The list below is a continuation of the series Cyber Security Terms and Definitions. Some of the terms you may have heard or probably will hear sometime in the near future.
I am not sure how many of these I need to do past this point because it can get into some areas that you will probably not run into. If you have terms or topics you want to take a deeper dive into, let me know and either I will answer it or have some of the cyber security experts I know post response to it.
Blacklist – This is a list of known bad sites and/or IP addresses. For instance, once a point of origin has been identified as a source of SPAM email, this site/IP is put into a blacklist. There are subscription services that have a broad list of blacklisted sites/IPs that you can add into you security profile, but it can also be sites/IPs that you have identified and put into your firewalls.
I have also run into to situations where a site legitimate site/IP has ended up in a blacklist simply because the blacklist service could not confirm it was a good site/IP.
Whitelist – This can be tricky… Unlike the blacklist where you leave yourself open to allow anything that is not on the blacklist, the whitelist approach says I will not allow anything unless it is on the whitelist. If you setup your security scheme this way, it will increase your IT maintenance time because every time someone needs to go to a site/IP that is not on the list it must be added by hand, one at time. It is safer, but is more time consuming.
Phishing – Whether you realize it or not, you have probably already been a victim of a phishing attack. Most of us remember the Uganda (I think Uganda… could have been Ethiopia… I digress) email that said all you need to do was put $1,000 in a bank account and you would magically get, oh I don’t know, $100,000 for your time and trouble. This was a form of phishing.
Phishing today is much more sophisticated. You might receive an email saying “AT&T – (“Your Online Bill is Ready”). If you click it could take you to a site that even looks like AT&T. The link that you see may be “AT&T Bill”, the URL (web address) that you don’t see may be something like http://att.billing.biz. The site would ask you to enter your account name and password to review your bill. If you do this, they now have your AT&T credentials. Another thing that might happen by clicking the link is a malicious program could be installed on your machine to log your keystrokes. There other things that might occur, but suffice it to say if you get an email and you are not 100% sure of its point of origin, delete or forward to your IT staff for review.
You can also do some investigating yourself. In the example above the link was “AT&T Bill”. If you hover over the link (DO NOT CLICK) a pop up will show you the web address it is pointing to. If it has http://www.att.com or http://www.att.net, it is legit. If it is any other address… DELETE IT!
Spear Phishing – Spear phishing is aimed at specific people and/or group of people where plain ole phishing is mass emailing with no particular target to snare anyone who clicks the link.
This type of attack is well thought out and planned. The spear phisher will learn as much as they can about you and/or your company so that when they craft their email is has a high degree of legitimacy and familiarity to the recipient. The agenda for this type of attack may be to pierce a company’s firewall to gain access to specific information that you and/or company possess. Once in, this “hole” in your firewall will probably remain undetected for days, weeks, or months allowing the bad guys to come and go as they please.
Pharming – This is a website that is designed to appear legit in order to get you to enter sensitive information such as passwords, account numbers, Social Security numbers, etc. This more than likely the site that a phishing email will take you to if you click it.
Social Engineering – A psychological attack used by cyber attackers to deceive their victims into taking an action that will place the victim at risk. For example, cyber attackers may trick you into revealing your password or fool you into installing malicious software on your computer. They often do this by pretending to be someone you know or trust, such as a bank, company or even a friend.
Spoofing – I mentioned in Phishing above that you may see “AT&T Bill” when in reality the web address was something like http://att.billing.biz. This is a form of spoofing. In other words this is a message that appears to have a legitimate point of origin, but in reality does not.
Spoofing can also occur in text and phone calls. Text can appear to come from a legitimate source such as a friend of yours. The same applies to phone calls.
Cyberspace – Hmmm…? This could go in several directions.
If you look online you can get a lot of explanations which basically mean about the same thing. If you want a definition… Merriam Webster doesn’t give you a lot to go on. According MW, they say this is the Full Definition of CYBER SPACE…“the online world of computer networks and especially the Internet”.
I’m just going to say if something is connected and remotely available, it is in cyberspace. Therefore, cyberspace is a virtual environment that connected devices live in.
Encryption – This one can get deep, but we won’t go there. Basically what this means when data (email, user credentials, etc.) leaves the source to travel over the web, it is in a “cocoon” of sorts and the receiver of the information has a “key” to unlock the cocoon to see what is in it.
Just for fun I asked www. Merriam-Webster.com what she said and this is what I got… “encrypt: to change (information) from one form to another especially to hide its meaning.
Exploit – In some respects it is what it is. What I mean is the application of the word is the same whether you are talking about people or things. The technical explanation in cyberland is code that is designed to take advantage of a vulnerability. An exploit is designed to give an attacker the ability to execute additional malicious programs on the compromised system or to provide unauthorized access to affected data or application.
Malware (Virus, Worm, Trojan, Spyware) – The explanation of this term best described by SANS/Securing the Human (http://www.securingthehuman.org/resources/security-terms).
Malware stands for ‘malicious software’. It is any type of code or program cyber attackers use to perform malicious actions. Traditionally there have been different types of malware based on their capabilities and means of propagation, as we have listed below. However these technical distinctions are no longer relevant as modern malware combines the characteristics from each of these in a single program.
- Virus: A type of malware that spreads by infecting other files, rather than existing in a standalone manner. Viruses often, though not always, usually spread through human interaction, such as opening an infected file or application.)
- Worm: A type of malware that can propagate automatically, typically without requiring any human interaction for it to spread. Worms often spread across networks, though can also infect systems through other means, such as USB keys. An example of a worm is Conficker, which infected millions of computer systems starting in 2008 and is still active today.
- Conficker: The origin of the name Conficker is thought to be a combination of the English term “configure” and the German pejorative term Ficker.[12] Microsoft analyst Joshua Phillips gives an alternate interpretation of the name, describing it as a rearrangement of portions of the domain name trafficconverter.biz[13] (with the letter k, not found in the domain name, added as in “trafficker”, to avoid a “soft” c sound) which was used by early versions of Conficker to download updates. (ref – https://en.wikipedia.org/wiki/Conficker).
- Trojan: A shortened form of “Trojan Horse”, this type of malware appears to have a legitimate or at least benign use, but masks a hidden sinister function. For example, you may download and install a free screensaver which actually works well as a screensaver. But that software could also be malicious, it will infect your computer once you install it.
- Spyware: A type of malware that is designed to spy on the victim’s activities, capturing sensitive data such as the person’s passwords, online shopping, and screen contents. One popular type of spyware, a keylogger, is optimized for logging the victim’s keyboard activity and transmitting the captured information to the remote attacker.
If you have comments or questions feel free to post them here or contact me directly at fred.gordy@smartcore.com
One Response