Cyber Glossary

Antivirus Software that is designed to detect, stop and remove viruses and other kinds of malicious software
App Short for Application, typically refers to a software program for a smartphone or tablet
Attack (Cyber Attack) Malicious attempts to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means
Bitcoin One of the most popular forms of Cryptocurrency
Black Hat (Hacker) A malicious hacker – often one who does so purely for the challenge rather than any gain
Booter Used to implement a DoS or DDoS attack. Also known as a stresser
Botnet A network of infected devices, connected to the Internet, used to commit coordinated cyber-attacks without their owner’s knowledge
Browser A software application which presents information and services from the web
Brute Force Attack Using computational power to automatically enter a huge number of combination of values, usually in order to discover passwords and gain access
Certificate A form of digital identity for a computer, user of organisation to allow the authentication and secure exchange of information
Certified Ethical Hacker (CEH) A skilled professional who looks for weaknesses and vulnerabilities in target systems using the same knowledge and tools as a malicious hacker, but in a lawful and legitimate way
Closed Source Closed Source data can only be legitimately accessed by those with permission to do so and generally belongs to a company or organisation. The opposite is Open Source.
Cloud Where shared computer and storage resources are accessed as an online service instead of hosted locally.
Cryptocurrency A digital asset in which encryption techniques are used to regulate the generation of units of ‘currency’ and verify the transfer of funds, operating independently of a central bank
Cyber Security The protection of devices, services and networks — and the information on them — from theft or damage
Dictionary Attack A type of brute force attack in which the attacker uses known dictionary words, phrases or common passwords as their guesses
Denial of Service (DoS) Distributed DoS (DDoS) An attack involving the overloading of a website or web service (such as email) by bombarding it with multiple requests / data messages. If requests come from multiple origins simultaneously it is Distributed. Usually involves a botnet to carry out the attack. Stresser or booter software or websites may be used
Download Attack Drive-By Download The unintentional installation of malicious software or virus onto a device without the user’s knowledge or consent. May also be known as a drive-by download
Encryption A mathematical function that protects information by making it unreadable by everyone except those with the key to decode it.
Ethical Hacker A computer hacker or computer security specialist, who specialises in penetration testing or other security testing. Also see Certified Ethical Hacker and White Hat Hacker
Exploit May refer to software or data that takes advantage of a vulnerability in a system to cause unintended consequences
Firewall Hardware or software which uses a defined rule set to constrain network traffic to prevent unauthorised access to or from a network
Grey Hat (Hacker) A computer hacker who may sometimes violate laws or typical ethical standards, but does not have the malicious intent typical of a black hat hacker and often does legitimate work
Hacker Someone with computer skills who uses them to break into computers, systems and networks (legitimately or not)
Honeypot Honeynet Decoy system or network to attract potential attackers that helps limit access to actual systems by detecting and deflecting or learning from an attack. Multiple honeypots form a honeynet
Internet of Things (IoT) Refers to the ability of everyday objects (rather than computers and devices) to connect to the Internet. Examples include kettles, fridges and televisions
Kali (Linux) A type of Linux operating system which is preconfigured with computer security tools. A favourite with Black Hat hackers too
Keylogger Malware that once installed records all keystrokes from a keyboard and then send them back to the Cyber Attacker. Often reveals usernames, passwords, banking details
Linux A free computer operating system, which can run on the same hardware as Microsoft Windows. Often used to run servers which run the internet and intranets
Macro A small program that can automate tasks in applications (such as Microsoft Office) which attackers can exploit to gain access to (or harm) a system
Malware Malicious software – a term that includes viruses, trojans, worms or any code or content that could have an adverse impact on organisations or individuals
Network Two or more computers linked in order to share resources
Open Source Open Source data is that which is freely available if you know how and where to look. The opposite is Closed Source. An Open Source researcher is trained to look for openly available data.
Penetration Testing Pentest / Pentester Short for penetration test. An authorised test of a computer network or system by a Pentester designed to look for security weaknesses so that they can be fixed
Pharming An attack on network infrastructure that results in a user being redirected to an illegitimate website despite the user having entered the correct address
Phishing Untargeted, mass emails sent to many people asking for sensitive information (such as bank details) or encouraging them to visit a fake website. May result in the installation of Malware.
Ransomware Malicious software that makes data or systems unusable until the Victim makes a payment – usually in Bitcoin
Router The network device which allows multiple internet enabled devices to connect to other networks, usually over the internet
Smishing Phishing via SMS: mass text messages sent to users asking for sensitive information (e.g. bank details) or encouraging them to visit a fake website
Social Engineering Manipulating people into carrying divulging personal or technical information, or carrying out actions such as changing an email address, which is of use to a Cyber Attacker
Spear Phishing A more targeted form of phishing, where the email is designed to look like it’s from a person the recipient knows and/or trusts – such as someone in Management or from a finance department.
Stresser / Stressor Used to implement a DoS or DDoS attack. Also known as a booter
Trojan A type of malware or virus disguised as legitimate software. Often used to take remote control of a computer, or extract and send out confidential data
Virus Programs which can self-replicate and are designed to infect legitimate software programs or systems. May be purely destructive or have other aims. A form of malware
Virtual Private Network (VPN) Software which creates an encrypted network to allow secure connections for remote users, e.g. in an organisation with offices in multiple locations or allows home working
Vulnerability A weakness, or flaw, in software, a system or process. An attacker may seek to exploit a vulnerability to gain unauthorised access to a system
Water Holing Watering Hole Attack Setting up a fake website (or compromising a real one) in order to exploit visiting users
Whaling Highly targeted phishing attacks (masquerading as a legitimate emails) that are aimed at senior executives
White Hat (Hacker) An ethical computer hacker, or computer security specialist, who specialises in penetration testing or other security testing
Worm A self-replicating, self-spreading and self-contained program that spreads across a network
Zero Day / 0Day Recently discovered vulnerabilities (or bugs), not yet known to vendors or antivirus companies, that Cyber Attackers can exploit