Key Cybersecurity Terms You Should Know
Cybersecurity is such an important topic nowadays. We regularly hear about large corporations getting hacked and employees’ personal data being compromised. New smartphones hit the market and their security features are emphasized to calm consumers’ rightful concerns.
As the conversation about cybersecurity reaches a larger audience and becomes ever more prevalent, it also becomes all the more important that we understand the terms we so often hear—words like “vulnerability,” “exploit,” “phishing” and more. By understanding the terms used in discussing cybersecurity, we can begin to understand the various types of risks that are out there and take the appropriate measures for protecting ourselves.
Here are some of the commonly used terms relating to cybersecurity, and their explanations.
Software developers face some serious challenges, among them making sure their program works properly even when it encounters unexpected scenarios and user behaviors, and eliminating any potential bugs. These challenges become all the more important when it comes to security. If a bug exists in the program, hackers could potentially do things they shouldn’t be able to do, like gaining full access to the system or embedding within it their own malicious software.
A vulnerability is a certain weakness in the program caused by a bug or by poorly written code (either because the developer made a mistake or because their code didn’t account for a specific unexpected scenario). This weakness can be used by hackers to exploit the program. On that note, let’s look into exploits…
We hear the term “exploit” in everyday language, where it typically refers to taking full advantage of something (and it’s used as a verb). When it comes to cybersecurity, the term is actually used as a noun that means software designed to take advantage of a vulnerability in a piece of software.
Hackers need to develop exploits in order to embed malicious code into a piece of software, and indeed sometimes they’re not quick enough to do so before the vulnerability is discovered and patched. To their advantage (and our disadvantage), there are now exploit kits that can help hackers spread malware. Exploit kits have pre-written code that automates the process of infecting a system. Check out this great article about how exploit kits work for more information.
In the old days, a hacker who wanted to gain access to a computer network would look for vulnerabilities and use exploits in order to hack into the network. But as time went by and cybersecurity solutions improved, it became much more difficult for hackers to gain access to secure networks.
Leave it to hackers to discover alternate methods for exploiting systems. It didn’t take long for them to realize that, despite advanced cybersecurity solutions, there was still a weak link: the users themselves. Why go through the trouble of hacking into a bank’s network in order to access a victim’s bank account, when they could get the victim himself to divulge the needed information?
Phishing attacks are a form of “social engineering,” an attack method hackers often use that relies heavily on tricking people. These types of attacks involve websites that mimic legitimate sites (such as those of major banks or online services like PayPal or Gmail) in an attempt to fool people into providing their credentials. Needless to say, once the information has been entered to the Phishing page, it’s sent directly to the hacker, not to the legitimate service the site mimics.
To lure victims to a Phishing site, hackers use Phishing emails, or spam emails that look like they were sent from the legitimate service that’s being mimicked. These emails may prompt the recipient to update his or her password, and provide a link to the Phishing site. The user goes to the site and enters his credentials, all the while thinking he’s logging into the legitimate service’s website.
Fortunately, there are ways to identify a Phishing scam before falling victim to one. Get some tips from Wired’s guide for Identifying a Phishing Scam.
The term malware is a short for malicious software. It refers to any type of software with criminal or malicious capabilities, from stealing credentials to pushing unwanted ads to the user to encrypting a victim’s hard drive and locking the computer for extortion purposes. Unfortunately, malware exists for most popular platforms including computers and mobiles alike.
Malware can be extremely sophisticated, and is considered one of the most advanced weapons in a hacker’s arsenal. Indeed, early 2015 saw the rise of one of the most malicious and sophisticated of malwares, TeslaCrypt. This malware took hostage of victims’ files, requiring a ransom for those files to be released, and the cybercrime gang behind the malware even set up their own Help line in order to further take advantage of victims.
Malware like TeslaCrypt is rare, but other types aren’t. Trojan horses, a type of malware that steals victims’ login credentials, are one of the most popular types of malware, and it would serve anyone interested in their online privacy and security to know about them and know how to avoid them. For more info, check out Tom’s Guide’s article on how to avoid Trojans.
Imagine if malware was being operated by a massive network of infected computers, rather than by a hacker. Pretty scary stuff, right?
That type of network exists, and it’s called a botnet – a network of bots, or machines infected with malware. What makes multiple malware-infected machines part of a single network is the fact that the malware on each machine uses the same infrastructure. They all receive orders from a single server, and they all receive those orders from a single person: the “bot herder.”
What can botnets do? They can take down websites by flooding them with requests (see “Distributed Denial of Service” below), steal massive amounts of information (usually account login credentials that are later used to steal identities), and more.
Spear Phishing attack
While Phishing attacks have a wide range of targets—the attacker sends a Phishing email to as many people as possible, hoping a lot of recipients will fall victim to the attack—Spear Phishing attacks target specific individuals.
Typically, Spear Phishing targets are key stakeholders in organizations, such as executives or system admins. The Phishing emails used in these attacks are specifically crafted for those individuals, and may include specific information that’s relevant to them, such as their position, industry or location.
Spear Phishing emails might direct a victim to a Phishing website, but often times they simply include a malicious attachment. When the victim opens the attachment, he triggers malware that infects the device and can give the hacker full access to it.
Brute Force attack
Obtaining a victim’s login credentials is easiest through a Phishing attack or through malware. But when those methods fail, some hackers go a step further by attempting to gain that information through a brute force attack.
Brute force attacks involve a script the hacker uses that makes a computer run through every possible combination of characters until the victim’s login password is discovered. The more complicated the password, the more difficult it is for this attack method to work.
Brute force attacks are the reason many online services use tools like Captcha at login, and lock an account after numerous failed login attempts. This attack method is also why it’s crucial to use complex passwords, and to avoid reusing passwords across different online services (since a hacker may use a discovered password for one account on others). Here are some tips for creating a complex password:
- Choose a password that’s at least 8 characters long
- Don’t use dictionary words
- Include a capital letter
- Include at least one number
- Include at least one special character, such as a question mark or exclamation point
Also, keep in mind that brute force attacks don’t only apply to online services. They can also be used to try to gain access to a file or a computer.
Did we already mention that you should avoid using dictionary words in your password? Brute force attacks aren’t the only reason why. Dictionary attacks are a type of attack that runs through a list of common words until your password is discovered—and it can try millions of possibilities.
In case we didn’t emphasize this enough already, choosing a dictionary word as your password makes your account or computer much easier to hack into. Even adding some numbers doesn’t make a dictionary word a wise choice for a password—since the malicious software that runs a Dictionary attack can do the same thing. So, again, do yourself fa favor and use complex passwords!
Distributed Denial of Service (DDoS) attack
We’ve seen a lot of stories in the news lately about DDoS attacks, or “Distributed Denial of Service” attacks. One example is the recent DDoS attack on GitHub.
A denial of service attack does just that: it denies a service, usually a website, from legitimate users by flooding the targeted site’s server with too many requests. Because the server can’t handle the load, no one is able to access the site. Usually, the flooding is done by commanding a large botnet to send requests to the targeted website, causing thousands if not tens of thousands of machines to respond to the command.
While DDoS attacks don’t pose a risk to your identity being stolen, they’re important to know about. They may affect a service you use regularly. And if you own a website, you should definitely familiarize yourself with this type of attack, as you may very well become victim to one someday.
Nation-state attack & Advanced Persistent Threat attack
While battles between nations may take place on the ground, the internet is allowing them to also take place online. Countries are rapidly developing offensive capabilities that allow them to gain access to their adversaries’ systems in order to collect intelligence or disrupt their operations. Nation-state attacks are attacks that are carried out by a country’s intelligence agencies or dedicated government agencies in order to perform these types of activities. They are often considered the most sophisticated and dangerous types of attack, as they use resources almost no cybercriminals have access to. An example of a nation-state attack is Stuxnet, perhaps the most famous malware in the world, which was designed to hurt Iran’s efforts to enrich uranium.
An Advanced Persistent Threat is another type of attack that can be carried out by a nation, though this type of attack can also be performed by a group of hackers. The goal of an Advanced Persistent Threat attack is to gain access to an internal network of a government organization or a company, and to steal information. It’s usually carried out through the use of Spear Phishing, with carefully crafted emails targeting key individuals in the organization. Once their computer is infected by malware, a backdoor is opened, allowing attackers to roam around the network until they uncover the information they’re after.
Why is it important to know about these types of attacks? Because attackers and nation-states may want to gain access to the organization you work for. In order to support the organization’s larger security efforts, employees must be familiar with these types of attacks, as they can have catastrophic consequences to an organization, or even to an entire country.
Did you enjoy this post? If so, subscribe to get a weekly roundup from BlogDOG.