Cybersecurity Glossary

temporary storage of data to allow for future access to the data at faster speeds. This applies to a web browser or CPU cache. The cache can be created from an earlier computation or duplicated from data stored elsewhere. When a user navigates to a URL that requires login information, this data can be cached in the web browser so the next time the user navigates to that site, that information can be populated into the appropriate fields quickly.

a technique used to trick a computer into running malicious Java code from the computer’s local disk cache instead of the Internet. The malicious code is an applet that acts as a port scanner and is executed once the user navigates to a particular site designed by the bad actor.

is when a person uses available photos online to create a fake social media profile and uses it to lure someone into believing they are someone other than who they really are. Catfishing can be performed just to generate ongoing conversation with no other agenda, though it is often used to trick unsuspecting or naive victims into giving the impersonator large sums of money. The perpetrator normally uses the hope of a romantic relationship to coerce their victims. They find clever ways to avoid ever meeting the person face to face.

a form of malware used to manipulate victims into agreeing to unclear terms or the opportunity to provide informed consent, related to an offered service. This type of malware is often associated with porn.

a senior level company executive who is responsible for the entire information technology implementation, use, and management of their organization. They are normally responsible for system design, analysing how technologies will benefit a company, and managing system infrastructure.

or the CSO, Chief Security Officer, is a senior-level executive responsible for the overarching cybersecurity department of an organization. They ensure the company’s technologies and assets are protected from threats.

A Trojan based off of the released Zeus source code. This malware is used to create a botnet and targets banking information, or stored credentials in password managers like Keeass or nexus. The Trojan can also launch other malware types to include ransomware or scareware making it an advanced toolkit.

normally made possible due to lack of stringent input/output data validation, it is an attack that injects code to change the way a program normally executes. It is often used to spread malicious code into legitimate websites.

is a network of servers used to control a large number of compromised systems, normally a botnet. The C&C servers issue commands to the members of the botnet, normally referred to as zombies. These zombies are used to gather sensitive date like financial information or login credentials or to create a Distributed Denial of Service (DDoS) attack.

unethical use of a computer system to do immoral, improper or illegal attacks. This includes launching online attacks, generating and distributing phishing and malware campaigns, stealing or making unauthorized changes to data or gain unauthorized accesses.

a legal technique for gathering and preserving digital evidence that can be presentable in a court of law. The goal is to gather information during an investigation, but maintain a proper and well documented chain of evidence. The computer forensics technician is using this information to investigate what an electronic device was used for and who was responsible.

the group responsible for handling and investigating computer security breaches.

the first letter in the CIA triad, confidentiality is the act of keeping information protected from unauthorized disclosure.

used by websites to track your usage. It is a type of file record text file that tracks how you used a site, what you viewed, your preferences, even your shopping cart history. Cookies can be helpful as they can increase the website speed when you visit the same site again. They can also introduce a vulnerability as they contain potentially sensitive information.

is a infostealer Trojan that was designed to collect and steal information from an affected computer. In time, the Trojan evoled and added more capabilities to include browser injections, realtime form grabbing, Maninthemiddle attacks, etc. It can be embedded with other types of malware to create a complex cyber attack. It is similar to the Dyreza and Neverquest exploits.

any malicious software used to facilitate online illegal activity. Phishing kits that are sold online to give those with minimal technical skills, the ability to launch a phishing campaign is one example of crimeware. Spyware, keyloggers and brower hijackers can all be considered crimeware as well.

an injection attack used against a web application that accepts input. A web application that does not properly separate data from executable code is susceptible to this type of attack. Browsers can’t differentiate between valid markup and malicious markup. Whatever text is input is accepted. XSS allows criminals to inject client-side scripts into pages.

a type of ransomware that emerged in 2013. Its objective is to infect Microsoft Windows PCs. CryptoLocker is normally distributed through malicious email attachments. A botnet is used to launch the attack. Once activated, it encrypts the data stored on the device as well as any cloud storage accounts. Then a message is displayed giving the victim information on how to pay the ransom to get the decryption key.

a type of ransomware Trojan that is a CryptoLocker variant. A datastealing ransomware, that mainly spreads through phishing and spam campaigns. The email invites users to click a malicious link or download. CryptoWall code is also included in malicious websites ads. Once executed it encrypts all the data on the newly infected PC and any other PC on the same network. The victim is then prompted to pay the ransom in bitcoins so they can get the decryption key and regain access to their data. CryptoWall is on its fourth iteration and there is reason to believe this won’t be the last.

is the acronym for Chief Security Officer. This is a top-level executive responsible for ensuring the security of an organization’s human, financial, physical and digital assets. Their responsibility is to align both the cyber and business goals.

the CurveTorBitcoin Locker is a type of fileencrypting ransomware that emerged in 2014. CTB Locker is delivered through aggressive spam campaigns and achieved a very high infection rates based on its capabilities and multilingual adaptations, and it employed an affiliate model to recruit malicious actors that could spread the infection further in return for a percentage of the profits. The curve refers to its persistent cryptography is based on elliptic curves, which encrypts the affected files with a unique RSA key. Tor represents the malicious server placed in the oniondomain. Bitcoin refers to the suggestion to pay the ransom in Bitcoins, avoiding normal payment systems that can lead back to the criminals.

Also called a cybercampaign, cyberwarfare, cyberterrorism or online attack. It is any malicious action performed by an individual or group that targets computers, networks, or information systems. It includes the deployment of malicious code for the purpose of stealing or altering data. In recent years, online attacks have become more and more sophisticated and law enforcement agencies are having a hard time keeping up with this global menace.

any violation of an organizations security policy. Or an attempt to gain unauthorized access to a system or network. A threat or event to disrupt or impair the confidentiality, integrity or availability of data, information systems or networks.

software used for military, or intelligence purposes. It performs actions that were previously executed by a soldier, spy or other human agent.

technologies, process, practices, and policies created and enforced to protect computers, programs, networks or data from damage, exfiltration, unauthorized access or attack. Cyber security deals with the logical protections as well as the physical ones. Elements included are operational, informational and network security, cybersecurity awareness training, and Disaster recovery/business continuity planning.