Glossary
A
Account harvesting
Account harvesting is the process of gathering user accounts from a system, service, or database using a variety of methods, such as malware or phishing.
Account hijacking
Account hijacking is the process of taking over user online accounts, such as email and social media accounts.
Address bar
An address bar is the text box in your web browser that displays the web page URL or IP address. At times, it functions as a search bar if the user entered text that is an invalid URL.
Address Resolution Protocol (ARP)
An address resolution protocol (ARP) is the system or process of mapping or finding a physical address belonging to an IP address in the local network.
Advanced Encryption Standard (AES)
Developed by the National Institute of Standards and Technology (NIST), Advanced Encryption Standard (AES) is a block cipher that provides fast, strong, and secure encryption of classified data. AES was created as an alternative to the Data Encryption Standard (DES), because it became vulnerable to brute-force attacks. Synonym(s): Rijndael Block Cipher
Advanced persistent threat (APT)
An advanced persistent threat (APT) is a prolonged, targeted attack on a specific entity or entities with the intention of compromising their systems and gaining information from or about them.
Alert fatigue
Alert fatigue in cybersecurity is when IT professionals are overwhelmed by the number of alerts they receive from their range of security tools and systems across their organization. Alert fatigue results in decreased productivity due to overload and stress and a waste of human resources and time. In some cases, security teams may miss genuine threats due to this phenomenon.
Android
Android is Google’s flagship operating system for smartphones and tablets. Manufacturers have adapted Android in televisions, smart-watches, cars, and many other electronic devices.
Anomaly detection
Anomaly detection is identifying irregularities or deviations in patterns, data points, events, or observations that do not conform to the norm or the expectations of businesses or groups. Not all detected anomalies are malicious. Synonym: Outlier detection
Anti-ransomware
Anti-ransomware is software specifically designed to combat ransomware. Such software could make use of specific techniques that general security tools don’t deploy.
Anti-virus (AV) killer
An AV killer is malicious code that disables the user’s anti-virus software to avoid detection. Sometimes, this term is used for malware that disables firewalls.
Antivirus
Antivirus is an antiquated term used to describe security software that detects, protects against, and removes malware. Synonyms: anti-malware.
Application programming interface (API)
An application programming interface (API), in simple terms, is a means for different software to talk to one another. It is the code that governs its server’s access points. APIs have many uses and take many forms.
Application security
Application security is the practice of applying security measures to the software application. This has to be done to defend against threats and attacks from the outside that attempt to exploit the app.
Artificial intelligence (AI)
AI is a system’s or an application’s ability to correctly interpret and learn from data to achieve specific goals and tasks. Synonym: Machine intelligence
Attack vector
An attack vector refers to the technique used to obtain unauthorized access to a system or network. It is an integral part of vulnerability research to know which attack vector is or might be used.
Attribution
Attribution is the practice of taking forensic artifacts of a cyberattack and matching them to known threats against targets with a profile matching a particular organization.
Authentication
In computing, authentication is the process of verifying the identity of a user or process. Other forms: Auth
B
Backdoor
A backdoor is a type of Trojan that allows a threat actor access to a system by bypassing its security. This term can also refer to the method of gaining access to user systems undetected. Other forms: backdooring
Banking Trojan
A banking Trojan is a type of Trojan specifically created to harvest credentials and other sensitive financial and personal information stored and processed through online banking systems.
BIOS
BIOS stands for “basic input/output system”. It is firmware used by the computer’s microprocessor to initialize the computer when the user physically turns it on.
Blacklist
In computing, a blacklist usually refers to a list of domains and/or IP addresses that are known or suspected malicious servers and/or domains. These lists are used to protect users from receiving mail from the blacklisted servers or from browsing to dangerous sites hosted on these domains/IP addresses.
Bluetooth
Bluetooth is a wireless technology mainly used for short distance connections between devices due to its low power signal. Communication is done at a bandwidth around 2.45 GHz. It doesn’t need a line of sight to establish a connection.
Bot
The word “bot” is a derivative of “robot.” It usually pertains to (1) one or more compromised machines controlled by a botmaster or herder to spam or launch DDoS attacks, or (2) an automated program coded with particular instructions to follow, which includes interacting with websites and humans via web interfaces (e.g., IMs). A collective of bots is called a botnet. Synonym: zombie machine
Botnet
A botnet is a collection of bots. The term also refers to the malware run on a connected device to turn it into a bot. Synonym: zombie network
Brute force attack
A brute force attack is a method wherein an application attempts to decode encrypted data, such as a password, by trial and error. A dictionary attack, for example, is a type that falls under this attack.
Business email compromise (BEC)
A business email compromise (BEC) is an attack wherein an employee, who is usually the CFO or someone from the Finance department, is socially engineered into wiring a large sum of money to a third-party account.
C
Children’s Online Privacy Protection Act (COPPA)
The Children’s Online Privacy Protection Act, or COPPA, is a privacy law that protects children under the age of 13. It was first passed in 1998. The Federal Trace Commission (FTC) manages COPPA.
Clickjacking
Clickjacking is a type of attack that tricks a user into clicking a website element that is either invisible or disguised as another element. This hijacks a user’s click meant for one thing but leads to another. For example: instead of clicking a button to reply, a clickjacking attack on a Twitter user can make them re-tweet a malicious domain to followers instead. This is typically seen as browser security issue. However, such an attack can also take place in mobile applications. Clickjacking has different types, such as likejacking. Synonyms: User interface (UI) redress attack, UI redressing
Cloud computing
Cloud computing refers to the delivery of services that are hosted over the internet to computers and other computing devices.
Cloud phishing
Cloud phishing refers to a phishing trend that uses the guise of cloud computing services to get users to click malicious links. Campaigns of this kind usually start off in emails and social media posts. See also: spear phishing.
Cloud security
Cloud security involves practices, policies, and controls to protect cloud-based data, applications, and infrastructure from cyber intrusions.
Cobalt Strike
Cobalt Strike is a legitimate tool used in penetration testing and threat emulation. While it is popular among pen testers, underground criminals are notorious for abusing the tool. They do this by making the tool a part of their attack campaigns.
Command & control (C&C)
Command & control, also called C&C or C2, is a centralized server or computer that online criminals use to issue commands to control malware and bots as well as to receive reports from them.
Learn more: Hacker Malware Botnet
Credential stuffing
Credential stuffing is a popular tactic of attempting to access online accounts using username-password combinations acquired from breached data. This is usually done using an automated tool.
Cross-site scripting (XSS)
Cross-site scripting is a type of injection attack wherein a vulnerability in web applications is exploited that allows a threat actor to inject malicious script into the site’s content. Affected trusted sites are made to deliver the malicious script to visitors.
Cryptojacking
Cryptojacking is the surreptitious use of computing devices to mine cryptocurrency.
CVE identifier
A Common Vulnerabilities and Exposure (CVE) identifier is a unique number assigned to publicly known software vulnerabilities. It follows the format: CVE + year + at least 4 sequence number digits Vendors and researchers alike consider CVE identifiers as standard for identifying vulnerabilities. For example, CVE-2014-0160 is the CVE ID for the vulnerability commonly known as Heartbleed. Synonyms: CVE names, CVE IDs, CVE numbers, CVEs, vulnerability identifier
Cyber espionage
Cyber espionage involves a threat actor or unauthorized cybercriminal who steals, damages, or exposes classified data with the intent to harm an individual or organization causing reputational destruction.
Cyberbullying
Cyberbullying is the act of threatening and intimidating others via electronic and digital means.
Cybercrime
Cybercrime is the term referring to crimes that are related to computers and networks, including traditional crimes like fraud, blackmail, and identity theft that are done over the Internet or by using computing devices.
D
Data breach
A data breach happens when data deemed sensitive, protected, or confidential were illegally accessed or disclosed. Individuals may have viewed, copied, transmitted, stolen, or used such data accidentally or deliberately.
Data exfiltration
Data exfiltration is an act of retrieving, copying, and transferring data, such as user credentials, about individuals or organizations without authorization. Synonym: Siphoning
Data loss prevention (DLP)
DLP stands for Data Loss Prevention which aims to improve an organization’s data security through data loss prevention (DLP) policies, methods, and systems that reduce the risk of data theft.
Data mining
Data mining is the process of sifting through large data sets to identify patterns or generate new information.
Data Protection
Data protection involves a set of strategies, practices, and measures used to prevent corruption, compromise, and loss of data. This can also include cloud data potection.
Decryptor
A decryptor is a tool used to transform unreadable data back to its original, unencrypted form. This is typically used by those affected by ransomware to restore their files.
Deepfake
A “deepfake” refers to recreated media of a person’s appearance (on a video or image) or voice by an artificial intelligence (AI).
Device control
Device control is a cybersecurity measure used to protect endpoints by controlling, restricting, and blocking access of removable devices.
Dictionary attack
A dictionary attack is an act of penetrating password-protected computer systems or servers using large sets of words in a dictionary. This attack usually works as many users still use ordinary words for their passwords. See also brute force attack
DNS filtering
DNS filtering, also known as DNS blocking, is a cybersecurity method in which end users are denied access to nefarious content with a goal in stopping web-based threats at the DNS (Domain Name System) level.
DNS over HTTPS (DoH)
DNS over HTTP (DoH) is an alternative to DNS over TLS (DoT). It is a work-in-progress, network security protocol wherein DNS requests and responses are encrypted and sent via HTTP or HTTPS protocols instead of directly over UDP. This is to increase user privacy and security.
DNS over TLS (DoT)
DNS over TLS (DoT) is a network security protocol wherein DNS requests and responses are encrypted and not tampered with using the TLS security protocol. This is done to increase user security and privacy. DNS over HTTPS (DoH) is an alternative to DoT.
Domain Name System (DNS)
A Domain Name System, abbreviated as DNS, is an Internet protocol that translates user-friendly, readable URLs, such as threatdown.com, to their numeric IP addresses, allowing the computer to identify a web server without the user having to remember and input the actual IP address of the server. Name Servers, or Domain Name Servers, host these translations. They are part of the overall Domain Name System. To learn how threat actors can abuse DNS protocols, read up on DNS hijackers, a type of malware that modifies users’ DNS settings.
Domain Name System Security Extensions (DNSSEC)
Domain Name System Security Extensions, abbreviated as DNSSEC, is a set of extensions that add extra security to the DNS protocol.
Dropper
A dropper, or Trojan downloader, is a type of malware that installs other malware on the affected system. The other malware is part of the same executable, which is usually in compressed form.
Dwell time
Dwell time refers to the amount of time passed from when malware has initially infiltrated a system to when it has been detected and removed.
E
Email security
Email security is the collection of tools and practices leveraged to protect email communication from unauthorized access, corruption, or theft. Email security includes anti-malware tools, spam filters, anti-phishing technology, multi-factor authentication, and email security testing services. With good email security, individuals and organizations can mitigate the risk of data theft and protect their privacy.
Emotet
Emotet was originally designed as a banking malware that attempted to sneak onto your computer and steal sensitive and private information. Later versions of the software saw the addition of spamming and malware delivery services—including other banking Trojans.
Encryption
Encryption is the process of changing data in a way that can not (easily) be undone (or decrypted) by parties that don’t have the decryption key.
Endpoint detection and response (EDR)
Endpoint Detection and Response (EDR) or Endpoint Threat Detection and Response (ETDR) is a kind of integrated endpoint security solution which uses telemetry data to detect, analyze, and remediate cyberthreats. EDR security helps prevent cyberattacks on organizations.
Endpoint Security
Endpoint Security includes cybersecurity measures to protect end-user devices (or endpoints) from attacks and data breaches on your organization.
EternalBlue
EternalBlue is one of the handful of “exploitation tools” leaked by a group called The Shadow Brokers (TSB) that take advantage of weaknesses in how Windows implemented the Server Message Block (SMB) protocol. The WannaCry and NotPetya ransomware strains used this exploit to target unpatched systems. For more information, see this blog post on how threat actors are using SMB vulnerabilities in their attack campaigns.
EternalChampion
EternalChampion is one of the handful of “exploitation tools” leaked by a group called The Shadow Brokers (TSB) that take advantage of weaknesses in how Windows implemented the Server Message Block (SMB) protocol. EternalChampion particularly exploits a race condition in how SMB handles a transaction. TrickBot is an infamous banking Trojan known to use EternalChampion to spread laterally.
EternalRomance
EternalRomance is one of the handful of “exploitation tools” leaked by a group called The Shadow Brokers (TSB) that take advantage of weaknesses in how Windows implemented the Server Message Block (SMB) protocol. Successful exploitation results in a remote code execution (RCE) attack. The ransomware strain known as BadRabbit has used EternalRomance in its campaign.
Executable and Link format (ELF)
An ELF file is an executable file format for the Linux and Unix platforms. Its known file extensions are .axf, .bin, .elf, .o, .prx, .puff, .ko, .mod, and .so.
Exploit
Exploits are a type of malware that takes advantage of bugs and vulnerabilities in a system in order to allow the exploit’s creator to take control.
Exploit kit
An exploit kit is a packaged collection of exploits for use by criminal gangs in spreading malware. Synonym: Exploit pack
F
File type
A file type is a name given to a specific kind of file. For example, a Microsoft Excel sheet file and a Python script file are two different file types. A file type is not the same as a file format.
File-based attack
A file-based attack is an attack where threat actors use certain file types, usually those bearing document file extensions like .DOCX and .PDF, to entice users to open them. The file in question is embedded with malicious code; thus, once opened, this code is also executed.
Fingerprinting
Fingerprinting refers to the process of gathering information about a system at first contact. It is commonly used by malware to determine whether a system is vulnerable to certain attacks.
Firewall
A firewall is a network security system that monitors incoming and outgoing data packets and through preconfigured rules, blocks unwanted inbound and outbound network traffic. Types of firewalls include software, hardware, cloud-native, or software as a service (SaaS) firewalls which can prevent cyber intrusions on your business.
Firmware
Firmware is software that is written to a hardware device’s memory. It is used to run user programs on said devices.
Foothold expansion
Foothold expansion is the act of creating backdoors that are used to re-enter a network after its initial infiltration.
Fraud
Fraudulent websites appear to be one thing, like a tech support site, a dating site, or a shopping site with illegal products or great deals, but they’re really scams to try to steal your information or credit card details.
Freeware
Freeware is software that comes without a cost. Some freeware may give the option of voluntary payments to the developer, which is typically be called donationware.
G
GandCrab
GandCrab ransomware is a type of malware that encrypts a victim’s files and demands ransom payment in order to regain access to their data. GandCrab targets consumers and businesses with PCs running Microsoft Windows.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation is the standard data protection law affecting the European Union and its citizens that puts strict regulations on organizations on how personally identifiable information (PII) are to be controlled, processed, and stored.
Graymail
Graymail is bulk solicited email that users opted-in to receiving at first, but after losing interest, just accumulates in the inbox until recipients decide to opt-out or report them as spam.
H
Hash value
A hash value is an alphanumeric string that uniquely identifies data or files. MD5, SHA-1, and SHA-2 are three of its known algorithms. Synonym: Hash code
Heartbleed
Heartbleed is the term used to refer to a vulnerability in some OpenSSL implementations. This vulnerability’s official identifier is CVE-2014-0160. For more information, see this blog post on systems still unpatched five years after Heartbleed’s discovery.
HermeticWiper
HermeticWiper is a new kind of malware which was named based on the stolen digital certificate used to carry out attacks.
Heuristic analysis
Heuristic analysis is a scanning technique used by many antivirus programs wherein they look for certain malicious behaviors from potentially new and undetected variants. Other forms: Heuristics
Hijacker
A hijacker is a type of malware that modifies a web browser’s settings without users’ permission, usually to inject unwanted ads into the browser or redirect to scam sites. Synonyms: browser hijacker
Homograph attacks
A homograph attack is a method of deception wherein a threat actor leverages on the similarities of character scripts to create and register phony domains of existing ones to fool users and lure them into visiting. Synonym: homoglypth attacks, Punycode attack, script spoofing, homograph domain name spoofing
Hyper-Text Transfer Protocol (HTTP)
The Hyper-Text Transfer Protocol is a set of underlying rules used in the World Wide Web, defining how files are transferred and formatted, and how web servers and internet browsers should respond to specific commands.
Hyper-Text Transfer Protocol Secure (HTTPS)
In a nutshell, Hyper-Text Transfer Protocol Secure is secure HTTP. This means that file transference and communication over the network is protected due to encryption on both the server side and the client side.
I
Identity and access management (IAM)
Identity and access management (IAM) is a collective term pertaining to processes, services, and technologies that allow the right individuals and groups to access the right resources within a network.
Identity theft
Identity theft is an electronic and real-world crime of deliberately using someone else’s information to commit fraud. Usually, identity thieves are financially motivated, consequently disadvantaging their target.
Indicator of Attack (IOA)
Indicators of attack (IOA) is defined as the intentions motivating a cyberattack and focuses on the techniques bad actors use to accomplish objectives.
Indicator of compromise (IOC)
Indicators of compromise, or IOC, can be found after a system intrusion. These indicators can be IP addresses, domains, hashes of malware files, virus signatures, and similar artifacts.
Infection vector
In cybersecurity, an infection vector refers to the transmission channel of a malware. To know this, ask “How did the malware arrive on my computer/network?” Learn more: Malware Antivirus
Initial access brokers (IABs)
Initial access brokers (IABs) are a type of cybercriminal group that sell unauthorized access to corporate networks. IAB attacks target organizations through phishing, password guessing, and exploiting vulnerabilities.
Injection attacks
Injection attacks is a broad term referring to a certain attack vector. Usually, malicious code is used in such attacks; but generally speaking, attackers provide input that, once interpreted, alters the execution or outcome of a program. Injection attacks have several types. They include:
Internationalized domain names (IDN)
Internationalized domain names, or IDN, is a domain name containing at least one non-ASCII character. They enable internet users from all over the world can create and register domain names using their own native language.
Internet of things (IoT)
The internet of things, or IoT, represents a host of internet-connected devices that do not require direct human input.
IP address
An IP address is a number assigned to each system that is participating in a network using the Internet Protocol, such as the World Wide Web.
J
Jailbreak
In computing, to jailbreak means to modify a device, usually a smartphone, by removing any restrictions imposed by the device manufacturer, such as the downloading and installation of unauthorized software or apps from third-party markets.
K
Keylogger
In the context of malware, a keylogger is a type of Trojan spyware that is capable of stealing or recording user keystrokes. Other forms: keylogger, keylogging Synonyms: keystroke logger, system monitor
L
Lateral movement
Lateral movement refers to various techniques and/or tactics that threat actors use that allow them to move through a network to access or search for critical assets and data within a network. At times, they employ this to control remote systems.
M
MAC address
A MAC address is your computer hardware’s unique number. MAC stands for Media Access Control.
Machine learning (ML)
Machine learning is a form or subset of artificial intelligence (AI) where computers make use of large data sets and statistical techniques to improve at specific tasks without being manually reprogrammed.
Malvertising
Malvertising, or “malicious advertising,” is the use of online advertising to distribute malware with little to no user interaction required.
Malware
Malware, or “malicious software,” is an umbrella term that refers to any malicious program or code that is harmful to systems.
Man-in-the-Middle (MitM)
In cybersecurity, a Man-in-the-Middle (MitM) attack happens when a threat actor manages to intercept and forward the traffic between two entities without either of them noticing. In addition, some MitM attacks alter the communication between parties, again without them realizing. To pull this off, the attacker should not only be convincing in their impersonation but also be able to follow and influence the conversation between two or more parties. A MitM attack can be done between browser and Internet, for example, or between a Wi-Fi hotspot and an Internet user.
Managed Detection and Response (MDR)
Managed Detection and Response (MDR) is described as an outsourced service that delivers 24/7 managed threat hunting, monitoring, and incident response, which combines cybersecurity technology and human expertise.
Managed service provider (MSP)
A managed service provider (MSP) is a company that proactively offers remote support to a client’s IT infrastructure or endpoints. Oftentimes, this term is used interchangeably with “cloud service provider”.
Metadata
Metadata is data about data. It gives background information, such as origin, relevance, and creation, about data. Examples are geotags in media files (say, where was a photograph taken) and author and data modified in document files.
Miner
Miner is also known as cryptocurrency miner. This is a form of malware that uses the resources of an infected system to mine cryptocurrency (e.g. Bitcoins) for the threat actor.
MITRE ATT&CK Framework
MITRE ATT&CK stands for MITRE Adversarial Tactics, Techniques, and Common Knowledge. MITRE ATT&CK framework serves as a public resource and guidance library for enterprises to better understand adversarial behavior and how the most effective and prolific attack groups infiltrate networks.
Mobile Device Management (MDM)
Mobile device management (MDM) is software that allows IT administrators to control, set, and configure policies covering mobile devices that connect to your business’ network. These devices include smartphones (Android and iPhone), tablets, laptops, and other portable endpoint devices.
Mobile Security
Mobile device security encompasses strategies, security architecture, and applications used to protect any portable device, including iPhones, Android phones, laptops, and tablets. Mobile security involves efforts to help improve mobile device cybersecurity in order to safeguard consumers and companies from data breaches.
Multi-factor authentication (MFA)
Multi-factor authentication (MFA) suggests using two or more authentication protocols. The most well-known MFA is two-factor authentication (2FA). Both represent the combination of more than one method of gaining access to a resource.
Multi-tenancy
Muti-tenancy refers to a software architecture in which a single instance of software running in a server can cater to multiple users. A tenant is referred to here as the user.
N
National Cyber Security Centre (NCSC)
The National Cyber Security Centre (NCSC) is an organization in the United Kingdom that gives cyber security guidance and support to the public and private sectors. Its headquarters is in London.
National Institute of Standards and Technology (NIST)
The National Institute of Standards and Technology (NIST) is a unit of the US Commerce Department that promotes and maintains measurement standards. It was formerly known as the National Bureau of Standards.
National Security Agency (NSA)
The National Security Agency (NSA) is an intelligence agency of the US Department of Defense that monitors, processes, and collects information and data for the purpose of foreign and domestic intelligence and counterintelligence.
Next Generation Antivirus (NGAV)
Next-generation antivirus (NGAV) provides a holistic approach to cybersecurity, leveraging a system of advanced technologies to stop known and new threats. NGAV proactively monitors and responds to a threat’s attacks, procedures, and techniques. It may also collect and analyze endpoint data.
Get a demo of ThreatDown EDR to protect your company from viruses and malware.
O
Obfuscation
Obfuscation is when malware deliberately tries to obscure its true intent to potential victims, and/or attempts to hide portions of code from malware researchers performing analysis.
OpenSSL
OpenSSL is a popular software cryptographic library for applications designed for secure communication over computer networks. It provides an open source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.
Operating system (OS)
An operating system (OS) is software that supports a computer’s basic functions, such as executing applications, controlling peripherals, and scheduling tasks. The most well-known operating systems are Microsoft Windows, Linux, Apple macOS and iOS, Android, and Google’s Chrome OS.
P
Patch management software
A patch management software (or a patch manager) helps IT security teams detect errors (vulnerabilities) in software updates and applies a software patch as a fix to mitigate risk of intrusion. Protect your organization by patching vulnerabilities before they are exploited with ThreatDown Patch Management.
Payload
In cybersecurity, a payload is malware that the threat actor intends to deliver to the victim. For example, if a cybercriminal sent out an email with a malicious Macro as the attachment and the victim gets infected with ransomware, then the ransomware is the payload (and not the email or document).
Personally Identifiable Information (PII)
Personally Identifiable Information (PII) is the term used for data that can be tracked back to one specific user. Examples of PII are names, social security numbers, biometrics, and other information that, in combination with other data, could be enough to identify a user. “Personally Identifiable Information” also has a legal definition, depending on the country and its laws. Personally Identifiable Information in one state may not include the same type of information as “personal information” or “personal data” in another state, but the purpose of these laws is often the same—to protect the types of data that could reveal a person’s identity.
Phishing
Phishing scams attempt to obtain your information by presenting themselves as legitimate websites, then asking for your password, credit card details, or other sensitive information. Also: catfishing.
Point-of-sale (PoS) malware
Point-of-sale (PoS) malware usually targets payment terminals and card readers to compromise payment data and send it to criminals.
Polymorphism
In the context of malware terminology, polymorphism is the ability of code to change its identifiable features while maintaining its functionality. Because of this ability, polymorphic malware like Emotet are difficult to detect.
PowerShell
PowerShell is a configuration management framework that allows system administrators and power-users to perform administrative tasks via a command line.
Pretexting
A pretexting attack is a type of social engineering attack where threat actors leverage a pretext to trick a target in order to commit a cybercrime. The pretext is usually a totally fictional scenario, and sometimes hackers chain pretexting with other types of attacks.
Privilege escalation
An act or event that occurs when a threat actor or unauthorized user achieves full access to normally restricted resources on a computing device’s operating system (OS) it has gained access to.
Professional Service Automation (PSA)
A PSA is software that allows companies to manage their resources efficiently. It is used from start to finish of a project’s lifecycle, which usually begins from assigning people up to billing the client once the project is done.
Protector
In malware research, a protector is software intended to prevent tampering and reverse engineering of programs. The methods used can—and usually will—include both packing and encrypting. This combination, plus added features, makes what is usually referred to as a protector. Researchers are then faced with protective layers around the payload, making reverse engineering difficult. A completely different approach, which also falls under the umbrella of protectors, is code virtualization, which uses a customized and different virtual instruction set every time you use it to protect your application. Of these protectors, there are professional versions that are used in the gaming industry against piracy. More information about this and related subjects can be found in our blog post, Explained: Packer, Crypter, and Protector
PUM
Stands for potentially unwanted modification. This is an alteration made to a computer’s registry (or other settings), which either damages the computer or changes its behavior, without knowledge of the user. Such unwanted alterations can be done by legitimate software, malware, grayware, or PUP.
PUP
PUPs, or Potentially Unwanted Programs, are programs that may include advertising, toolbars, and pop-ups that are unrelated to the software you downloaded. PUPs often come bundled with other software that you installed.
Q
Quarantine
In computing terms, to quarantine is when a potentially malicious file is placed into a “safe” location by the onboard security software, so that it can do no harm while the user decides what to do with it.
R
Ransomware
Ransomware is a form of malware that locks you out of your device and/or encrypts your files, then forces you to pay a ransom to get them back.
Ransomware-as-a-service
Is abbreviated as RaaS. This is a form of software-as-a-service (SaaS) catered by underground vendors to threat actors by providing them a ransomware platform tool.
Remediation
In computing, this is the process or method of correcting system changes, regardless of severity, on the affected system. Mitigation usually precedes remediation.
Remote code execution (RCE) attack
A remote code execution (RCE) attack happens when a threat actor illegally accesses and manipulates a computer or server without authorization from its owner. A system can be taken over using malware.
Remote desktop protocol (RDP)
Remote desktop protocol (RDP) is a network communications protocol that allows remote management of assets. Network administrators normally use RDP to diagnose problems on the endpoint.
Remote monitoring and management (RMM)
Remote monitoring and management (RMM) refers to the process of managing and controlling systems within a networking remotely via a specialized software, which is often referred to as RMM software. MSPs usually perform RMM for their clients.
Rootkit
Is software, generally classified as malware, that provides the attacker with administrator privileges on the infected system and actively hides. They also hide from other software on the system, often even from the operating system.
Ryuk ransomware
Ryuk, a name once unique to a fictional character in a popular Japanese comic book and cartoon series is now a name for one of the nastiest ransomware families to ever plague systems worldwide.
S
Sandbox solution
A type of solution wherein IT administers run a program in a controlled environment to determine whether it is safe to deploy within their network or not.
Secure Sockets Layer (SSL)
A Secure Sockets Layer (SSL) is an encryption protocol that secures connections between clients and servers over the internet. This protocol has been deprecated in 2015 and replaced by the Transport Layer Security (TLS) protocol.
Security awareness training
Security awareness training is the process of educating people about the different kinds of cybersecurity threats that impact accounts, devices, systems, and networks, and how to manage them. Organizations invest in security awareness training to mitigate the risk of data breaches, identity theft, industrial espionage, sabotage, and financial crimes. Security awareness training also helps companies stay compliant with privacy laws.
Security information and event management (SIEM)
In computer security, security information and event management (SIEM) refers to software or a service that gives organizations the big picture of its information security. It is a hybrid of security information management (SIM) and security event management (SEM), allowing one to identify, analyze, alert, and take appropriate action on flagged issues.
Signature
In computer security, a signature is a specific pattern that allows cybersecurity technologies to recognize malicious threats, such as a byte sequence in network traffic or known malicious instruction sequences used by families of malware. Signature-based detection, then, is a methodology used by many cybersecurity companies to detect malware that has already been discovered in the wild and cataloged as part of a database.
SIMjacking
SIMjacking is the method of assuming control of a target’s mobile number. Fraudsters do this in a number of ways. One way is porting the target’s phone number from one mobile service provider to another. Other forms: SIM jacking, SIM-jacking Synonyms: SIM splitting, SIM swapping, SIM swap scam, port-out scam
Skimming
Skimming is a type of fraud targeting automated teller machine (ATM) and point-of-sale (POS) terminals wherein a device (called a skimmer) or malware is used to steal information from your credit or debit card’s magnetic strip.
SMS phishing (Smishing)
Smishing, short for SMS phishing, is a type of phishing on mobile devices. It is carried out via SMS text messaging.
SOAR Security Orchestration, Automation, and Response
SOAR (Security Orchestration, Automation, and Response) alleviates the burden on talent-constrained security teams by automating areas such as vulnerability management, incident response, and security operations management on a single platform. SOAR is a system that enables enterprises to streamline security operations responsibilities.
SOC
Stands for Security Operations Center and is a centralized unit of personnel, processes and technology that guard the security and investigate security breaches for a bigger entity, usually a company or a network. A SOC does not necessarily have to be part of an organization, they can be hired externally.
Social engineering
Social engineering is the description of methods that attackers use to get the victims to breach security protocol or give up private information. There are many tactics that lead to this goal, and they rely on psychological manipulation, such as seducing the victims by playing to their greed, vanity, or their willingness to help someone.
Software vulnerability
Refers to a weakness or flaw in software, which leaves it open to be exploited by threat actors.
Spam
Spam is an undesired communication, often an email or call, that gets sent out in bulk. Spam wastes time and resources, so many communication tools have built-in ways of minimizing it.
Spambot
A program designed to build mailing lists to send unsolicited emails to by harvesting email addresses from websites, newsgroups, and even chat room conversations.
Spear phishing
Spear phishing is a method of deceiving users via online messages, usually email, into giving up important data. Such attacks are targeted at a particular user or group of users (e.g. employees of one company). The intended victim(s) will be asked to fill out forms or lured into installing data-gathering malware on their system.
Spyware
Spyware is a type of malware that gathers information on a device and sends it to a third-party actor or organization that wouldn’t normally have access. In the past, this term was also used for adware and cookies.
SQL injection
An SQL injection is a type of injection attack wherein a threat actor introduces a malicious SQL code into a database as a way to circumvent web application security measures to reveal sensitive information, destroy it, or tamper with it. This is usually done on vulnerable sites that accept user entries, such as a search box.
SSL certificate
An SSL certificate is installed to a web server, providing the means to make payments and send communications securely without fear of eavesdropping.
Supply-chain attack
A type of attack that targets the weakest or most vulnerable element in a business’s or organization’s supply chain network. There are several ways this can be done: one, cybercriminals can continuously attack the system through hacking; another is by embedding malware into a manufacturer’s software. However this is done, the purpose of a supply chain attack is to gain access to sensitive data repositories and damage the company.
Suspicious activity
In our ThreatDown product, “possible suspicious activity” encompasses a variety of behaviors that are commonly attributed to technical support scams, cryptojacking, browser hijacking, and other types of harmful or potentially unwanted programs (PUPs).
T
The United States Computer Emergency Readiness Team (US-CERT)
The US Computer Emergency Readiness Team (US-CERT) is a branch of the Office of Cybersecurity and Communications’ (CS&C) National Cybersecurity and Communications Integration Center (NCCIC). It was created to protect the country’s internet infrastructure, improve the US’s cybersecurity posture, coordinate information sharing, and reduce the risk of cyber threats proactively. US-CERT also educates consumers and businesses about data security, and assist security organizations in terms of threat detection and management among others.
Third party
Is a term used to describe an entity that is involved in a deal, but not directly as one of the entities that close the deal. In privacy policies, the term is often used to avoid being blamed, as the publisher, for something any third party might do to the user. For example, additional software that is included in a bundler, will usually be referred to as “third-party software”.
Third party patch management
Third party application patch management (or 3rd party patch management) is the process of applying patch updates to third-party programs installed on your company’s endpoints (desktops, laptops, servers, and other devices). Third-party patch management fixes vulnerabilities that, if exploited, can compromise software security and functionality. Learn more about ThreatDown Patch Management.
Threat actor
In cybersecurity, a threat actor is a group or person behind a malicious incident. As it is sometimes unclear whether an attack was done by one person or whether there is a group or organization involved, we use this as a general term to describe the responsible entity.
Threat Detection and Response (TDR)
Threat detection and response focuses on monitoring suspicious cyber activity and providing contextual alerts. These alerts help to quicken the investigation process in an effort to prioritize and eliminate threats before vulnerabilities are exploited, the pinnacle of cybersecurity maturity.
Threat hunting
Threat hunting in cyber security is a proactive method involving threat hunters who sleuth networks, endpoint devices, and systems for malicious activity and suspicious threat anomalies. Cyber threat hunting can help stop and prevent cyberattacks from causing irreversible damage to organizations.
Threat intelligence
Cyber threat intelligence is data that has been collected, processed, and analyzed to understand threat actor behavior and stop intrusions.
Transport Layer Security (TLS)
Transport Layer Security (TLS) is an encryption protocol that authenticates the communication of two computing applications. It also ensures that the channel is private and the data exchanged is uncorrupted and can only be viewed by authorized parties. TLS is the successor of Secure Sockets Layer (SSL).
Trojan
Trojans are programs that claim to perform one function but actually do another, typically malicious. Trojans can take the form of attachments, downloads, and fake videos/programs and, once active on a system, may do a number of things, including stealing sensitive data or taking control of the device.
U
Ubiquitous computing (ubicomp)
Ubiquitous computing (ubicomp) is the technological trend of adding computational capability into everyday electronic devices by embedding a microprocessor. This allow them to communicate effectively and perform tasks that lessens the user’s need to interact with computers as computers. Examples of ubiquitous computing are laptops, tablets, smartphones, and wearable devices. Synonym(s): pervasive computing, everyware, ambient intelligence
Ubuntu
Pronounced as oo-boon-too. It is a Linux distro that is based on the Debian architecture. It was designed for use on personal computers; however, it can be used on network servers as well. In fact, it is the most used OS in hosted environments, i.e., the cloud, and it’s also arguably the most famous distro.
Unicode
Unicode is a global standard for character encoding. It provides a unique number to every character in existence, which comprises of scripts and symbols. As such, it simplifies the localization of software and supports multilingual text processing. The Unicode Consortium maintains, develops, and promotes the use of the Unicode standard. External link(s):
Universal serial bus (USB)
The USB is an industry standard establishing a common way for connections between devices and peripherals.
UNIX
UNIX is a modular operating system developed in the 1970s, leading to widespread academic and commercial use over time.
URL
Stands for Uniform Resource Locator and is a method to find resources located on the World Wide Web. A URL consists of (at least) a protocol (i.e. HTTP) and either a domain or an IP address. They can also include a path on the server to point to a particular file or site.
USB attack
Refers to an attack where threat actors use a USB drive to spread malware. In a targeted attack, infected USB drives are deliberately dropped in public locations, such as parking lots, to entice victims to picking it up and opening it using their computers.
USB boot
A USB boot is booting up a computer using an OS or recovery program located on a USB stick as opposed to the computer’s hard drive.
V
Variant
Often refers to closely related malware strains or types of malware that are in the same family. Usually, it is a version of an existing malware family with modifications.
Virtual machine
A software computer or application environment that runs on another computer or OS. User experience with virtual machines is the same as they would have on dedicated hardware.
Virtual private network (VPN)
A virtual private network is a virtual extension of a private network over the internet. It is often used to allow employees that are not in the physical office to connect to resources on the intranet as if they were in the office. But there are also commercial VPNs that can be used to anonymize your internet traffic.
Virus
A virus is malware attached to another program (such as a document) which can replicate and spread after an initial execution on a target system where human interaction is required. Many viruses are harmful and can destroy data, slow down system resources, and log keystrokes.
Vishing
Short for voice phishing. It is a phishing tactic that uses voice, either via VoIP or phone, to steal information from call recipients.
Visual spoofing
Is a type of threat vector where the similarities of characters and letters from different languages are used (deliberately or accidentally) to confuse and/or trick users.
Voice phishing (vishing)
Vishing, short for voice phishing, is a type of phishing on mobile devices. It is carried out over-the-phone (e.g. landline, VoIP, smartphone).
Vulnerabilities
A software vulnerability is a bug or error found in a cybersecurity system and is a point of weakness which can be exploited by cybercriminals. These bad actors gain unauthorized access through network vulnerabilities and carry out cyberattacks. Learn more about vulnerability management and ThreatDown Vulnerability Assessment.
W
Watering hole attack
A watering hole attack is a targeted attack strategy in which attackers infect a website they know their intended victim(s) will visit, or lure them to a website of their own making. The attacker may single out intended targets, or infect anyone who visits the website unprotected. Watering hole attacks include a mix of social engineering, hacking, and drive-by infections.
Web application security
This deals with the security of websites, Web applications, and Web services. It aims to address and/or fulfill the four principles of security, which are confidentiality, integrity, availability, and nonrepudiation.
Web content filtering
Web content filtering is a kind of process or technology based on software or hardware that restricts access to specific content on the Internet. Organizations such as enterprises, libraries, colleges, and schools use web content filtering to prevent users from accessing potentially inappropriate material for various purposes, including protecting user sensibilities, boosting cybersecurity, enhancing regulatory compliance, and improving productivity.
Website spoofing
Website spoofing happens when an attacker creates an imitation website designed to look like the real thing. Threat actors may use real company logos, design, and URLs similar to the target website to enhance the spoof and make it more convincing.
Whaling
Also known as whale phishing. It’s a type of fraud or phishing scheme that targets high-profile end-users, usually C-level businessmen, politicians, and celebrities. Fraudsters behind whaling campaigns aim to trick targets into giving out their personal information and/or business credentials. Whaling is usually done through social engineering efforts.
Whitelist
In computing, it is a list of resources and destinations that we decided to trust. Application whitelisting is a method that allows only specific software and applications to run in order to maintain security. This is more restrictive than blacklisting processes, which has pros and cons. Whitelisting is more secure yet time-consuming to manage.
WHOIS
Pronounced “who is”. This is not an abbreviation; however, it stands for “Who is responsible for this domain name?” It’s an internet service used to look up information about domain names.
Worm
Worms are a type of malware similar to viruses, but they do not need to be attached to another program in order to spread.
Z
Zbot
Zbot is a known family of Trojans capable of stealing user information, such as banking credentials, using man-in-the-browser (MiTB) keystroke logging and form grabbing. Synonym: Zeus/ZeuS
Zero-day
A zero-day vulnerability is an exploitable vulnerability in software that has not been disclosed yet. Zero days sarcastically stands for the time the software creator has then left to patch the vulnerability.
Zero-trust
Zero-trust is a security model wherein no one inside or outside a network is trusted by default, thus requiring users to verify themselves when they want to use a network’s resource.
Zombie
Is the description for systems that have been infected by a Trojan that added the system to a botnet. The term is used because the system is taken out of control of its owner, and now obeys the botherder like a zombie.