Before diving into anything, understanding key terms is a must. Without grasping the proper meaning of those terms, it is impossible to construct a model of foundation and its intended purposes. For example, if you are driving, it is required to understand the notes attached to parts, their meaning, purposes, and functions.
Likewise, cybersecurity consists of many important security terms. Again, ignoring such terms creates much more confusion. This field regularly uses security terms and explaining to them each time is time-consuming and creates an unnecessary extension of irrelevant data and information. It is always better to have an in-depth understanding of these terms beforehand. Thus you don’t have to look to and fro each time they appear in any context. Below are some of the terms that you will regularly encounter in cybersecurity.
1. Risk
The possibility of suffering a loss in the event of an attack on the system is called risk. Remember, risk is a composite product of threats, vulnerability, and consequences. Business risks are notable and are generally noted as “rattling the door knobs” to see if someone is watching or responding. Through risk, hackers can gain access at the operating level, application level, or network level. Therefore, undertaking risk assessment is required for any organization to avoid potential incoming threats. Risk categories include:
• Confidential information
• Business credibility
• Business availability
• Resources
• Money
2. Vulnerability
A vulnerability is a flaw in the system that could be exploited to compromise the system. Attackers can disclose potentially sensitive information through the vulnerabilities they discover in any system. For example, window injection vulnerability can be exploited by an attacker to spoof the content of websites. There is a concept called vulnerability research which helps in discovering vulnerabilities and designing weaknesses that will open an operating system and its applications to attack or misuse. Therefore, it is always recommended to look in the internet archive on discovered vulnerabilities and their solutions. You can visit https://www.exploit-db.com/ for further information regarding discovered vulnerabilities and their exploitation.
3. Zero-day vulnerability
A vulnerability that is not known to the software developer or vendor bit is known to an attacker is called zero-day vulnerability. It is also the launching point for further exploitation of the web applications and environment. It seems bizarre but no security solution can claim that they will protect against all zero-day attacks. Do not panic, enforcing stringent security policies can avoid most of these attacks.
4. Exploit
An exploit is software/code that is used to take advantage of security bugs or vulnerabilities. The exploit can occur over a LAN, the internet, or as a deception, or theft. Some of the famous exploits include buffer overflows, denial of service, session hijacking, and password cracking. To gain access to the network system, attackers look for OS vulnerabilities and exploit them. Using software like SocketShield can prevent zero-day exploits. To simply say, vulnerability is an effect, and exploit is a cause. That’s why they are interrelated.
5. Threats
The possibility of danger that could exploit vulnerabilities is called threats. The possible threats could be determined by identifying the specific exploits that could cause such threats to occur. The pentest team can list the different security threats that each hardware device and software component might face and they might need to rate each exploit and threat arising out of the exploit to access the business impact. Tools like NETIQ security manager, STAT scanner, Nessus, McAfee virus scan can guard against unknown threats.
There are two threats:
i. Hardware threats which include power faults, equipment incompatibilities, accidental or malicious damages, problems with magnets, and typos (data get corrupted due to deletion or replacement of wrong files.
ii. Software threats include sharing data by all running programs at the same time which leads to damage of information.
6. Malware
A type of malicious software that can be used to obtain your sensitive information or delete them or modify files is called malware. Malware is very fickle in nature, as once some malware like W32/Voterai.worm.e starts, it will proceed in turning the user machine into a complete zombie machine. In fact, malware will disable almost every security software that may be installed on the machine and modify the system registry to disable almost any operation that the user may perform. Using Software like spyware Doctor, AdwareInspector is best to avoid and prevent malware.
7. Virus
Viruses are malware that replicates themselves and spreads throughout the system. They are perceived as a threat to both business and personnel as it operates without the knowledge or desire of the computer user. Some viruses are undetectable because they do not reside in the memory after the execution of the program instead, transform themselves by changing codes to appear different and make antiviruses impossible to detect. Like humans virus, computer viruses also have two phases:
i. Infection phase: viruses like direct viruses infect the system each time they are run and executed while some like TSR viruses infect only when users trigger them using time or a particular event.
ii. Attack Phase: After infection, attacking occurs. Corrupting systems, creating backdoors for hackers, deletion and increasing the session time, and so on occur in this phase.
There is a new term in virus terminology called virus Hoaxes. These are false alarms claiming reports about a non-existing virus. Warning messages propagating that a certain email message should not be viewed and doing so will damage one’s system. Being largely misunderstood, viruses easily generate myths. Most hoaxes, while deliberately posted, die a quick death because of their outrageous content.
8. Worms
Worms are almost like viruses except that rather than having to connect themselves onto something to spread. Worms are distinguished from viruses by the very fact that an epidemic requires some sort of human intervention to infect a computer whereas a worm doesn't. Worms spread through the infected network automatically. A worm takes advantage of file or information transport features on your system, which allows it to travel unaided. Antiviruses, Norman Virus Control, AdwareInspector, GalaxySpy, then on are the simplest tools to stop worms attacks.
9. Adware
Adware is malware that displays advertisements and collects data from user’s systems. In most cases, they are activated without the user’s consent when users try to install third party-software, unknown cracked software, or visiting fake links. They are very annoying and hard to remove because they do not allow users to perform their tasks and uses a huge amount of computer resources. Super ad Blocker, Anonymizer Anti-Spyware, Private Disk Multifactor are recommended tools to avoid the adware.
10. Trojan
The trojan is also malware that disguises itself as one thing but does something else. Malicious users are always on the opportunity to sneak into the network and create unwanted actions. This is where Trojan comes into play. In most cases, it is the absent-minded user who invites trouble by downloading files or being careless about security aspects. Thanks to them, with the help of a Trojan, an attacker gets access to stored passwords in the Trojaned computer and would be able to read personal documents, delete files and display pictures, and/or show messages on the screen. Tools like process viewer, MSConfig, and anti-Trojan software helps to detect and remove Trojans.
11. Spyware
Spyware is the type of malware that’s meant to spy on the user and their activities. Hidden cameras, voice recorders, laptops, mobile devices, and spy cameras carried by users are the major targets for spyware attacks. Many remote administration programs used by hackers to gain remote access to your computer often go undetected as antivirus software does not commonly protect from spyware. XoftspySE, Spyware Doctor, SPYWAREfighter are recommended tools to scan and remove spyware.
12. Keylogger
Keylogger is a common type of spyware that’s used to record every keystroke a user makes on their system. To capture data from the keylogger, an attacker must know the initial pairing process between the target keyboard and the target computer. The attacker uses a protocol analyzer to intercept all required information (IN RAND, LK RAND, AU RAND, SRES, and EN RAND). The attacker then uses the keyboard as a keylogger by intercepting all packets.
13. Ransomware
Ransomware is a popular type of attack that holds a user’s data or system hostage until some ransom is paid. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. It is part of the cryptographic attack called cryptoviral extortion. Without a decryption key possessed by an attacker, it is impossible to decrypt encrypted files and ransom payment security is to such extent it is extremely difficult to trace the receiver's details and payments are generally made in cryptocurrencies like bitcoin, and other untraceable currency.
14. Bots
Bots are compromised systems that have been attacked or are still in the attacker’s control and the collection of them is called botnets. Botnets are designed to utilize the power of internet-connected machines to perform some distributed function. The bot joins a specific IRC (Internet Relay Chat) channel on an IRC server and waits for further commands. The attacker can remotely control the bot and use it for fun and also for profit.
source:eccouncil.org (working of bots and botnets)
15. Backdoor
Backdoor is a way to get into a system if the other method to get into the system is not allowed. Most commercial anti-virus products can automatically scan and detect backdoor programs before they can cause damage (for example, before accessing a floppy, running exe, or downloading mail). Educate users not to install applications downloaded from the Internet and email attachments.
16. Rootkit
Rootkits are the collection of software or tools that an administrator would use. They are really hard to detect and always perform their task in stealth mode. Even firewalls and antiviruses cannot detect them. Rootkits require root access to install, but once set up, the attacker can get root access back at any time.
17. Logic bomb
The logic bomb is a type of malware/bits chunk of code that’s intentionally installed on system/software. Most of them include pirated software and games, cracked and fake serial software, unknown source installation, and so on. It is executed only if the assigned conditions are met. For example, while installing cracked software, users are asked if they want to install patches provided by third-party vendors. If given permission, their intended function is executed like patch installed message. Indeed patch contains malicious code or hidden payload, of course, nothing on the internet is for free. The executed file may seemingly work fine on the front-end, but on the back-end, its purpose starts with the deletion of data and files.
Comments