Cyber Security

Security Threats Definitions – Decoded

There are many words acronyms in our daily vocabulary those we use with ease but to define them we have to scratch our heads. Following are few such words related to cybersecurity.

 Advance Persistent Threat (APT)– The sophisticated techniques, methods and attack vectors used by malicious intention hackers to get into the organization’s network and extend the foothold within IT infrastructure to extract the important, confidential data/information. The attacker without getting notices to the cybersecurity controls and monitoring tries multiple techniques till they get successful.

APT is not something new to the cybersecurity world. We can trace APT way to 1980 as “Cuckoo’s Egg” where attackers sneak into the targeted organization’s network used their resources for own high resource requirement computing. The later stages StuxNet warm was another such slow moving attack on the industrial network which was far more damaging than Cuckoo’s Egg

ExamplesThe recent Deep Panda  attack which is considered as an ongoing cyber security war between US and Chania, was more adventurous, the attackers got into US government network

Adversary –  As the name suggests these are the enemies of cybersecurity and organizations, who can break into organizations network with a malicious intention of either stealing the data or disrupting the business.

 Cyberbullying – It is a bullying performed using electronics technologies. The internet and connected devices like mobile phones, laptops, and tablets. Communication media used for this are social media, Chat groups, websites, and e-mail or text messages.

And hence, it is easy for a bully to harass victim day in and out by sending offensive messages, embarrassing pictures or creating fake profiles.

It may misinterpret as aggressive behavior. Aggressiveness is triggered by the incident and it is not constant. However cyberbullying in act performed on purpose to hurt the victim.

An example of cyber bullying is posting insulting messages like “you are worthless” on chat boards to lower self-esteem or uploading pictures of the victim in an awkward position on WikiLeaks, where it is difficult to take down the uploaded picture.

DDOS – Dynamic Denial Of Services attack, as it is described in the name, in this attack legitimate users cannot access business applications and services. This attacks concentrate on the perimeter level and floods the edge devices with network packets which eat up the processing power of these edge devices and hence other users are not able to access the applications as the packets are getting dropped at the edge.   

 Hacking – Act of unauthorized access to computer system, network, smartphones, or any other internet connected devices with an intention to cause financial or reputational damage by stealing or altering the information.

Example – Recent e-mail hacking of French presidential candidate Emmanuel Macron,   tampering of the US elections and Hilary Clinton’s election campaign

Pharming – This is the way hackers manipulate searches and direct the user to the illegitimate websites without their realization.  Manipulation is done by compromising the vulnerabilities available in Domain Name System (DNS)

Examples – Router Pharming – When selected as suggested DNS server or changes in host file in a compromised router. This is the most difficult pharming attack to identify.

Phishing – Sending illicit e-mails to lure the users to disclose information like username passwords, credit card numbers, personally identifiable information etc.  In this attack, user gets an e-mail which looks like received from the legitimate sender and asked to click on the malicious link to provide inputs. This is most complex social engineering attack.

Example – e-mail from looking like Banks e-mail asking for entering the card details and pin with a threat that else account may disabled or to claim some reward points.

Phreaking – The act of exploring and exploiting secure telecommunication networks. Phreak is a word made from the mix of phone and freak. This becomes synonymous to hacking as the telecom network is cellular and it takes the similar method to get unauthorized access to these systems.

Phone cloning and blue-hacking are examples of phreaking

Ransomware – This is malware infection which locks, encrypts or controls the systems and demands money in virtual currency like bitcoin to unlock, provide decrypt key or release controls and also threatens to delete the information if demand is not satisfied.

This is like kidnapping people and asking for money to release the hostages. In ransomware, the systems or the data is kidnapped and held as a hostage to provide money in bitcoin format so it cannot be traced.

Example – On 12th May 2017 one of the world’s biggest ransomware attacks was launched which put governments, businesses on the high alert state. The Security analyst from China to US to UK rushed to limit the damage and contained it.

NHS (National Health Services UK) described  this attack as “Doctors reported seeing computers go down “one by one” as the “ransomware” took hold on Friday (May 12), locking machines and demanding money to release the data”

The impact of this attack was delay and cancellation of surgeries and treatment for NHS patients across the country.

SPAM – The flood of unsolicited e-mails for sending advertisements. This flood of messages applicable to the chats, Mobile messages and other instant messaging programs.

Example –  Non subscribe -emails related Job requirements or product advertisements etc

Spyware – The software or malware that works along with other legitimate applications and Snoopware monitors activities of users, captures the information and keystrokes. This exploits the application vulnerability to tag along with that application.

Example – Coolwebsearch – this spyware can steal internet explorer setting, web searches, homepage etc.

Spoofing – Fraudulent or malicious source from which communication is sent which looks like from the original source i.e. unknown source of communication to user is disguised as know source. This is done for getting personal information like username passwords.

Example – e-mail spoofing, where the e-mail are sent from fraudulent email server looks like authentic e-mail.

Snoopware / Snooping – The special malware which monitors the actives of smart devices like mobile phones, tablets, this is equivalent of spyware in the laptops and personal computer world.

Example – Snoopware can monitor phone calls or text messages or switch on / off camera of your smartphone.

Virus – Malicious software gets attached to the legitimate software and spreads throughout files and has detrimental effects on systems to make them unavailable to use.

Worm – Variant of a virus, which crawls through your network and leaves its copies into the memory of the system.

 

Print Friendly, PDF & Email
Tagged , , , , , , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.