Cybersecurity Encyclopedia

What is an Advanced Persistent Threat (ATP)? An advanced persistent threat (APT) is a stealthy threat actor, typically a nation-state or state-sponsored group(s), which gains unauthorized access to computer networks and remains undetected for an extended period. Key Takeaways APT is a stealthy threat actor that gains unauthorized access to systems and remains undetected APT threat actors’ motivations are typically economic or political Cybercriminals target major business sectors and government agencies APT’s median dwell-time is 78 days Impacts of APT include theft of intellectual property and total site takeovers Organizations can prevent APT attacks through proactive and robust security controls … Read more

What is Adware? Adware can be safe for users and a valid business advertisement-supported software. However, not all adware programs are genuine. Some are manipulative and open doors for malicious activities. Developers create adware for advertising other software to earn money. Key Takeaways Some adware can be safe for users and a valid business advertisement-supported software, but others are manipulative and open door for malicious activities Malicious adware displays unwanted advertisements on your computer Adware can change your browser’s home page or install spyware without your knowledge Madware is an adware that infects mobile devices like tablets and smartphones You … Read more

What is Antimalware? An antimalware is a software program designed to enhance computer security by identifying, preventing, and eliminating malicious programs—the software targets malware such as worms, viruses, Trojan horses, spyware, and adware. The antimalware scans computer systems to detect any malicious program that manages to infiltrate networks. Many IT experts regard these software programs as one of the best security tools to enhance computer security and protect personal information. Key Takeaways An antimalware is a software program designed to enhance computer security by identifying, preventing and eliminating malicious programs. The security protects against advanced malicious threats, while antivirus focuses … Read more

What is Banner Grabbing? Banner grabbing is a technique used by hackers and security teams to gain information about a computer system on a network and services running on its open ports. A banner is a text displayed by a host server containing details like software type and version running in a system or server. The welcome screens divulge software version numbers and other system information on network hosts, giving cybercriminals a leg up on attacking the network. Banner grabbing involves getting software banner information, such as name and version. Hackers can perform banner grabbing manually or automatically using an … Read more

What is Cloud Security? Cloud security, also known as cloud computing security, encompasses a broad range of controls-based technologies, policies, and procedures that enterprises deploy to protect data, information, applications, communication channels, and infrastructure in the cloud. As with on-premise systems and data, businesses should vigilantly protect cloud-based information assets. Key Takeaways Cloud security refers to controls, processes, and technologies used to protect information and systems in the cloud. Cloud security safeguards cloud data, supports regulatory compliance, and protects user privacy Cloud computing security is essential since it protects applications and information from frequent and sophisticated cyber threats in the … Read more

What is Cross-Site Scripting Cross-site scripting (XSS) is a client-side code injection attack. The web security vulnerability allows an attacker to compromise the interactions that users have with a vulnerable application. In XSS attacks, a hacker executes malicious scripts in a victim’s web browser by including malicious code in a legitimate web page or web application. In this case, the cybercriminal circumvents the same-origin policy designed to segregate different websites from each other. The actual attack occurs when a victim visits the web page or web application that executes the malicious code. The web page or web app becomes a … Read more

What is a Cyberattack? A cyberattack is a malicious activity that cybercriminals launch using different tactics against systems and networks. Hackers use cyberattacks to expose, gain unauthorized access, alter, steal, destroy, or make unauthorized use of information assets. Cybercriminals engage in offensive maneuvers that target information systems, infrastructures, computer networks, and personal devices to access information, restricted areas, and controls of systems without authorization. Key Takeaways A cyberattack is a malicious activity that hackers launch to steal data and disable systems Cybercriminals use various methods like malware, ransomware, and denial of service to launch cyberattacks A cyberattack can be active, … Read more

What is Cybersecurity? Cybersecurity consists of processes, procedures, and tools that businesses and individuals use to protect computers, servers, mobile devices, networks, applications, electronic systems, software, and information from malicious cyberattacks. Businesses and individuals use cybersecurity to prevent unauthorized access to information and systems. Key Takeaways Cybersecurity features the measures and processes businesses and individuals put in place to protect hardware, software, and data from unauthorized access There are various elements of cybersecurity like network security, application security, information security, operational security, disaster recovery, business continuity, and end-user education Threats affecting cybersecurity include malware, ransomware, social engineering, and phishing Effective … Read more

What is Defense in Depth (DiD)? In the context of information security, Defense in Depth (DiD) is a strategy that utilizes a series of security approaches and controls. These security protocols are typically layered across the entire computer and system network to safeguard the integrity, confidentiality, and availability of the network and data. We must acknowledge that there is no single definitive solution to mitigate against all cyber threats. However, using various security approaches provides a sense of comprehensive protection against a wide variety of prevalent and emerging threats. DiD also helps incorporate redundancy in case one mechanism fails. Simply … Read more

What is a Denial of Service? A Denial of Service (DoS) attack is a malicious activity meant to shut down a system or a network, making it inaccessible to intended users. Hackers launch DoS attacks by flooding target systems with traffic or sending information that causes a network to crash. In both situations, the DoS attack deprives legitimate users, such as employees, members, and account holders, of the system resources or services. A DoS attack is analogous to a group of idlers crowding a shop’s entry door, making it hard for legitimate customers to enter, thus disrupting operations. Key Takeaways … Read more

What is Eavesdropping?   Merriam-Webster dictionary defines eavesdropping as the act of secretly listening to something private. In computer security, eavesdropping refers to the interception of communication between two parties by a malicious third party. An eavesdropping attack, also known as snooping or sniffing attack, is the theft of information transmitted over a network by a digital device such as a computer, smartphone, or IoT device. The attack exploits vulnerabilities in unsecured network communications to access data illegally. Key Takeaways Eavesdropping is secretly or stealthily listening to others’ private communications without their consent to gather information. Eavesdropping is regarded as … Read more

What is Encryption? Encryption is a security control that alters information from a readable to random format to prevent unauthorized access. Encryption mechanisms convert a human-readable plain text to incomprehensible ciphertext. Key Takeaways Encryption is a process scrambling data to prevent unauthorized parties from accessing or modifying information Encryption uses a cryptographic key that a sender and receiver use to decode information Symmetric and Asymmetric encryption are the two main types of encryption Some of the benefits of encryption include improving privacy, enhancing security, protecting data integrity, and supporting compliance https://cyberexperts.com/wp-content/uploads/2020/12/What_is_a_Encryption4.mp4#t=1 The Encryption Process Encryption uses a cryptographic key, which … Read more

What is Espionage? Merriam-Webster defines espionage as “the practice of spying or using spies to obtain information about the plans and activities, especially for a foreign government or competing company. Espionage in cybersecurity refers to a form of cyberattack where hackers steal classified, sensitive data or intellectual property to gain an advantage over a competitor or another government entity. Espionage involves collecting intelligence by obtaining information that is not publicly available using human sources and technical means. Key Takeaways Cyber espionage is a form of cyberattack that involves the theft of classified, sensitive data, or intellectual property Espionage targets both … Read more

What is a Firewall? A firewall is a network security solution that monitors incoming and outgoing network traffic to permit or block data packets based on defined security rules. Packets refer to data pieces formatted for internet transfer. They contain details such as the source and destination’s IP addresses and the message content. A firewall uses this packet information to allow or block network traffic based on a ruleset. Just like the name suggests, a firewall solution acts as a barrier between a company network and external Internet and other sources. The security systems analyze and block malicious network traffic, … Read more

What is an Insider Threat? An insider threat is a security risk that originates within an organization. Insider threat actors include current employees, consultants, former employees, business partners, or board members A 2019 Verizon Data Breach Investigation Report reveals that 34 percent of data breaches involve internal actors. Seventeen percent of all sensitive files in a company are accessible to every employee, according to a 2019 Varonis Data Risk Report. Key Takeaways An insider threat originates within an organization An insider can be a current employee, consultant, former employee, business partner, or board member 34 percent of all data breaches … Read more

What is Malware? Malware is a contraction of malicious software. The umbrella term refers to viruses, worms, trojans, and other malicious computer programs hackers use to gain unauthorized access to systems and data. Malware encompasses any program that causes damage to a computer, server, or network, regardless of the technology used to create malicious software. Key Takeaways Malware is any computer program intended to exploit systems, gain unauthorized access, and steal information. A malware falls under different categories, based on the way they spread worm, virus, or trojan You can also categorize malware based on their activities, for example, spyware, … Read more

What is a Man-in-the-Middle Attack? Man-in-the-middle (MITM) attack is a common attack method where hackers eavesdrop on an active communication channel between two users. As the name implies, the attackers position themselves in a spot to intercept the communication and retrieve essential information. Key Takeaways In MITM attacks, hackers eavesdrop on active communication channels between two users to steal confidential information The most common method of executing the attack is leading two victims to believe they are communicating with each other while attackers intercept all their communication. Hackers use methods like sniffing and session hijacking to execute man-in-the-middle attacks. The … Read more

What is Network Security? Network security refers to an organization’s strategy, technologies, devices, procedures, and other provisions for ensuring the security of information assets and all network traffic. It encompasses all physical and software measures that a business puts in place to protect networks from unauthorized access, misuse, destruction, and modification by insiders (employees, contractors, vendors) and outsiders (cybercriminals, hacktivists, other intruders). Network security features rules and configurations that companies design and implement to protect the integrity, confidentiality, and accessibility of computer networks and data. Key Takeaways Network security encompasses technologies and process that protect network components and traffic from … Read more

What is Phishing? Phishing is a method that hackers employ to collect personal data using deceptive websites and emails. The goal is to trick the victim into believing that a message, a website, or an attachment is something they want or need. Hackers use deception to trick employees into clicking phishing emails. For instance, they create emails masquerading as requests from banks, additional information from vendors, or an urgent note from a colleague or manager. Key Takeaways Phishing is an attack method that uses deceptive emails and websites to steal confidential information In phishing, an attacker masquerades as a trusted … Read more

What is Ransomware? Ransomware is a malware that encrypts a victim’s files and systems. The malicious program prevents you from accessing your systems or files. The attacker demands a ransom from the target to restore access to files. In ransomware attacks, hackers display instructions on how victims can pay the ransom in exchange for the decryption key. Key Takeaways Ransomware is a form of malware that encrypts user files until a victim pays a ransom Ransomware infects computers through phishing, malvertising, or exploiting other security holes Ransomware from phishing emails increased 109 percent between 2017 and 2019 Ransomware targets both … Read more

What is a Social Engineering? Social engineering involves tricking a user into divulging sensitive information or taking action that enables a hacker to gain unauthorized access to systems. In social engineering attacks, hackers take advantage of a potential victim’s natural tendencies and emotional reaction. Attackers use social engineering tactics because is it easier to exploit your natural inclination to trust that it is to discover other ways to hack your systems. It is easier to fool someone into sharing their password than it is for a criminal to try to hack the password unless it is feeble. Key Takeaways Social … Read more

What is Spam? Spam is unsolicited bulk messages sent to multiple recipients. It is the use of messaging and emailing systems to send unsolicited messages to large numbers of recipients for commercial adverting and other prohibited purposes like phishing. Key Takeaways Spam is unsolicited bulk messages sent to multiple recipients Spam has evolved from an annoyance to criminal enterprise, and from hobby to profit-driven attack. Spam became prevalent in the 1990s with the increased availability of domains Spam unwanted messages swamp messaging and email systems, drowning out important messages Spam affects emails, instant messaging, blog, and social media Do not … Read more

What is a Spyware? Spyware is malicious software that infiltrates your computer to steal sensitive information. Spyware is a form of malware that gains access and causes damage to your systems, often without your knowledge. Spyware collects a victim’s personal information and sends to advertisers, data firms, or other users. Key Takeaways Spyware is malicious software that infiltrates your computer to steal sensitive information Spyware is a form of malware that gains access and causes damage to your systems, often without your knowledge Cybercriminals can use personal information from spyware to steal personal identity Spyware types include adware, trojan, tracking … Read more

What is SQL Injection? SQL injection is a code injection technique that might destroy a database. Code injection is the exploitation of a computer bug that results from processing invalid data. Attackers use injection to introduce or inject code into a vulnerable application or change the course of execution. SQL injection is one of the most common web hacking techniques where hackers place malicious codes in SQL statements via web page input. Key Takeaways SQL injection is a code injection technique that destroys databases SQL injection occurs when attackers give SQL statements in web applications that require user input The … Read more

What is a Supply Chain Attack? A supply chain attack, also known as a value-chain attack, occurs when a cybercriminal attacks your systems through an external partner or service provider with access to your network and data. The attack seeks to damage an organization by targeting less-secure elements in the supply chain. With more suppliers and service providers getting access to your network, the supply chain attack is dramatically changing an enterprise’s attack surface. Key Takeaways A supply chain attack occurs when hackers attack organizations through an outside service provider or partner SolarWinds incident and FireEye breach are prime examples … Read more