| Antivirus | Software that is designed
to detect, stop and remove viruses and other kinds of malicious software |
| App | Short for Application, typically refers to a software program for a smartphone or tablet |
| Attack (Cyber Attack) | Malicious attempts to
damage, disrupt or gain unauthorised access to computer systems, networks or devices,
via cyber means |
| Bitcoin | One of the most popular
forms of Cryptocurrency |
| Black Hat (Hacker) | A malicious hacker – often one who does so purely
for the challenge rather than any gain |
| Booter | Used to implement a DoS or DDoS attack. Also known as a stresser |
| Botnet | A network of infected
devices, connected to the Internet, used to commit coordinated cyber-attacks
without their owner’s knowledge |
| Browser | A software application
which presents information and services from the web |
| Brute Force Attack | Using computational power
to automatically enter a huge number of combination of values, usually in
order to discover passwords and gain access |
| Certificate | A form of digital identity for a computer, user of
organisation to allow the authentication and secure exchange of information |
| Certified Ethical Hacker (CEH) | A skilled professional who looks
for weaknesses and vulnerabilities in target systems using the same knowledge
and tools as a malicious hacker, but in a lawful and
legitimate way |
| Closed Source | Closed Source data can only be legitimately accessed by those with permission to do so and generally belongs to a company or organisation. The opposite is Open Source. |
| Cloud | Where shared computer and
storage resources are accessed as an online service instead of hosted
locally. |
| Cryptocurrency | A digital asset in which encryption techniques are used to
regulate the generation of units of ‘currency’ and verify the transfer of
funds, operating independently of a central bank |
| Cyber Security | The protection of
devices, services and networks — and the information on them — from
theft or damage |
| Dictionary Attack | A type of brute force
attack in which the attacker uses known dictionary words, phrases or
common passwords as their guesses |
| Denial of Service (DoS) Distributed DoS (DDoS) | An attack involving the overloading of a website or web service
(such as email) by bombarding it with multiple requests / data messages. If
requests come from multiple origins simultaneously it is Distributed. Usually
involves a botnet to carry out the
attack. Stresser or booter software or websites may be
used |
| Download Attack Drive-By Download | The unintentional
installation of malicious software or virus onto a device without the user’s
knowledge or consent. May also be known as a drive-by download |
| Encryption | A mathematical function
that protects information by making it unreadable by everyone except those
with the key to decode it. |
| Ethical Hacker | A computer hacker or computer security specialist, who specialises in penetration testing or other security testing. Also see Certified Ethical Hacker and White Hat Hacker |
| Exploit | May refer to software or
data that takes advantage of a vulnerability in a system to cause unintended
consequences |
| Firewall | Hardware or software
which uses a defined rule set to constrain network traffic to prevent
unauthorised access to or from a network |
| Grey Hat (Hacker) | A computer hacker who
may sometimes violate laws or typical ethical standards, but does not have
the malicious intent typical of a black
hat hacker and often does legitimate work |
| Hacker | Someone with computer
skills who uses them to break into computers, systems and networks
(legitimately or not) |
| Honeypot Honeynet | Decoy system or network
to attract potential attackers that helps limit access to actual systems by
detecting and deflecting or learning from an attack. Multiple honeypots form
a honeynet |
| Internet of Things (IoT) | Refers to the ability of
everyday objects (rather than computers and devices) to connect to the
Internet. Examples include kettles, fridges and televisions |
| Kali (Linux) | A type of Linux operating system which is
preconfigured with computer security tools. A favourite with Black Hat hackers too |
| Keylogger | Malware that once
installed records all keystrokes from a keyboard and then send them back to
the Cyber Attacker. Often reveals usernames, passwords, banking details |
| Linux | A free computer operating
system, which can run on the same hardware as Microsoft Windows. Often used
to run servers which run the internet and intranets |
| Macro | A small program that can automate tasks in applications (such as Microsoft Office) which attackers can exploit to gain access to (or harm) a system |
| Malware | Malicious software – a term that includes viruses, trojans, worms or any code or content that could have an adverse impact on organisations or individuals |
| Network | Two or more computers linked in order to share resources |
| Open Source | Open Source data is that which is freely available if you know how and where to look. The opposite is Closed Source. An Open Source researcher is trained to look for openly available data. |
| Penetration Testing Pentest / Pentester | Short for penetration test. An authorised test of a computer network or system by a
Pentester designed to look for security weaknesses so that they can be fixed |
| Pharming | An attack on network
infrastructure that results in a user being redirected to an illegitimate
website despite the user having entered the correct address |
| Phishing | Untargeted, mass emails
sent to many people asking for sensitive information (such as bank details)
or encouraging them to visit a fake website. May result in the installation
of Malware. |
| Ransomware | Malicious software that
makes data or systems unusable until the Victim makes a payment – usually in Bitcoin |
| Router | The network device which
allows multiple internet enabled devices to connect to other networks,
usually over the internet |
| Smishing | Phishing via SMS: mass
text messages sent to users asking for sensitive information (e.g. bank
details) or encouraging them to visit a fake website |
| Social Engineering | Manipulating people into
carrying divulging personal or technical information, or carrying out actions
such as changing an email address, which is of use to a Cyber Attacker |
| Spear Phishing | A more targeted form of
phishing, where the email is designed to look like it’s from a person the
recipient knows and/or trusts – such as someone in Management or from a
finance department. |
| Stresser / Stressor | Used to implement a DoS or DDoS attack. Also known as a booter |
| Trojan | A type of malware or virus disguised as legitimate software. Often used to take remote
control of a computer, or extract and send out confidential data |
| Virus | Programs which can
self-replicate and are designed to infect legitimate software programs or
systems. May be purely destructive or have other aims. A form of malware |
| Virtual Private Network (VPN) | Software which creates an
encrypted network to allow secure connections for remote users, e.g. in an
organisation with offices in multiple locations or allows home working |
| Vulnerability | A weakness, or flaw, in
software, a system or process. An attacker may seek to exploit a
vulnerability to gain unauthorised access to a system |
| Water Holing Watering Hole Attack | Setting up a fake website
(or compromising a real one) in order to exploit visiting users |
| Whaling | Highly targeted phishing
attacks (masquerading as a legitimate emails) that are aimed at senior
executives |
| White Hat (Hacker) | An ethical computer hacker, or computer security specialist, who specialises in penetration testing or other security testing |
| Worm | A self-replicating,
self-spreading and self-contained program that spreads across a network |
| Zero Day / 0Day | Recently discovered
vulnerabilities (or bugs), not yet known to vendors or antivirus companies,
that Cyber Attackers can exploit |
