Advanced Penetration Testing
Advanced penetration testing is the process of carrying out a simulated attack on network environments, computer systems, and applications in order to discover vulnerabilities.
Advanced Persistent Threat
An Advanced Persistent Threat is a user or a program executing a continuous cyber attack, targeting a specific entity in order to infiltrate systems and steal sensitive data.
The term "bot" originates from the word robot and stands for a remotely controlled computer, which can run tasks automatically. A botnet is a whole network of bots, which can be used to execute cyber attacks. Attackers usually infect computers with malware to take over control and build a botnet which can then be controlled remotely. This gives the cybercriminals a powerful set up to launch a variety of attacks, ranging from simple spamming to sophisticated denial of service attacks (DDoS attacks).
Brute Force Attack
A Brute Force Attack is performed in order to gain access to information which is encrypted, e.g. passwords or Data Encryption Standard Keys. This method uses a trial and error approach to guess passwords by using programs which systematically run through all the possibilities. The higher the encryption standard or the stronger the password respectively, the longer this attack needs to run to successfully obtain the information.
Cybersecurity, also referred to as Information Technology Security, is defined as processes, techniques, and resources in place to protect an organization's hardware, software, data, information and any system connected to cyberspace from being damaged, stolen or misused.
Distributed Denial of Service (DDoS)
A Distributed Denial of Service is an attack using numerous hosts to overwhelm and drown a system, by sending a massive amount of requests of data to a single target, such as a website, a server or a network, causing the target to be disrupted or even crash completely.
End-to-end encryption is a method of communication between a system to another. The information sent is encrypted before being transferred through a network, to prevent third parties to access or tamper with the data. This allows only the communicating users to read the messages sent.
A false positive, often encountered in vulnerability scanning of a network, is a security alert that incorrectly states that malicious activity is occurring.
A firewall is a network security system that controls and monitors network traffic, both incoming and outgoing, based on a set of defined security rules. A firewall, therefore, is able to block unauthorized access and can prevent malicious activity and attacks such as viruses or worms entering a network.
Forensics, or Cyber Forensics, is a method of electronic investigation to gather, retain and analyze data, in order to determine, reveal or prove criminal activity.
A honeypot is a cybersecurity technique whereby a server is set up (or many servers, which is then referred to as a "Honeynet"), to entice criminals to attack it. The honeypot ideally looks like a legitimate target, but has intentionally built-in vulnerabilities, to attract the hackers. The purpose of setting up a honeypot is to learn how the attackers approach the vulnerabilities and also to divert the criminals from actual high-value assets.
A hunter, or cyber threat hunter, is an information security professional, who seeks/hunts to identify, contain and remediate anomalies and cyber threats inside a network.
Cyber Intelligence, also referred to as 'Threat Intelligence", is a special form of information collected from various sources such as the indexed web, the deep-web, and the dark-net. The purpose of this collection is to constantly have the latest knowledge on cyber threats, in order to minimize risks of companies and act proactively against attacks.
Malware is a phrase used to describe all types of software which are designed to damage or disable IT-systems. Common examples of malware are viruses, worms, trojans, and ransomware.
Phishing is a method used by cybercriminals to trick individuals to reveal sensitive information, most common passwords or financial information such as credit card numbers. A typical approach is to send legitimate looking emails including a link or an attachment which if clicked on, installs malware on the receivers system or prompts the individual to enter sensitive information.
Ransomware is a type of malicious software that will encrypt the targets system and deny the user to access it. To regain access, the attackers demand a ransom payment.
Security Operations Centers (S.O.C.)
The S.O.C. team is responsible for the operational component of enterprise information security. Security operations center staff is comprised primarily of security analysts who work together to analyze, detect, respond to, report on, and prevent cybersecurity incidents as well as doing containments, forensics, and remediations if an incident has happened. The first step in establishing a S.O.C. is to identify assets and doing a cyber assessment across the organization in order to define a strategy that incorporates business-specific goals from various departments. Along the strategy, a SIEM system to collect events from the sensors (such as firewalls, Industrial control systems, endpoints …) will be installed. The security operations center monitors incoming events being marked as alerts and distinguishes them between false positives and positives. The team either responds directly to the positives or send them to the deeper S.O.C. levels (Tier 3,4) for further investigations. The S.O.C. either directly eliminates incidents or assists the organizational incident response teams to fix them.
Spear-Phishing is a type of Phishing, in form of a targeted attack. Cybercriminals thereby send emails to targeted individuals, which contain e.g. an attachment with malicious software or a link that downloads malicious software. Unlike Phishing attacks whereby e.g. emails are usually sent to masses of people and all have the same format, Spear-Phishing often involves emails in disguise, which look legitimate as they seem to be sent by a person or organization the receiving party knows.
Spoofing is a practice of cybercriminals whereby they pretend to be a known source to the user or receiver of a message and trying to obtain sensitive information. Common forms of spoofing include e-mail spoofing, IP spoofing, and website spoofing.
Spyware is a type of malicious software used by cybercriminals to spy on individuals and thereby gain access to sensitive information.
A Trojan Horse is a type of malicious software, often disguised as legitimate looking software, that enables cybercriminals to fully access a computer system remotely. This malware will breach the system, for example allowing the hacker to download files from the system or even observe the user's keystrokes.
Virtual Private Network (VPN)
A Virtual Private Network (VPN) is a tool that allows the user to utilize a private network which is built over a public infrastructure (e.g. the internet). It enables the creation of a secure connection to another network over the Internet. This essentially masks the user's location and enables the user to browse the internet anonymously.
A Virus is a type of malicious software designed to spread from host to host and replicate itself by altering other software and inserting its own code. Viruses can cause software damages, steal or erase data and even cause a denial of service (DNS) incidents.
A Whitehat hacker is an information security professional, who utilizes his hacking know-how for ethical purposes to e.g. support organizations to strengthen their cybersecurity competence. A blackhat hacker on the other side usually intends to perform criminal activities.
A worm is a type of malicious software which is able to replicate itself and spread to other IT-systems by e.g. using network connections. The difference to a virus is that a worm stays a separate entity and does not need to be attached or inserted to other files. Mostly worms do not cause direct damages as for example viruses do, however they can have strong negative effects on networks if they have a high bandwidth consumption.
Zero-days usually result from vulnerabilities in the code of software, which are unknown to the software maker or the public. The term comes from the fact that developers have "zero-days" from the time the weakness was discovered to protect against a potential cyber breach.