulnerabilities are a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. There are millions of them in hardware, operating systems, and software ready to be exploited by adversaries. What’s sad is that a vast number of technical vulnerabilities are known, and technical fixes (patches) exist for them. Unfortunately, in many cases these patches have not been applied, rendering systems open to attack.
Zero Day: Zero-day exploits are vulnerabilities in existing systems that are known only to the hacker. For example, let’s say there is an undiscovered vulnerability in the new release of your favorite word processor; it’s utterly unknown to the product developers and to the users, but it’s lurking there nonetheless. This would be called a zero-day vulnerability because it is completely unknown to the world at large; therefore, it has been exposed for zero days. Once the vulnerability is discovered, the race begins to fix (or patch) it before a hacker can use the vulnerability to damage the system in some way.
Ready to take your new vocabulary out for a spin? Let’s talk!