Editor's Message

Welcome to DBD. 2023 has been the worst year on record for Data-Leaking Ransomware Attacks, and despite Law Enforcement gains, show no signs of slowing down. On a more positive note, our PRiSM platform continues to gain recognition and is now officially endorsed as a Ransomware Intelligence Resource by the SANS Institute. With that in mind, we would like to take this opportunity to thank you for all your very much appreciated and continued support. Stay safe. :)



Glossary

Please find below a helpful list of definitions for most common Cyber Security terms.

If you are looking for a particular term that isn't in this list, please let us know and we will endeavour to add it for you.


Adware
Adware is a type of software that is used for showing advertisements on websites, web browsers, search engines, free applications and even people's devices. Often, adware consists of pop-ups and other intrusive forms of advertising. Generally, these advertisements are not wanted by users and can result in issues such as laggy performance.

Antivirus
Software that is designed to detect, stop and remove viruses and other kinds of malicious software.

App
Short for Application, typically refers to a software program for a smartphone or tablet.

Application Security (AppSec)
Application security involves the systems and security considerations set in place to protect applications after they are deployed. The goal is to find, fix and prevent cloud security issues.

Attack Path
An attack path is a visual representation of the path that an attacker takes to exploit a weakness in a system. It includes the entire context of related risks and security issues to see and address potential weaknesses.

Attack Surface
Attack surface is a much broader term than attack vector that describes all the potential vulnerabilities that your environment is susceptible to. It describes anywhere and everywhere that an attacker might be able to gain access, including known, unknown and potential threats.

Attack Vector
An attack vector is the method used by an attacker to take advantage of a security mishap existing in a cloud environment with the goal of gaining unauthorized access, taking control of resources, accessing vulnerabilities, or stealing valuable data. Common examples include: stealing or accessing sensitive credentials, elevating access to protected resources via privilege escalation, network misconfigurations that lead to undesired internet exposure, and poor encryption of assets. From there, attackers can use these vectors to gain access to your network through malicious code or other approaches.

Attacker
Malicious actor who seeks to exploit computer systems with the intent to change, destroy, steal or disable their information, and then exploit the outcome.

Blacklist
With a blacklist tool, you're able to list different websites and IP addresses that you want to be blocked on a device or network. Typically, they're used as an internet safety measure by parents to ensure their children can't access adult content (e.g. pornography and gambling websites) online.

Botnet
A network of infected devices, connected to the Internet, used to commit coordinated cyber attacks without their owner's knowledge.

Breach
An incident in which data, computer systems or networks are accessed or affected in a non-authorised way.

Browser
A software application which presents information and services from the web.

Brute Force Attack
Using a computational power to automatically enter a huge number of combination of values, usually in order to discover passwords and gain access.

Bring Your Own Device (BYOD)
An organisation's strategy or policy that allows employees to use their own personal devices for work purposes.

Certificate
A form of digital identity for a computer, user or organisation to allow the authentication and secure exchange of information.

Cloud
Where shared compute and storage resources are accessed as a service (usually online), instead of hosted locally on physical services. Resources can include infrastructure, platform or software services.

Common Vulnerabilities and Exposures (CVE)
A CVE is a list of publicly disclosed computer security flaws. This helps both users and developers understand the risks behind a cloud environment and its configurations. But having no CVEs doesn’t necessarily mean you’re 100% secure.

Credentials
A user's authentication information used to verify identity - typically one, or more, of password, token, certificate.

Cyber Attack
Malicious attempts to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means.

Cyber Incident
A breach of the security rules for a system or service - most commonly;
  • Attempts to gain unauthorised access to a system and/or to data.
  • Unauthorised use of systems for the processing or storing of data.
  • Changes to a systems firmware, software or hardware without the system owners consent.
  • Malicious disruption and/or denial of service.

Cyber Security
The protection of devices, services and networks - and the information on them - from theft or damage.

Data At Rest
Describes data in persistent storage such as hard disks, removable media or backups.

Denial of Service (DoS)
When legitimate users are denied access to computer services (or resources), usually by overloading the service with requests.

Deny List
An access control mechanism that blocks named entities from communicating with a computer, site or network. Can also be known as 'blacklisting' across the industry.

Dictionary Attack
A type of brute force attack in which the attacker uses known dictionary words, phrases or common passwords as their guesses.

Digital Footprint
A 'footprint' of digital information that a user's online activity leaves behind.

Distributed Denial of Service Attack (DDoS)
A Distributed Denial of Service attack is when someone targets a specific server with an abundance of incoming traffic. The idea is to push the resource limit to the max and end up with the website going offline. While this is happening, it's extremely hard to access websites and internet-based services until it's resolved.

Download Attack
The unintentional installation of malicious software or virus onto a device without the users knowledge or consent. May also be known as a drive-by download.

Encryption
A mathematical function that protects information by making it unreadable by everyone except those with the key to decode it.

End User Device (EUD)
Collective term to describe modern smartphones, laptops and tablets that connect to an organisation's network.

Exploit
May refer to software or data that takes advantage of a vulnerability in a system to cause unintended consequences.

Firewall
Hardware or software which uses a defined rule set to constrain network traffic to prevent unauthorised access to or from a network.

Hacker
In mainstream use as being someone with some computer skills who uses them to break into computers, systems and networks.

Honeypot (Honeynet)
Decoy system or network to attract potential attackers that helps limit access to actual systems by detecting and deflecting or learning from an attack. Multiple honeypots form a honeynet.

Identity Access Management (IAM)
IAM is a framework that ensures the right users at an organization have access to the necessary technology resources. It allows organizations to manage employee apps without logging in as an administrator — they can maintain or discontinue access remotely.

Incident
A breach of the security rules for a system or service, such as:
  • attempts to gain unauthorised access to a system and/or data.
  • unauthorised use of systems for the processing or storing of data.
  • changes to a systems firmware, software or hardware without the system owners consent.
  • malicious disruption and/or denial of service.

Insider Risks
The potential for damage to be done maliciously or inadvertently by a legitimate user with privilleged access to systems, networks or data.

Internet of Things (IoT)
Refers to the ability of everyday objects (rather than computers and devices) to connect to the Internet. Examples include kettles, fridges and televisions.

IP Address
An internet protocol address is given to every device that is connected to the internet. It essentially serves as an identifier for connected devices, whether it's a computer, tablet PC, smartphone, router or smart TV, and is also used to locate where an electronic product is being used.

Least-Privileged Access (LPA)
LPA limits user access with a specific focus on system administrators. LPA ensures that only the necessary administrators have access to a system and aims to keep the number of users very low.

Macro
A small program that can automate tasks in applications (such as Microsoft Office) which attackers can use to gain access to (or harm) a system.

Malvertising
Using online advertising as a delivery method for malware.

Malware
Malware is essentially malicious software that has been designed by a threat actor for the sole purpose of breaking into or causing damage to a target's device. Often, the victim won't realise that they've been targeted by malware. Other cybersecurity threats such as viruses, worms, trojans and spyware are all forms of malware but have different purposes and capabilities.

Mitigation
Steps that organisations and individuals can take to minimise and address risks.

Multi-Factor Authentication (MFA)
The use of two or more different components to verify a user's claimed identity.

Network
Two or more computers linked in order to share resources.

Patching
Applying updates to firmware or software to improve security and/or enhance functionality.

Pentest
Short for penetration test. An authorised test of a computer network or system designed to look for security weaknesses so that they can be fixed.

Pharming
An attack on network infrastructure that results in a user being redirected to an illegitimate website despite the user having entered the correct address.

Phishing
Untargeted, mass emails sent to many people asking for sensitive information (such as bank details) or encouraging them to visit a fake website.

Platform
The basic hardware (device) and software (operating system) on which applications can be run.

Proxy Servers
Proxy servers perform the role of a mediator between internet users and websites. They make it possible for users to access websites and online services through a different IP address. This allows people to circumvent geo restrictions and hide their identity, although proxies don't encrypt your internet traffic like a VPN does.

Ransomware
Ransomware is a form of cyber crime whereby a hacker gains access to a device, steals or encrypts data, and threatens to delete or leak this data online unless a ransom fee is paid. Some threat actors may provide access to an encryption key if the victim agrees to pay a ransom.

Router
A router is a piece of hardware for connecting your devices (computers, tablets, smartphones, etc) to the internet, allowing you to surf the web. If you sign up for a broadband package, you'll be provided with a router by your internet service provider (ISP).

Runtime Protection
Runtime protection is the process of detecting and blocking attacks from insight a running software. Runtime application self-protection is a technology that runs on a server and starts when an application is running to detect application attacks in real-time.

Software as a Service (SaaS)
Describes a business model where consumers access centrally-hosted software applications over the Internet.

Sanitisation
Using electronic or physical destruction methods to securely erase or remove data from memory.

Smishing
Phishing via SMS: mass text messages sent to users asking for sensitive information (eg bank details) or encouraging them to visit a fake website.

Social Engineering
Manipulating people into carrying out specific actions, or divulging information, that's of use to an attacker.

Spear-Phishing
A more targeted form of phishing, where the email is designed to look like it's from a person the recipient knows and/or trusts.

Spyware
Spyware, which is also a form of malware, enables cyber criminals to collect sensitive data such as all the activities that an individual or business conducts online, credit card information and account logins. Perpetrators can then use this information for stealing people's identities, launching further attacks or selling data to advertisers, without victims knowing or giving their permission.

Trojan
Trojans, a subset of malware, masquerade as legitimate websites and applications that can trick users into providing personal information such as logins and credit card numbers. They also enable hackers to conduct other malicious activities, such as gaining remote access to infected computers, spying on users and sending text messages. People can become affected by a Trojan by clicking on links in phishing emails or downloading malicious software.

Two-Factor Authentication (2FA)
The use of two different components to verify a user's claimed identity. Also known as multi-factor authentication.

Virus
Viruses are a form of malware that self-replicate with the aim of infecting an entire device. It can cause extensive damage to a victim's computer, both on an operating system and application-level. Devices can become infected by a virus when a user clicks on a malicious link in an email, opens a malicious document or downloads a malicious application. You can usually tell if you've fallen victim to a virus if your device suddenly becomes slow or performs random actions.

Virtual Private Network (VPN)
An encrypted network often created to allow secure connections for remote users, for example in an organisation with offices in multiple locations.

Vishing
The fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers.

Vulnerability
A weakness, or flaw, in software, a system or process. An attacker may seek to exploit a vulnerability to gain unauthorised access to a system.

Water-Holing (Watering Hole Attack)
Setting up a fake website (or compromising a real one) in order to exploit visiting users.

Whale Phishing (Whaling)
Highly targeted phishing attacks (masquerading as a legitimate emails) that are aimed at senior executives.

Whitelist
The opposite to a blacklist is a whitelist. While a blacklist allows users to block specific websites and applications, a whitelist enables them to approve URLs so that they can be accessed on a device or network.

Worms
Worms are another type of malicious software and, like viruses, are also capable of self-replicating. They usually spread across networks in order to infect different computers and create a backdoor for cyber criminals. A worm often leverages security flaws in computing devices. Victims of a computing worm may experience slower internet speeds.

Zero Day
A zero day is a security flaw in a piece of software that has yet to be discovered and addressed by a manufacturer through a software update. Hackers often exploit these in order to breach vulnerable devices. When a hacker exploits a zero-day vulnerability, this is called a zero-day attack.

Data Sources: Lightspin, National Cyber Security Centre (NCSC) & Windows Central.