Cybersecurity Glossary

malicious software used to open ports that allow a hacker to have remote access to the affected computer.

creating a copy or archive of data that can be used to restore a system after some type of disaster.

a set of basic security measures implemented on a system that represented the minimal security level

a person who exploits system vulnerabilities in order to breach security. These individuals have nefarious intent and use their newly gained access to perform malicious acts or for personal gain. Black hat hackers are also called crackers. This may be a more accurate term as hackers build, and crackers break. Black hats break into computers and often destroy them with viruses.

a type of access control that denies specific elements access to system or network resources. This could include emails addresses, certain user ids, URLs, IP addresses, domains, file types, etc. Blacklisting is the opposite of whitelisting which is a strict list of elements allowed to access a system or network. Blacklists can be implemented on a DNS or email server, firewall, web proxy or a host computer.

a type of exploit that uses a combination of attacks against various vulnerabilities. Multiple attack vectors are employed to increase the severity of the attack and the subsequent damage. Conficker is one well known example. It may be called a just a virus, worm, or Trojan, but could be a blend of all three.

The boot sector is the portion of a computer that initiates the startup sequence. Boot sector malware takes the original boot sector, hides it somewhere on the hard drive and replaces it with a modified version. When the computer is started again after infection the malware is activated. Even if the boot up is unsuccessful, the virus can still spread. The infected code is copied to the floppy disk’s boot sector or the partition table on the hard drive. This type of malware is normally difficult to identify and remove, but it has lost popularity since the decline in boot floppy disk.

also known as an Internet Bot, Web Robot, or WWW robot, is an application that can automate tasks. A bot can be used to send texts, tell the time, ordering food, setting alarms, or searching the internet. Siri is an example of a bot. There are malicious uses of bots. They can contribute to coordinating a denialof service attack, and can be used to commit click fraud. There are spam bots that send large amounts of spam that often contain advertising links that could be malicious. It has been estimated that over 94 percent of websites have experienced a bot attack.

a combination of the words robot and network, used to describe a group of malware infected, internet connected devices that are often used to perform a Distributed Denial of Service (DDoS) Attack, steal data, or send spam. The devices are controlled remotely using command and control (C&C) software.

an organizational practice allowing employees to use their own electronic devices at work, or for work purposes. There are specific variations that include BYOT (bring your own technology), BYOC (bring your own computer), BYOL (bring your own laptop), BYOA (bring your own apps), or BYOPC (bring your own PC). This type of practice increases the number of potential vulnerabilities within an organization.

when malicious software, sometimes called hijackware, is used to modify a web browser’s settings without any user interaction. The software injects advertisements into the user’s browser, redirects to unwanted URLs, changes the home page or adds bookmarks, often to pornographic sites, or generate popup ads and spyware. Browser hijacking software is often installed with freeware, and is often mentioned in the user agreement, though it is not called browser hijacking. This means users agree to the installation and subsequent consequences, though they may not realize it due to the low number of users that actually read the terms and conditions. Browser hijacker software is also installed as the result of infected file share or email or a drive-by download.

is an application that uses a trial and error method to crack passwords or Data Encryption Standard (DES) keys, by working through every possible combination of characters and sequences. Brute force is a time consuming approach.

when a program writes more data to a buffer than it can hold it will overrun the bufferÕs boundary and subsequently overwrite adjacent memory locations. To avoid a buffer overflow programs should include sufficient bounds checking to discard excess data when too much is sent into the buffer.

an error or flaw in computer code, software, or system that will cause the program or system to act erratically, produce unexpected results, or completely crash. When programmers look for bugs in their code it is referred to as debugging. Once a product is released to the public bugs can still be found. This is when a patch is released to fix the program.

protocols used to encrypt and decrypt data. This encryption protects data in transit from compromise or theft protecting the integrity and confidentiality.

examines the potential impacts to business after a disruption and develops strategies that will aid in recovery. During the BIA a risk assessment is performed to identify potential vulnerabilities, critical business processes are identified as well as the fastest ways to get the critical processes back online.