Whether you are a normal user or a tech-guru, being aware of the computer security threats will help fortify your defense against them. So, here’s a handy A-Z dictionary of cybersecurity terms.
Have you ever come across annoying pop-ups with shady or unwanted advertisements on your computer? Such pop-ups are displayed by software called adware.
These are malicious programs that run via external storage devices. These programs take advantage of the autorun feature of Windows, hence they are known as autorun worms.
Advanced Persistent Threats
Abbreviated as APTs, these threats are slow and persistent in their attacks. They infiltrate a targeted network and stay dormant, waiting for the right time to create havoc.
An attack vector is the carrier or means via which a hacker attacks their targeted systems. It could be an infected email attachment, malicious link, pop-ups, etc.
Also known as a trapdoor, a backdoor is used by an attacker to gain illegal access to a victim’s computer.
A cyber attack that comprises multiple attack vectors and malware is known as a blended attack. Such attacks usually cause severe damage to targeted systems.
Botnet refers to a network of compromised computers that are remotely controlled by a hacker. A botnet is used by a hacker to launch attacks against other targeted victims. Each computer in a botnet is known as a bot or zombie.
If you find that your Internet browser’s settings have changed on its own, including your selected search engine and default homepage, then you have got a browser hijacker in your system.
Brute Force Attack
In a brute force attack hackers try to crack encrypted data (passwords) by trying all possible combinations of words or letters.
Clickjacking is a technique used by an attacker to inject malicious code in clickable content in websites. Clickjacking is usually done to record the victim’s clicks on the Internet or drop a malware infection on the system.
Command and Control Servers
Also called C&C servers, these are machines that an attacker use to communicate with a botnet and control the compromised computers in the network.
Content spoofing is carried out by an attacker to trick their victims into visiting a fraudulent site that looks like the real one.
Cross Site Scripting (XSS)
Also known as XSS attacks, cross site scripting is a technique used by hackers to plant a malicious code into a genuine website. This allows hackers to gather user’s information and use it for nefarious purpose.
Illegal or unauthorized access to or acquisition of classified information or otherwise is termed as data theft.
Denial of Service Attack (DoS)
DoS attacks are targeted attacks against a service to make it inaccessible or unusable by its intended users. Web servers and websites are the common targets of DoS.
In this kind of attack, the hacker tries to break into a password-protected system by trying every combination of word in a dictionary.
If visiting a website or viewing an HTML email automatically downloads a malicious file on your computer, it is known as drive-by download.
Email spoofing is how an attacker crafts the header of a malicious email so that user is tricked into viewing it. This technique is typically used in phishing attacks.
A computer virus that is delivered to the victim via email is known as an email virus.
In most cases, an exploit is defined as an attack where the hacker takes advantage of a security vulnerability in the victim’s machine.
Malware designed to record sensitive information that the targeted user provides in forms on the Internet. These malware particularly target the victim’s financial information.
A menace in the IT security world, identity theft occurs when an attacker gathers personal information and use it to impersonate their victim. This way, the attacker can open illegal bank accounts, obtain credit cards, carry out transactions, etc., using the victim’s name.
Instant Messaging (IM) Worm
Worm are malware that are capable of self-replicating and spreading across the Internet or the compromised network. Worms that spread via instant messaging networks are called IM worms.
When someone with an authorized system access carries out malicious activities on a network or a computer, it is known as an insider attack or insider threat. The attacker might be an employee of the targeted business, or an outsider posing as an employee.
Often a part of spyware, keyloggers are used by an attacker to steal sensitive information entered by the user on their keyboard. Keyloggers come in the form of hardware and software.
Likejacking is a part of the clickjacking technique. It usually targets users of the social network community such as Facebook. Scammers share unusual or compelling posts or videos to trick users into liking or sharing them thus, spreading the scam to other users.
Malware is used as an umbrella term for malicious programs such as viruses, Trojans, worms, spyware, adware, rootkits, ransomware, keyloggers, and rogue security software to name a few. In some cases, the terms ‘malware’ and ‘virus’ are used interchangeably.
Abbreviated as MITM, this attack is launched by a hacker to intercept, record, and control the communication between two users.
Mobile Phone Virus
This kind of virus is specifically crafted to run on mobile devices. These viruses can also spread from one infected mobile device to another.
Pharming is when a user is redirected to a fake website without their consent or knowledge. In most cases, the fake website looks exactly similar to the actual website that the user intended to visit.
See also: Pharming – What is it and How Can you Dodge it?
Phishing is one of the oldest tricks in the book of hackers. It is a technique used by an attacker to acquire personal information from a victim, by posing as a legitimate organization. Phishing can be executed via spoofed emails, fake phone calls, and even SMSs.
See also: What is Phishing and How to Avoid it?
A polymorphic virus is a malicious program that modifies itself when it replicates. This technique enables it to evade detection by security software.
RAT (Remote Access Trojans)
A RAT is a malicious program that can allow a hacker to take over a system from another physical location. Using this malware, the attacker can access and steal confidential and personal data from the infected machine.
Ransomware is a malicious program that performs the following malicious activities after infecting a computer:
– Makes the system non-functional unless the victim agrees to pay a ransom.
– Encrypts the computer’s data and demands a ransom to release it to the victim.
A rogue antivirus, also known as scareware, is a fake program that disguises itself as a genuine software but performs malicious activities in user’s machine. The program may install malware on the system, steal user data, or trick the user to perform fraudulent transactions.
Reverse Social Engineering Attack
In this kind of cyberattack, the attacker convinces a user that they have a problem and that the attacker has a solution to the problem. For instance, an attacker creates a problem for the target. Then the attacker advertises themself as the solution provider, with an intention of luring the victim to divulge sensitive information.
A rootkit is a program (or a collection of programs) that in itself is not harmful, but helps viruses and malware hide from antivirus software.
Session hijacking is an attack wherein a hacker takes control of a computer session to perform illegal activities such as taking over the victim’s online accounts.
Shoulder surfing refers to spying on a user to obtain personal or private information such as PINs, passwords, security codes, etc. Here, the criminal usually looks over a person’s shoulder while the latter might be using an ATM, phone or other electronic device.
SMiShing is a type of a phishing attack where targets are sent fake or malicious SMSs. These SMSs are designed to steal personal information from the target, or trick them into visiting a phishing website.
Spam is defined as unwanted or unexpected emails sent in bulk. Mostly, spam is used to distribute malware.
Spear phishing is a phishing attack where hackers target specific individuals. In a general phishing campaign, phishing emails appear to come from large, well-known organizations. In spear phishing, however, the email seems to be from a trusted individual or a business that the victim knows about. Today, about 91% of attacks on the Internet consist of spear phishing.
A common computer security threat, spyware is a class of malicious program that secretly steals your personal information and sends it to advertisers or hackers. Most spyware come with free online software downloads. Sometimes, a spyware can also come attached with an adware.
An SQL injection is performed by an attacker to exploit a poorly-designed application to produce unwanted database query results. For instance, an attacker can insert a malicious code into a Web form that is used for user authentication. Via this code, the attacker can send his request to the database and perform illicit activities.
A targeted attack is a highly focused attack on specific individuals or an organization. Hackers use this technique to persistently pursue its target while remaining anonymous, for a long-term period.
A Trojan horse is a computer security threat that disguises itself as a harmless program but turns out to be malicious. For instance, a program that appears to be a game but drops a spyware or adware on the user’s computer upon activation, is a Trojan horse.
Twishing refers to phishing scams that are carried over Twitter. The attacker might tweet a post interesting or strange enough to trick users into visiting a fraudulent website and logging in with their credentials.
A technique used by hackers to create a fake URL that impersonates the URL of a secure or legitimate website. A spoofed URL looks exactly like the one of the original website, but redirects users to a phishing or a malicious site.
Virus is a malicious program usually attached to a legitimate or harmless program. When the program runs, the virus gets executed and performs activities that harm infected machines and their data. A virus can copy itself and spread to other files.
Vishing is a phishing attack wherein a hacker uses voice calls to trick users into divulging personal or financial information. Vishing attacks are carried out using conventional phone systems or Voice over Internet Procotol (VoIP) systems.
A vulnerability, also known as a security vulnerability, is a flow or error in a software or operating system that can let hackers take control of the affected machine and use it for illegal activities.
A wabbit is malicious program that keeps dropping its duplicate copies on the infected system. Unlike a worm, it does not spread across networks.
Website spoofing refers to creating a fake site that looks exactly like a trusted and popular website, in order to collect personal or financial information from users. Spoofed websites are created using legitimate logos, colors, designs, etc., to make them look realistic.
Whale phishing is a campaign that is aimed particularly at wealthier individuals. It is also known as whaling.
A worm is a stand-alone malware that can self-replicate itself. Unlike a virus, it does not require a ‘host program’ to attach itself to. It spreads by placing its functional copies in email attachments, instant messages, networks, flash drives, etc. A worm can be used to distribute Trojans, viruses, spam, phishing emails, and other forms of malware.
A zero-day vulnerability refers to a security flaw that does not have a fix yet, and can be exploited by hackers at any given time. In most cases, hackers try to find a vulnerability that neither developers nor users are aware of. And before they do, hackers develop an exploit (a malicious code) to take advantage of the flaw.
A zombie refers to a computer that has been taken over by a hacker. Hackers usually create a large group of zombie computers called botnet, to launch their attacks.