Cybersecurity Malware and Malicious Code
Social Engineering
A completely non-technical means for a criminal to gather information on a target. It is an attack that attempts to manipulate individuals into performing actions or divulging confidential information
Computer Ports
A connection point or interface between a computer and an external or internal device.
Botnet
A widespread network of zombie computers that can be commanded to perform a widespread attack on a computer or network (DDoS)
Bot
A zombie computer infected by malware that "calls home" to a command and control center for further instructions after it infects a computer.
Rogue Access Points
Access point is a wireless access point installed on a secure network without explicit authorization.
Zero-day
An attack that tries to exploit software vulnerabilities that are unknown, or undisclosed, by the software vendor.
SQL Injection
Application or web attack that exploits the failure to validate database queries.
Adware
Displays annoying pop-ups to generate revenue for its authors. The malware may analyze user interests by tracking the websites visited. It can then send pop-up advertising pertinent to those sites.
Tailgating
Following an authorized person to gain entry into a secure location or restricted area.
Spear phishing
Highly targeted phishing attack. uses emails to reach the victims, it sends customized emails to a specific person.
Spam
Junk mail, or unsolicited email, that is used to send advertisements, harmful links, malware, or deceptive content.
Ransomware
Malicious code that holds a computer system, or the data it contains, captive by encrypting the hard drive to force a payment.
Spyware/Adware
Malicious code that is transmitted by email or downloaded from the web, that can collect user information or install banner ads in programs, web browsers, or webpages.
Worm
Malicious code that spreads to other computers without attaching to individual files. Travels through a network
Virus
Malicious executable code that attaches to other programs and - when executed - replicates itself and attach onto other programs, files, and even the boot sector of the hard drive. Relies on users to open it to spread it
Logic Bomb
Malicious program that uses a trigger to awaken the malicious code.
Trojan Horse
Malware that can be downloaded with free software, but carries out malicious operations such as creating a bot.
DDoS amplification attack
Network attack that sends request to DNS server to send entire DNS database to another IP address, overwhelming the machine with gigabytes to terabytes of data
Impersonation
Pretending to be someone else to gain trust or access to unauthorized areas or data.
Keylogger
Program used to record or log the keystrokes of the user on a system.
Dumpster Diving
Retrieving documents from the trash or recycling containers.
Smishing
Sending fake text messages that trick the recipient into visiting a website or calling a phone number to provide sensitive information
80
Standard Port for http
443
Standard Port for https
Whaling
The use of email, IM, or other social media, to attempt to gather private information, such as login credentials, of senior executives or heads of schools.
Phishing
The use of email, IM, or other social media, to try and gather private information, such as login credentials, by masquerading as a reputable person.
Vishing
The use of voice communications such as Voice over IP to try and gather private information, such as login credentials, by masquerading as a reputable person.
Pharming
The use of website to try to gather private information, such as login credentials, by masquerading as a reputable website.
DDoS
Type of attack that denies access to authorized users making the network, network services, or data on the network, unavailable, typically through a zombie botnet of infected computers
Spoofing
Type of attack that impersonates a sender or server to take advantage of a trusted relationship between two systems. A user will think they are communicating with a trusted entity but are not
Man-in-the-middle
Type of attack that intercepts communications between computers to steal information while traveling across the network.
Cross-site scripting (XSS)
Vulnerability found in web applications. It allows criminals to inject scripts into the web pages viewed by users. This script can contain malicious code. It has three participants: the criminal, the victim, and the website. The cyber-criminal does not target a victim directly. The criminal exploits vulnerability within a website or web application. Criminals inject client-side scripts into web pages viewed by users, the victims
Shoulder Surfing
Watching a victim enter a PIN, access code, or credit card number.
Scareware
persuades the user to take a specific action based on fear, by popping up windows that resemble operating system dialog windows.
Spyware
software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive. Typically installed by a Trojan Horse
