Cybersecurity Glossary

A type of malware used to hold a system hostage by encrypting files found on a system until the victim pays a fee for the decryption key.

The immediate response to an attempt to compromise and infiltrate a system. This could be the response time for an Intrusion Detection System (IDS). Understanding the realtime reaction aides an organization in understanding their security posture and assess what safeguards they should put in place.

Gaining entry to a computer or network from a physical distance. This means a user can log into a computer that is at work from home. Remote access can be used by employees that telecommute, or system administrators that need to gain access to computers to troubleshoot issues.

A malware tool that is used to create a back door on a target computer for the bad actor to gain administrative control. The RAT could be sent as a malicious email attachment, or embedded in an application like a game. Once the RAT is installed the bad actor could install a keylogger, access sensitive data, format the drives, delete or alter files, or could use the infected computer to infect other computers and create a BOTNET.

When an authorized system administrator or other computer technician uses remote access services to troubleshoot, diagnose and fix issues on a computer system. Some organizations have outsourced their technical department to third party vendors who do not reside in the state, or at times even the country. These physically distant administrators can still remotely monitor and administer the systems under their care.

Also called a playback attack, is a type of maninthemiddle attack where a data transmission steam between two parties is maliciously or fraudulently repeated or delayed. This could lead to a redundant order of an item.

The hazards that remain once all efforts to identify and eliminate threats are completed. Any identified threat has some level of residual risk that remains. When organizations identify the residual risks they should identify the requirements in relation to the risk, determine their own strengths and weaknesses, and identify potential options to offset the risks.

Refers to an organization’s ability to restore its system’s usability and functionality during and after a cyber attack. The importance of the organization’s cyber resiliency should be evaluated and examined during the creation of disaster recovery and business continuity plans.

Taking an object apart to see how it works. This is used to analyse, duplicate or enhance the product. In cyber security, reverse engineering is often used to gain a better understanding of malware. Reverse engineering malware aids in creating better safeguards.

An analysis of an organization’s security posture to evaluate vulnerabilities and risks and their potential impact if exploited.

An organizational process for identifying assessing and controlling threats. Risk management includes performing a risk assessment and creating a risk mitigation strategy. Risk management is a continuous process that should be reviewed according to industry standards.

The process of evaluating, prioritizing, and managing mitigation tactics and measures.

Fraudulent and malicious software used to mislead users into thinking they have a virus and need to purchase software to remove it. This is similar to both ransomware and scareware. The bad actor can use the fraudulent antivirus to extort more money out of the victim to have the rogue software removed.

Another type of malicious software that pretends to be a harmless and useful program like antivirus software, in order to trick its victims into paying money, or it can be used to steal sensitive data from the infected system.

the process used to identify the starting point of a security risk.

Tools used to gain administrative access to a computer or network. A bad actor could install a rootkit after exploiting a vulnerability which allowed them to gain user level access to the system. Once installed they can discretely elevate their privileges. With elevated privileges they can alter log files, gather information, or exploit other systems on the network. Rootkits can have embedded spyware that is used to gather keystrokes and monitor traffic.