Cybersecurity Glossary

a network attack deployed by cybercriminals, or a bad actor, who have a high level of expertise and resources to infiltrate a network. They are able to gain access to a network and stay undetected for a long period of time. They usually use this type of attack to target large organizations seeking to retrieve economic or financial information. In some cases, they might even try to use this form of attack to stop or block a company’s program or agenda. Since an advanced persistent threat is executed over long periods of time, it is difficult to be detected and blocked by average users and requires a specialized security program or a team of experts to find a solution.

a type of software that delivers ads on your system. Most types of adware are not dangerous, but there is another dangerous form of adware that delivers spyware, which can track your activity and retrieve sensitive information. For this reason, users should not download an application from unsafe websites and should pay attention to bundled software. Less serious issues caused by adware can be system slow down or too multiple annoying popup ads that can fill your computer screen. Adware can also cause stability issues. To remove malicious adware or spyware from the system, check online for specialized tools like Malwarebytes or Spybot.

exploit kits are tools used to implant malicious code, or malware, onto a target system. The Angler Exploit Kit is one of the most used exploit kits. It has been around since 2013 and has maintained its popularity among cyber criminals. In 2014 its use accounted for 17% of infected systems, in 2015 that number jumped to 40%. Angler is easy to use, with a user friendly interface, meaning even a novice user could execute an attack on a victim. It can be instructed to install malware, include the newly infected system into an existing botnet, or collect sensitive information. Angler mainly exploits vulnerabilities in outdated or unpatched software.

an Intrusion Detection System (IDS) uses either signature based, or anomaly based detection methods. Anomaly based detection creates a baseline of what is considered normal network behaviour for an organization. This baseline is documented as what is accepted behaviour. Any actions that happen outside of the baseline are considered abnormalities. The system defines whatÕs normal and what an anomaly based on rules instead of patterns. Defining the rules can be difficult as it takes time to analyse all of the protocols used within a network. Each protocol is analysed, defined and then tested. This type of IDS is notorious for identifying false positives. It also struggles with identifying any malicious behaviour that may still fall within the normal patterns of usage.

also known as an anonymizer, is a process to hide your identity while online by hiding your IP address. A proxy server used to as an intermediary connection between your computer and the final cyber destination. Anonymizers are used to avoid detection, not just by cyber criminals, but also people who want privacy from targeted ads or marketing campaigns. They are also used in strict censorship environments to allow its users to freely access Internet content.

is software designed to protect your computer from malware, ransomware, Trojans, viruses, and other malicious software.

is software and techniques designed to prevent unsolicited email from infiltrating your inbox. Antispam software will scan incoming mail for certain keywords that are known to be associated with spam or phishing emails as well as email attachments for viruses and malware.

a technique used to counter a potential spoofing attack. Antispoofing techniques included creating rule sets on a firewall or router that will identify and drop network packets that are identified as having a false source address.

similar to antivirus software, antispyware scans your computer for spyware and removes it upon detection.

used to identify and remove any viruses on a computer system or network. Scans can be performed on demand or scheduled for certain times. Larger organizations may schedule scans to run after hours to avoid using precious system resources when most users or active and online.

is a Trojan virus that is used to delete system files, modify registry settings, slow system performance and infect the system with popup ads. This virus also has the capability to steal personal information from the infected computer and sending the information back to the perpetrators.

any type of malicious use of software or resources to try and steal information, cause a denial or service, or just create general havoc with a person or a company. Some online attacks are used just to embarrass or hurt a person or entity. This includes revenge porn sites, the releasing of the names of Ashley Madison subscribers, the release of emails from Sony and even the Democratic National convention.

is the way information is arranged that can be used to identify an attackerÕs exploit attempt. When an organization uses an Intrusion Detection System (IDS) that is signature based, it identifies the data patterns in the signature to identify a potential attack.

the process of identifying and verifying a user or process. Current cybersecurity trends suggest the use of multifactor authentication methods, which means using at least two types of methods. Some ways to authenticate a user is the use of something they have, something they know, and something they are. A user can have a security token, like the RSA random number generators. Something they know would be a user name and/or password. Something they are would make use of biometrics. Some ways to combine these methods is to have a user log in with a fingerprint as well as entering a pin number.

is a virus that exploits the autorun feature of Windows machines, and is normally sent as an attachment. Once it is executed is can replicate itself and infiltrate the rest of the network. The autorun worm is used to take up memory and to steal space as well as steal personal information and send spam to other users.