Cybersecurity Glossary

a piece of information that contains valuable information, often financial. It could be a database, document or any type of record that is managed as a single entity. The information is directly connected to the number of people that have access to that data and for this reason it needs to be protected accordingly.

is the assurance that digital information has been protected from being altered in any way.

the unauthorized release of sensitive or classified information from a protected system to an external entity or person.

a process in which information is destroyed. It could happen due to failure or neglect in transmission, or malicious acts performed by cybercriminals. To prevent data loss, IT teams should implement backup and recovery procedures.

the act of stealing digital information. The intent is normally to compromise a victim’s privacy or obtaining confidential or sensitive information. This is a growing concern for both individuals as well as large corporations.

When a bad actor disrupts access to system or network resources by legitimate users. This type of attack is often carried out by a botnet sending a flood of messages or malformed packets to force the target system to slow down or crash.

a spyware device or program that is used to maliciously redirect online communication. It disconnects the legitimate phone connection and reconnects to a premium rate number, which results in the user receiving an expensive phone.

a technique used to validate the integrity and authenticity of a message, software package, or other digital content. Based on public key cryptography where two keys (public and private) are generated. A oneway hash of the electronic data is created, and the private key is used to encrypt the hash. The encrypted hash along with the hashing algorithm is the digital signature. A digital signature is difficult for a hacker to duplicate, which makes it important in information security.

the documented approach on how to handle potential loss due to an attack against a computer system or IT infrastructure or a software failure. It provides stepbystep procedures on how to recover the mission critical functions after a disaster. A recovery plan should be developed during the business impact analysis process and should establish the recovery time objective (RTO) and recovery point objective (RPO).

is used to corrupt a domain name system (DNS) server by modifying the table so a legitimate address is replaced by a malicious one. This will redirect a user’s URL request with the malicious one. This opens the user to the risk of being infected with a worm, spyware hijacking program or other form of malware.

also referred to as DNS redirection, is an online attack that overrides a computer’s TCP/IP settings to direct communication to a malicious server controlled by cybercriminals.

takes advantage of vulnerabilities in applications that let users read or edit documents.

a computer program used by various malware families to create slightly different variations of a certain domain name. The generated domains are used to hide traffic transmitted between the infected machines/networks and the command and control servers. This way, cyber criminals can cover their tracks and keep their anonymity from law enforcement and private cyber security organizations. DGA domains are heavily used to hide botnets and the attacks they help launch.

a malicious tactic used by cyber criminals to build their infrastructure and launch attacks while remaining undetected. First, attackers steal and gather credentials for domain accounts. Using these stolen credentials, they log into the domain account and create subdomains which redirect traffic towards malicious servers, without the domain owner having any knowledge of this. Domain shadowing allows cyber attackers to bypass reputationbased filters and pass their malicious traffic as safe.

Modern, advanced malware often has modular structure, including multiple components. One of them is dormant code, which means that the malware needs specific triggers to execute the task is was created for. This type of behavior is coded into the malware so it can bypass signature-based detection products such as traditional antivirus and anti-malware solutions. Another reason for using dormant code, advanced malware, such as ransomware or financial malware, usually rely on extern infrastructure to download components for infection, the malware can remain dormant and undetected if it can’t reach its Control and Command servers to execute further.

a strain of financial malware that uses Microsoft Office macros to infect information systems. Dridex is engineered to collect and steal banking credentials and other types of personal or sensitive information. Its fundamental objective is to commit banking fraud.

is the unintentional download of a virus, malware or other malicious software onto a system. A drive-by attack will usually take advantage of, or exploit, a browser, app, or operating system that is out of date and has a security flaw.

compels organizations to develop and deploy a cyber security plan to prevent fraud, abuse. It also encourages organization to deploy safeguards and countermeasures to detect them if they occur. This will help to maintain the confidentiality and safety of business data.

an illegal method used to obtaining passwords and corporate directories by searching through discarded media. Just as it sounds it normally includes diving into a publicly assessable dumpster looking for personal or sensitive data.

Also called Dyre, is a banking Trojan or financial malware that first appeared in 2014. Its behavior is similar to the ZeuS family, although there is no connection between Dyreza and ZeuS. The malware hides in popular web browsers that millions of users employ to access the web and aims to retrieve sensitive financial information every time the victim connects to a banking website. Dyreza is capable of keylogging, circumventing SSL mechanisms and twofactor authentication, and is usually spread through phishing emails.