SSC Vocabulary

Data Destruction/Wipe Attack

Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources. Data destruction is likely to render stored data irrecoverable by forensic techniques through overwriting files or data on local and remote drives

Bitcoin

Bitcoin was the first cryptocurrency to successfully record transactions on a secure, decentralized blockchain-based network.

CIA Triad

Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization.

Mumble Attack

If the service representative asked to speak with the customer directly, the caller would impersonate a voice-impaired customer, using a mechanical device to distort his voice and make it impossible for the service representative to understand him—a variant of a widely used social-engineering technique known as the "mumble attack."

Data Interception

Refers to the obstruction of data transmission to and from the device, and remotely altering the messages.

Quid Pro Quo Attack

Similar to baiting, quid pro quo involves a hacker requesting the exchange of critical data or login credentials in exchange for a service. For example, an end user might receive a phone call from the hacker who, posed as a technology expert, offers free IT assistance or technology improvements in exchange for login credentials.

Boy Who Cries Wolf Attack

The cries of "Wolf!" about breaches that weren't really breaches seem to be effectively garnering mainstream attention for good security practices

Botnet

They're connected computers performing a number of repetitive tasks to keep websites going. It's most often used in connection with Internet Relay Chat. These types of botnets are entirely legal and even beneficial to maintaining a smooth user experience on the Internet.

Cookies

are small files that Web sites put on your computer hard disk drive when you first visit. Cookies tell us how often you visit pages, which helps us find out what information interests you

Sarbanes Oxley Act

came in response to highly publicized corporate financial scandals earlier that decade. The act created strict new rules for accountants, auditors, and corporate officers and imposed more stringent recordkeeping requirements. The act also added new criminal penalties for violating securities laws.

Worm

can be transmitted via software vulnerabilities. Or computer worms could arrive as attachments in spam emails or instant messages (IMs). Once opened, these files could provide a link to a malicious website or automatically download the computer worm. Once it's installed, the worm silently goes to work and infects the machine without the user's knowledge. They can modify and delete files, and they can even inject additional malicious software onto a computer.

Penetration Testing

colloquially known as a pen test, pentest or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system.

Uniform Resource Locator (URL)

colloquially termed a web address, is a reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it.

Big Data

extremely large data sets that may be analyzed computationally to reveal patterns, trends, and associations, especially relating to human behavior and interactions.

Whaling

is a common cyber attack that occurs when an attacker utilizes spear phishing methods to go after a large, high-profile target, such as the c-suite.

Password Management Software

is a computer program that allows users to store, generate, and manage their personal passwords for online services.

Zero Day Vulnerability

is a computer-software vulnerability that is unknown to, or unaddressed by, those who should be interested in mitigating the vulnerability (including the vendor of the target software) and is being actively exploited in the wild. Until the vulnerability is mitigated, hackers can continue to exploit it to adversely affect computer programs, data, additional computers or a network.

Block chain

is a distributed ledger technology (DLT) that allows data to be stored globally on thousands of servers - while letting anyone on the network see everyone else's entries in near real-time.

Pretexting

is a form of social engineering in which an individual lies to obtain privileged data. A pretext is a false motive. Pretexting often involves a scam where the liar pretends to need information in order to confirm the identity of the person he is talking to.

Distributed Denial of Service Attack

is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

Stuxnet

is a malicious computer worm, targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Stuxnet specifically targets programmable logic controllers (PLCs), which allow the automation of electromechanical processes such as those used to control machinery and industrial processes including gas centrifuges for separating nuclear material.

Scareware

is a malware tactic that manipulates users into believing they need to download or buy malicious, sometimes useless, software. Most often initiated using a pop-up ad, scareware uses social engineering to take advantage of a user's fear, coaxing them into installing fake anti-virus software.

Watering Hole Attack

is a method in which the attacker seeks to compromise a specific group of end users by infecting websites that members of that group are known to visit. The goal is to infect a victim's computer and gain access to the network within the victims's place of employment.

CEO Fraud

is a scam in which cybercriminals spoof company email accounts and impersonate executives to try and fool an employee in accounting or HR into executing unauthorized wire transfers, or sending out confidential tax information.

Dumpster Diving

is a technique used to retrieve information that could be used to carry out an attack on a computer network.

Virus

is a type of malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another. A virus operates by inserting or attaching itself to a legitimate program or document that supports macros in order to execute its code. In the process, a virus has the potential to cause unexpected or damaging effects, such as harming the system software by corrupting or destroying data.

Trojan/Trojan Horse

is a type of malicious code or software that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general inflict some other harmful action on your data or network.

Ransomware

is a type of malware from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid.

Shoulder Surfing

is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder, either from keystrokes on a device or sensitive information being spoken and heard, also known as eavesdropping.

SQL Injection Attack

is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application's content or behavior.

Advanced Persistent Threat

is an attack in which an unauthorized user gains access to a system or network and remains there for an extended period of time without being detected. Advanced persistent threats are particularly dangerous for enterprises, as hackers have ongoing access to sensitive company data. Advanced persistent threats generally do not cause damage to company networks or local machines.

Denial of Service Attack

is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.

Man in the Middle Attack

is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.

Mining Attack

is an emerging online threat that hides on a computer or mobile device and uses the machine's resources to "mine" forms of online money known as cryptocurrencies.

Virtual Private Network (VPN)

is an encrypted connection over the Internet from a device to a network. The encrypted connection helps ensure that sensitive data is safely transmitted. It prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct work remotely.

"Social Engineer Toolkit"

is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly.

Vishing

is just one form of phishing, which is any type of message — such as an email, text, phone call or direct-chat message — that appears to be from a trusted source, but isn't. The goal is to steal someone's identity or money.

Cryptography

is one of the most important tools for building secure systems. Through the proper use of cryptography, one can ensure the confidentiality of data, protect data from unauthorized modification, and authenticate the source of data.

Data Tampering

is the act of deliberately modifying (destroying, manipulating, or editing) data through unauthorized channels.

Spear Phishing

is the act of sending and emails to specific and well-researched targets while purporting to be a trusted sender. The aim is to either infect devices with malware or convince victims to hand over information or money.

Keylogging

is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program.

Malware

is the collective name for a number of malicious software variants, including viruses, ransomware and spyware. Shorthand for malicious software, malware typically consists of code developed by cyberattackers, designed to cause extensive damage to data and systems or to gain unauthorized access to a network.

Phishing

is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication.

Cybersecurity

is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes

Social Engineering

is the psychological manipulation of people into performing actions or divulging confidential information.

Steganography

is the technique of hiding secret data within an ordinary, non-secret, file or message in order to avoid detection; the secret data is then extracted at its destination. The use of steganography can be combined with encryption as an extra step for hiding or protecting data.

Hacktivists/Hactivism

is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change.

Adware

is unwanted software designed to throw advertisements up on your screen, most often within a web browser. Some security professionals view it as the forerunner of the modern-day PUP (potentially unwanted program). Typically, it uses an underhanded method to either disguise itself as legitimate, or piggyback on another program to trick you into installing it on your PC, tablet, or mobile device.

Spyware

is unwanted software that infiltrates your computing device, stealing your internet usage data and sensitive information. Spyware is classified as a type of malware — malicious software designed to gain access to or damage your computer, often without your knowledge. Spyware gathers your personal information and relays it to advertisers, data firms, or external users.

Spoofing E-mail address/phone numbers

is when a caller deliberately falsifies the information transmitted to your caller ID display to disguise their identity. Scammers often use neighbor spoofing so it appears that an incoming call is coming from a local number, or spoof a number from a company or a government agency that you may already know and trust.

Smishing

is when someone tries to trick you into giving them your private information via a text or SMS message.

Tailgating/Piggybacking

refers to when a person tags along with another person who is authorized to gain entry into a restricted area, or pass a certain checkpoint It can be either electronic or physical.

Drive by Attack

specifically refer to malicious programs that install to your devices — without your consent. This also includes unintentional downloads of any files or bundled software onto a computer device.

Baiting

use a false promise to pique a victim's greed or curiosity. They lure users into a trap that steals their personal information or inflicts their systems with malware.