Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Cyber Security A to Z

Written by  Jul 09, 2019

The world of cyber security is wide-ranging and fascinating, and one that must adapt and move as quickly then those who seek to compromise it. But as cyber security technology grows and expands, so does the vocabulary associated with it.

To get your head around the world of cyber security, the first step is learning the language. Some words might sound familiar, but will quickly realise they have different implications in the context of cyber security, others might be completely new to you. Have a read of our cyber security glossary and learn the new lingo that is redefining how we protect ourselves in the digital world.

But first, what exactly is cyber security?

The term ‘cyber security’ refers to the protection of computer networks, data and programs, with the intention to deny any unauthorised access and prevent malicious attacks.

A ‘cyber incident’ refers to one of the following:

  • An attempt to gain unauthorised access to a system and/or data
  • Disruption that has been caused by or is a side effect of malicious intent
  • Unauthorised usage of data processing or storage systems
  • Changes to a system’s hardware, software or firmware without the system owners or administrators consent.

The below is a selection of some of the most important, confusing or emerging words in the cyber security lexicon. If you think we have missed anything or want to see something included, do let us know.

A

Advanced Persistent Threat

Also known as an APT, this term refers to a type of attack that uses sophisticated methods and significant resource over a sustained period of time. The attack will usually come via multiple entry points (cyber, deception and possibly even physical) and are difficult to stop once they have begun. Due to the sophistication of these attacks, they are usually targeted at large organisations or governments.

Adware

Adware stands for advertising malware; it is a type of malicious software that presents unwanted advertisements using intrusive and disruptive techniques. It could manifest itself in the form of endless popups, or use a type of spyware that tracks your online activity to make the adverts more targeted.

B

Biometric

This refers to the human body’s measurements and statistics. Biometric technology uses these details as a form of identification and access control.

Bot

A computer or device that is connected to the internet and has been compromised with malicious logic, is performing malicious activities and is in control of a remote administrator. Also known as a zombie.

A botnet is a network is compromised devices, that work together to commit coordinated cyber attacks. The controller of such an attack is called a bot herder or bot master.

Browser hijacker

A type of unwanted software that takes control of a computer or device’s browser without the users permission. This software comes in many different forms, from mimicking a familiar website to drive traffic elsewhere or using spyware or keyloggers to gain a user’s personal or secure information.

Brute force attack

A type of attack wherein a malicious computer programme is used to enter vast quantities of letter and number combinations to uncover passwords and gain access. These attacks are why it’s so important to have a password that combines letters, numbers, different cases and special characters.

C

Cipher

This is sometimes used as another word for ‘code’. It’s an algorithm that encrypts and decrypts data.

Cross Site Scripting

Also known as XSS, this is a common software vulnerability typically found in web applications. It allows malicious attackers to inject user-facing script or overwrite access controls

D

DDOS

Distributed denial of service attack. Different from a standard denial of service (DOS), this type of attack focuses on multiple computers and several internet connections to overcome the targeted resource.

Deepfake

A combination of deep learning and fake, deepfake uses artificial intelligence to synthesise false videos or pictures of humans. As the technology advances, deepfake becomes harder to spot and could be a potential threat to cyber security.

Digital Forensics  

The process of collecting, preserving, extracting and analysing digital evidence and data for investigative purposes.

E

Exploit kit

A set of computer programmes that, when deployed, uncover system or software vulnerabilities and use them to input harmful code.


Cloud Computing Security: Foundations and Challenges
amazon uk

F

Form Grabber

A type of malware that scans log-in data and credentials before it is passed over to a secure server. It is even more effective than Keylogger malware, as it has the ability to retrieve credentials even if someone is using auto-fill or a virtual keyboard

G

GCHQ

Government Communications Headquarters. They discover and use intelligence to help combat terrorism, cyber crime and child pornography.

H

Hashing

A way of disguising a piece of data by using a mathematical algorithm. It is often used to encrypt a piece of data, so it can be transported safely, and decrypted once it has been received.

Honeypot or Honeynet

A system that has been setup with intentional vulnerabilities, with the intention to attract attackers. The attack is then studied for techniques and methods and used to improve security methods.

I

Information security

At face value, you might think this term means the same as cyber security. However, it specifically refers to the protection and integrity of data and information. Sensitive information might be retained offline, and so the method of storage and access must be secure.

Inside(r) Threat  

When a person inside a company jeopardises or compromises company security by violating security policies, whether that be intentionally or unintentionally.


CEH v10 Certified Ethical Hacker Study Guide
amazon uk

K

Keylogger

A type of malware that records what keys are pressed on a keyboard in order to extract security credentials or other sensitive information.

L

Logic bomb

A piece of malicious code that is inserted into a system and activated when a particular action is carried out.

M

Malvertising

The method of using online advertising to implant malware.

Malware

Malicious software that has the potential to negatively impact people or organisations.

Man-in-the-middle Attack

Also known as MITM, this is where an attack positions itself between two people or systems who believe they are communicating directly with each other. It is used either to harvest the information being transmitted or perhaps to alter it.

N

National Cyber Security Centre (NCSC)

Part of GCHQ, this is a UK government organisation that offers advice and support to the public and private sector on how to avoid and prevent cyber security threats, attacks and breaches.

P

 Passive attack

This is when a system is monitored or scanned for information, but no action is taken against or within the system. Due to their nature, passive attacks are much more difficult to detect.

Password sniffing

The act of spying on or monitoring network traffic in order to extract password data.

Penetration testing

Also known as a pen test or pen testing, it is the practice of testing a computer system, network or web application to locate and expose security weaknesses. Sometimes known as ethical hacking.

Pharming

In the world of cyber security, this has nothing to do with genetically modifying plants. It refers to when a user is redirected to an illegitimate website, despite having entered the correct address. It’s used to extract details like passwords and account details.

Phishing

Emails that appear to be from legitimate companies that trick or coerce the user to reveal passwords or account details, usually by leading them to a fake website.

R

Ransomware

The clue is in the name. This is a type of malware that restricts access to or encrypts the contents of someone’s computer or device, and asks them for money to be paid in order for access to be restored.

As is typical with ransom cases, there is no guarantee that access will be restored once the money has been paid. The most effective protection against this is to backup your data in several different places, to make it more difficult for your digital property to be commandeered.

Remote Access Trojan

Also known as a RAT, this is definitely a pest you don’t want in your computer. A RAT is a malware programme that takes control of a system using a remote network connection. It infects the computer and gives the attacker complete access to all the data on that device. It is typically installed without the users knowledge and can enlist the PC into a botnet.

S

Shoulder surfing

A more old-fashioned practice, but one that is always worth watching out for, shoulder surfing is the simple act of looking over a users shoulder to extract sensitive data such as a password, PIN or other private details.

Smishing

Smishing is the same as phishing, except the contact comes in the form of a text message.

Social engineering

This type of attack takes advantage of people’s natural instinct to trust others and take things at face value. It could come in the form of impersonation, lies, psychological tricks and even threats, and is used to extract sensitive data such as passwords and other details that will grant the attacker unauthorised access to their target.

Spear phishing

While phishing attacks usually come in the form of mass, untargeted emails, spear phishing is a highly personalised and planned attack designed to look like it’s from someone the recipient knows or trusts. It will often be delivered with a sense of urgency that helps to side-step the victim’s suspicions and leaves them no time to double check information.

Spoofing

This is essentially disguising an online communication with a malicious intention as something benign. Spoofing can come in the form of emails, caller ID, entire websites, IP addresses and more. They are best spotted by closely checking an email sender or website address, and watching out for spelling mistakes or strange use of grammar.

Advertisement


Cybersecurity Essentials
amazon uk

Spyware

A type of malware that spys on a victim’s computer or device usage to extract sensitive information without their knowledge. Keyloggers and screen scrapers are both types of spyware.

Steganography

The practice of concealing a file, video, message or image inside another file, video, message or image so it can be transmitted covertly.

T

Trojan horse

Inspired by the Trojan Horse of greek mythology, in cyber security it means a computer program that appears to have a useful function, but has a true purpose of breaching the security of a computer system. It relates to anything that misleads the user about its true intent.

Typhoid adware

You’re most at risk of coming across typhoid adware when you use a public, non-encrypted wifi hotspots. It works by injecting advertising in whatever website you’re using, and does not need adware to be installed in order to be effective – meaning antivirus software would have no effect. The ads themselves are not harmful, but if acted upon have the potential to be.

U

URL injection

Quite literally, this means injecting your site URL so the user is directed to a page created by the hacker. The new page usually contains spam links that lead to malicious locations or outcomes. URL injections occur when there is a vulnerability in the software used to operate your website.

V

Vishing

Vishing is just like phishing, except it happens on the phone. On the other end could be a computerised voice giving you some sort of warning unless you act immediately, or it could be an actual person asking you to follow instructions or divulge security details. As with phishing, smishing, spear phishing and social engineering, urgency is usually applied in an attempt to sidestep any kind of urge to double-check or second guess.

W

Wabbits

Much like the animals biological tendency to reproduce, a wabbit is a type of computer programme that replicates itself repeatedly, with malicious side effects. It does not infect other computers.

Water-holing or Watering Hole Attack

Inspired by a wild predators technique of attacking their prey during a visit to the watering hole, this is a type of cyber attack that is highly targeted towards a specific group of people, who perhaps all work for the same organisation, within the same industry or live in the same region.

The attacker tends to collect information about websites that this group of people frequent and then infects one of those websites with malware. Once one person has fallen foul to the malware, the attacker then uses that breach to access a wider associated network.

Whaling

Highly targeted phishing attacks that are specifically aimed at senior executives who have a high level of access permissions.


Cybersecurity for Beginners
amazon uk

Worm

A worm is similar to a wabbit, except it uses network capabilities to spread itself across multiple computers.

Z

Zero-day

A newly discovered vulnerability or bug that is therefore unknown to the wider cyber security industry and ripe for exploitation.

Zombie

Much like the undead, being in possession of a zombie computer is quite a frightening concept. It’s when a computer, which appears to be functioning normally, has actually been compromised by a hacker that has remote access and uses it to carry out malicious tasks, such as spreading spam, launching cyber attacks or sending infected data to other computers. Usually the user will be unaware that their computer has become zombified.

Have we missed one that you think that it should be? comment below.


Did you find this article useful? Comment below or follow us on
Facebook, Twitter or LinkedIn.

2 comments

  • karen reed
    Comment Link karen reed Wednesday, 26 February 2020 10:20

    Are you going to keep this list up to date?

  • Paula Stevens
    Comment Link Paula Stevens Tuesday, 09 July 2019 20:03

    Excellent info keep it up!

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Advertisement

Popular News

May 06, 2020 IT Security News

Popular VPNs Exposed Users to Attacks

Researchers analysed some of the most popular VPNs and discovered that two of them were affected by vulnerabilities that...

May 22, 2020 Cyber Security

EasyJet will be sued over customer data breach

Legal firm PGMBM, a specialist in group legal action, has issued a class action claim under Article 82 of the General Da...

May 19, 2020 IT Security News

EasyJet data breach: Over 9 million customers affected

The personal data of over 9 million EasyJet customers has been infiltrated by hackers, including over 2,000 users' credi...

May 18, 2020 Cyber Security

UK power grid operator Elexon hit by cyberattack

The UK’s power grid middleman Elexon has announced it has fallen victim to a cyberattack, which did not compromise pow...

May 05, 2020 Cyber Security

The importance of cybersecurity for UK businesses

Technology is constantly changing and at a pace which is hard to keep up with, but 'safety first' always applies. ...

May 11, 2020 Cloud Security News

Tips to help secure your cloud data in the UK

In this digital age, it’s not a great idea to trust someone with your sensitive data. ...

Apr 01, 2020 IT Security News

Online privacy is all but gone, say Brits

Nearly 80% of UK consumers believe they have lost any real control over how their personal data is collected and used by...

Apr 10, 2020 IT Security News

The importance of security for UK office printers

When it comes to digital security, we tend not to think about printers as they are often seen as dumb devices with a few...

May 07, 2020 Cyber Security

Three quarters of UK homeworkers haven't received cybersecurity training

As Covid-19-related cybersecurity threats continue to multiply, three in four of home workers are yet to receive any cyb...

May 14, 2020 IT Security News

Windows 10 is getting DNS over HTTPS (DoH) support

DNS is one of the last protocols that still runs unencrypted on the Internet. ...

Apr 11, 2020 IT Security News

Tips for testing an IT security experts worth in the UK

There is no shortage of people presenting themselves as security experts. Some of them truly are, the others may or may ...

May 20, 2020 IT Security News

To VPN or not to VPN for business users

It’s a question many organisations are asking as they work to provide secure and reliable remote access at scale. ...

May 27, 2020 Cyber Security

UK scared cybercriminals will use NHSX Covid-19 Tracing App to launch attacks

Nearly half (48%) of the UK public surveyed about the NHSX COVID-19 tracing app do not trust the UK government to keep t...

May 25, 2020 Cyber Security

Beware of security threats before deploying remote working

Remote working is receiving a great deal of attention recently for obvious reasons. The world has changed and remote wor...

Apr 22, 2020 IT Security News

Kaspersky shares 10 security and privacy tips when using Zoom

The recommendations from Kaspersky come following recent concerns regarding Zoom's security and privacy. ...

Apr 07, 2020 IT Security News

Eighty per cent of exposed Exchange servers remain unpatched

Over 350,000 Microsoft Exchange servers have not been patched against the CVE-2020-0688 post-auth remote code execution ...

Advertisement
Symantec Home 120x60

Advertisement