Advanced Persistent Threats (APTs)
A stealthy threat actor that possesses sophisticated levels of expertise and significant resources which gains unauthorized access to a computer network and remains undetected for an extended period. APTs use multiple attack vectors, including cyber, physical, and deception.
An advertising-supported software that generates revenues for its developer by continuously deploying online advertisements and automatically generating advertisements – banners displays, videos, pop-up ads,… – on the screen of a user’s interface.
Also known as antimalware, consists of software used to prevent, detect, and remove malware such as viruses, computer worms, spyware, keyloggers, trojan horses, adware, or spyware among others.
The set of points on the boundary of a system or an environment that an attacker can use to try to enter, extract data from, or cause damage to that system or environment.
The route or method used by an attacker to get to the target.
The individual, group, or organization who acts with malicious intent to destroy, disclose, alter, disable, steal, or gain unauthorized access to or make unauthorized use of an asset in an information system.
A hidden method used by attackers to bypass a computer authentication system.
A term that comes from the world of military simulation exercises which refers to a team of security engineers who focus on defending an organization form cyber-attacks by understanding adversaries’ attack tactics, techniques, and procedures, and evolving them. Blue Teams typically employ a wide range of security tools, processes, and techniques to detect security flaws, collect forensic data, and perform data analysis to improve the effectiveness of security measures.
Web robot, robot, or simply bot, is a software application that runs automated tasks (scripts) over the Internet.
An interconnected collection of computers (bots) compromised by malicious code and remotely controlled across a network with the objective of sending spam, malware, or a large number of messages to perform a denial of service attack.
Bring Your Own Device (BYOD)
A policy incorporated by many organizations that allow employees to bring and use their own device for work-related matters.
A method used by attackers to guess login credentials by systematically trying various combinations of usernames and passwords.
Common Vulnerabilities and Exposures (CVE)
A list of entries each containing an identification number, description, and at least one public reference for publicly known cybersecurity vulnerabilities.
Cookie (HTTP cookie, web cookie, internet cookie)
A string of data that acts as an ID or a piece of information that is associated with a specific device. It allows websites to identify you when browsing the web or visiting a website.
Critical digital asset
A digital asset that could be used to compromise, attack, or degrade a critical business function.
The use of mathematical algorithms and techniques to provide security services such as confidentiality, data integrity, authentication, and non-repudiation.
A method used by attackers to mine cryptocurrencies by using the processing power of a targeted device.
The potential of loss or harm resulting from a cyber incident, as determined by the likelihood that a particular threat will exploit a particular vulnerability, and the measurement of the resulting harm.
Any cyber circumstance or cyber event that has the potential to adversely impact an organization or its assets.
People who use computers or the internet to commit crimes.
A security incident in which sensitive or confidential data is intentionally or unintentionally distributed to untrusted or unauthorized parties.
The reverse process of encryption used to convert an encrypted message into its original readable text.
A method used by attackers to temporarily disable or shut down resources or services, typically by flooding a network, a server or a website with data.
Distributed Denial-of-Service (DDoS)
Refers to a coordinated type of denial-of-service attack where multiple sources, often infected with malware or otherwise compromised, are used to perform the attack, thus making it impossible to respond by simply blocking a single source.
The process of cryptographically transforming data into ciphertext, making it only readable to those with the key to decode it.
Practices, technologies, and solutions for securing devices such as computers, tablets, mobile devices, IoT devices, and servers that connect to a network. Endpoint security is becoming increasingly important to organizations given the rising trend in remote work practices.
A set of automatic attack tools that exploit one or more vulnerabilities.
A security system that restricts data communication traffic between connected networks according to established security policies that seeks to prevent unauthorized access to or from a network.
A computer hacker is a skilled computer expert who is curious by nature. Hackers use their technical knowledge and experience to overcome problems in a creative way. They are experts at spotting security flaws in programs, systems, or devices and are often hired to perform security audits and improve network security.
A numeric value resulting from applying a mathematical algorithm against a set of data such as a file or a password that has a fixed length and is unique to the original data.
A breach of security that actually or potentially compromises the confidentiality, integrity, or availability of an information system.
A type of cloud-based service that works as an alternative or substitute to on-premise infrastructures and provides the customer with storage, processing, networks, and other computing resources.
A threat to an organization that comes from people with authorized access that can harm an information system through destruction, disclosure, modification of data, or denial of service.
Internet of Things (IoT)
Refers to the ability to connect a wide range of devices, everyday objects, and even processes that have a unique identifier (UID) to the internet, with the purpose of gathering, sending, or receiving information and acting upon it.
Internet Protocol Address (IP Address)
A unique numerical label associated to each device connected to a computer network that uses the Internet Protocol.
Intrusion Detection System (IDS)
A system designed to monitor and scrutinize network traffic associated with known cyberthreats.
Intrusion Prevention System (IPS)
A control system that resides between the internal and external networks designed to proactively reject traffic that matches a recognized security threat profile.
Malicious software designed to record keystrokes on a computer. It is often used by attackers to steal information such as login credentials or encryption keys.
A subset of artificial intelligence (AI) that allows computers to analyze data, build models, or produce predictions and assumptions based on the ingested data. After several iterations, the machine creates a learning process and is able to identify patterns and make decisions with no human interaction. In cybersecurity, these techniques help computers adapt to evolving threats.
The act of inserting malicious advertisements into otherwise legitimate websites with the intent of hijacking the viewer’s device.
Malware (short for “malicious software”) refers to software developed with the intent of infiltrating, disrupting, damaging, compromising, or gaining control of computer systems or networks.
Managed Detect and Response (MDR) services
Services designed to provide organizations with threat hunting, detection, and response. They include access to security operations center (SOC) capabilities to rapidly detect, analyze, investigate, and actively respond to threats.
Man-in-the-Middle (MitM) attack
A method used by attackers to intercept communications between a sender and a recipient, usually with the aim to steal confidential information.
MITRE attack framework
Is a comprehensive and globally-accessible knowledge base of adversary tactics and techniques based on real-world observations of cyberattacks that are used by red teams, threat hunters, and defenders to identify vulnerabilities in an organization’s defenses and prioritize them based on risk.
Multi-Factor Authentication (MFA)
A security mechanism that requires presenting two or more factors of authentication before access to a system is permitted. Common factors used for authenticating a person’s identity are something you know (a password), something you have (a hardware token or a code received on your cellphone), and something you are (biometrics).
A software that is freely distributed with its original source code that can be modified, distributed, adapted, or improved on.
Refers to the component of an exploit that performs malicious activity.
Penetration testing (Pentesting)
A method of testing by which security experts, typically working under specific constraints, search for flaws that allow to circumvent the security features of a network or an information system. By using the same tools, techniques, and attack methodologies as cybercriminals, a pentest identifies security vulnerabilities and helps to resolve them before they can be exploited by an attacker.
A technique where an attacker, masquerading as a trustworthy entity in an email or on a website, tricks individuals to disclose sensitive information or to perform an action (such as clicking on a link, downloading malicious software, or making a payment).
Refers to a category of cloud computing services that provide customers with a remote platform where they can develop and deploy new software applications over the internet without the need to face the costs of building and maintaining the hardware and software in-house.
A team of security experts whose function is to enhance the interaction and cooperation between Blue and Red teams and maximize their respective and combined capabilities.
A type of malware that infects a device and then proceeds to encrypt the victim’s data, denying them access to their files. The attacker then extorts the victim by demanding the payment of a ransom in exchange for the decryption key.
A system used to determine and confirm that the user accessing that particular website or page is a human and not a bot.
A team of security analysts who test an organization’s defenses by emulating a potential adversary’s attack or exploitation capabilities, with the objective to improve the organization’s security posture.
Remote Access Trojan (RAT)
A form of malware that comes embedded inside an apparently benign host file which aims at remaining hidden and providing a backdoor through which the device or system can be remotely accessed by the attacker.
The ability to continuously adapt to changing conditions and prepare for, withstand, and rapidly recover from an adverse cyber event.
The potential of loss or harm resulting from an incident, as determined by the likelihood that a particular threat will exploit a particular vulnerability, and the measurement of the resulting harm.
The average risk an organization seeks as part of normal business operations.
The process by which the risks facing an organization are identified, analyzed, and evaluated for the purpose of informing priorities and decision making.
The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring, or controlling it to an acceptable level considering associated costs and benefits of any actions taken.
A set of software tools that allow attackers to gain root-level access, which is the highest-level permission.
A sequence of commands or instructions that can be automatically executed by an interpreter. Scripts are often used to automate repetitive tasks.
Security Information and Event Management (SIEM)
Refers to tools that collect and aggregate real-time data from various information system components and use rules and statistical correlation to analyze and detect unusual or malicious activity. When anomalous behavior is detected, the SIEM interface triggers an alert that activates the reporting and incident response.
Security Operations Center (SOC)
A facility that houses a team of information security experts dedicated to monitoring and analyzing an organization’s security posture in real time. A SOC team seeks to prevent cybersecurity threats and detects, analyzes and responds to incidents by integrating technology solutions with a strong set of processes.
A type of phishing attack that uses text messages (SMS, MMS, or other IM services) instead of email messages.
A type of psychological attack that uses deceptive tactics to trick people into taking actions that will benefit the attacker. Posing as someone the victim knows or trusts, the attacker will manipulate the victim into sharing sensitive information or performing certain actions, such as downloading and executing malicious files or granting access to a restricted area.
A type of cloud computing service where the provider offers the customer the ability to use a provided application over the internet.
Unwanted or unsolicited messages typically sent in bulk via email. Most SPAM is advertising but may sometimes include malware or links to malicious sites.
A form of phishing that is targeted against specific individuals or organizations in which some previous research about the intended victim is often conducted. The attacker, masquerading as a trusted source, will use personal information to craft a customized email, thus making it easier for the recipient to fall victim.
The act of forging the identity of the source of communication or interaction, such as an email address, an IP address, or a MAC address.
A type of malicious software that is stealthily installed into a device with the goal of monitoring user’s activities and reporting them to an external party that might leverage this information for commercial purposes or fraud.
A type of code injection technique that allows the attacker to exploit vulnerabilities and to take control of an application’s database with the intent to misuse or disrupt the data.
Tactics, Techniques, and Procedures (TTPs)
Describes an approach of analyzing how an adversary or threat agent orchestrates attacks with the intention of profiling their actions. Understanding TTPs provides more accurate ways to predict, detect, and respond to attacks.
Any circumstance or event that has the potential to adversely impact an organization or its assets.
A person, group, organization, or government that poses a threat to an organization or its assets. Threat actors may be internal, external, in relation to their target, and their intent may vary.
A process for evaluating and verifying perceived threats, including assessing their likelihood.
A type of malware where a malicious payload is embedded inside a host file that presents itself as a regular, benign program or utility in order to persuade the victim to install it. Trojans do not propagate or automatically install, requiring some form of user intervention.
Two-Factor Authentication (2FA)
The use of two different authentication components to validate a user’s identity before granting access to a system. [See Multi-factor authentication (MFA)]
Virtual Private Network (VPN)
An extension of a private network across a public network in order to enable users to securely send and receive data across them, as if it were directly connected to the private network.
A type of malicious software that attaches to a host file and has the ability to replicate itself and spread to other computers or files but needs user interaction to trigger it. Viruses are typically designed to alter the way a computer operates, damage, or destroy data.
A form of phishing through which an attacker disguises as a trusted source to steal sensitive information over the phone or trick the user into taking an action such as downloading malicious software.
A flaw or weakness in an information system, security procedure, or control that allows attackers to compromise a system or network if exploited.
A highly targeted form of phishing where cybercriminals masquerade as senior executives at an organization with the aim of stealing money or highly valuable information or gaining access to their computer systems for criminal purposes.
A self-contained malicious program that has the ability to activate, replicate, and propagate itself without any human interaction. Worms can cause the same harm as viruses, but their damage is often due to the worm’s replication and distribution activities consuming all system resources.
A recently discovered vulnerability that has yet to be identified or addressed via a patch or public fix, which threat actors can exploit.
Zero-Day attack (0-day attack)
A threat that tries to exploit newly discovered application vulnerabilities for which a patch or fix is still not available.