The cybersecurity world is filled with technical lingo and jargon. At TechCrunch, we’ve got been writing about cybersecurity for years, and even we generally want a refresher on what precisely a particular phrase or expression means. That’s why we’ve got created this glossary, which incorporates among the commonest — and never so widespread — phrases and expressions that we use in our articles, and explanations of how, and why, we use them.
It is a creating compendium, and we’ll replace it recurrently.
Superior persistent menace (APT)
A complicated persistent menace (APT) is commonly categorized as a hacker, or group of hackers, which positive factors and maintains unauthorized entry to a focused system. The principle purpose of an APT intruder is to stay undetected for lengthy intervals of time, usually to conduct espionage and surveillance, to steal information, or sabotage essential programs.
APTs are historically well-resourced hackers, together with the funding to pay for his or her malicious campaigns, and entry to hacking instruments sometimes reserved by governments. As such, most of the long-running APT teams are related to nation states, like China, Iran, North Korea, and Russia. Lately, we’ve seen examples of non-nation state cybercriminal teams which might be financially motivated (akin to theft and cash laundering) finishing up cyberattacks related when it comes to persistence and capabilities as some conventional government-backed APT teams.
(See: Hacker)
The power to run instructions or malicious code on an affected system, usually due to a safety vulnerability within the system’s software program. Arbitrary code execution could be achieved both remotely or with bodily entry to an affected system (akin to somebody’s system). Within the instances the place arbitrary code execution could be achieved over the web, safety researchers sometimes name this distant code execution.
Usually, code execution is used as a method to plant a again door for sustaining long-term and protracted entry to that system, or for working malware that can be utilized to entry deeper components of the system or different units on the identical community.
(See additionally: Distant code execution)
Botnets are networks of hijacked internet-connected units, akin to webcams and residential routers, which were compromised by malware (or generally weak or default passwords) for the needs of being utilized in cyberattacks. Botnets could be made up of tons of or 1000’s of units and are sometimes managed by a command-and-control server that sends out instructions to ensnared units. Botnets can be utilized for a variety of malicious causes, like utilizing the distributed community of units to masks and defend the web site visitors of cybercriminals, ship malware, or harness their collective bandwidth to maliciously crash web sites and on-line providers with enormous quantities of junk web site visitors.
(See additionally: Command-and-control server; Distributed denial-of-service)
A bug is basically the reason for a software program glitch, akin to an error or an issue that causes the software program to crash or behave in an surprising approach. In some instances, a bug may also be a safety vulnerability.
The time period “bug” originated in 1947, at a time when early computer systems had been the scale of rooms and made up of heavy mechanical and shifting gear. The primary recognized incident of a bug present in a pc was when a moth disrupted the electronics of one in all these room-sized computer systems.
(See additionally: Vulnerability)
Command-and-control servers (often known as C2 servers) are utilized by cybercriminals to remotely handle and management their fleets of compromised units and launch cyberattacks, akin to delivering malware over the web and launching distributed denial-of-service assaults.
(See additionally: Botnet; Distributed denial-of-service)
Cryptojacking is when a tool’s computational energy is used, with or with out the proprietor’s permission, to generate cryptocurrency. Builders generally bundle code in apps and on web sites, which then makes use of the system’s processors to finish advanced mathematical calculations wanted to create new cryptocurrency. The generated cryptocurrency is then deposited in digital wallets owned by the developer.
Some malicious hackers use malware to intentionally compromise giant numbers of unwitting computer systems to generate cryptocurrency on a big and distributed scale.
Once we speak about information breaches, we finally imply the improper removing of knowledge from the place it ought to have been. However the circumstances matter and might alter the terminology we use to explain a specific incident.
An information breach is when protected information was confirmed to have improperly left a system from the place it was initially saved and often confirmed when somebody discovers the compromised information. As a rule, we’re referring to the exfiltration of knowledge by a malicious cyberattacker or in any other case detected because of an inadvertent publicity. Relying on what is understood concerning the incident, we might describe it in additional particular phrases the place particulars are recognized.
(See additionally: Knowledge publicity; Knowledge leak)
An information publicity (a sort of knowledge breach) is when protected information is saved on a system that has no entry controls, akin to due to human error or a misconfiguration. This may embody instances the place a system or database is linked to the web however and not using a password. Simply because information was uncovered doesn’t imply the info was actively found, however however might nonetheless be thought of an information breach.
An information leak (a sort of knowledge breach) is the place protected information is saved on a system in a approach that it was allowed to flee, akin to because of a beforehand unknown vulnerability within the system or by means of insider entry (akin to an worker). An information leak can imply that information might have been exfiltrated or in any other case collected, however there might not all the time be the technical means, akin to logs, to know for positive.
A distributed denial-of-service, or DDoS, is a form of cyberattack that includes flooding targets on the web with junk internet site visitors with the intention to overload and crash the servers and trigger the service, akin to an internet site, on-line retailer, or gaming platform to go down.
DDoS assaults are launched by botnets, that are made up of networks of hacked internet-connected units (akin to residence routers and webcams) that may be remotely managed by a malicious operator, often from a command-and-control server. Botnets could be made up of tons of or 1000’s of hijacked units.
Whereas a DDoS is a type of cyberattack, these data-flooding assaults usually are not “hacks” in themselves, as they don’t contain the breach and exfiltration of knowledge from their targets, however as a substitute trigger a “denial of service” occasion to the affected service.
(See additionally: Botnet; Command-and-control server)
Encryption is the best way and means through which data, akin to recordsdata, paperwork, and personal messages, are scrambled to make the info unreadable to anybody aside from to its meant proprietor or recipient. Encrypted information is often scrambled utilizing an encryption algorithm — primarily a set of mathematical formulation that determines how the info ought to be encrypted — together with a personal key, akin to a password, which can be utilized to unscramble (or “decrypt”) the protected information.
Practically all trendy encryption algorithms in use immediately are open supply, permitting anybody (together with safety professionals and cryptographers) to assessment and test the algorithm to ensure it’s freed from faults or flaws. Some encryption algorithms are stronger than others, which means information protected by some weaker algorithms could be decrypted by harnessing giant quantities of computational energy.
Encryption is totally different from encoding, which merely converts information into a unique and standardized format, often for the good thing about permitting computer systems to learn the info.
Finish-to-end encryption (or E2EE) is a safety characteristic constructed into many messaging and file-sharing apps, and is extensively thought of one of many strongest methods of securing digital communications as they traverse the web.
E2EE scrambles the file or message on the sender’s system earlier than it’s despatched in a approach that enables solely the meant recipient to decrypt its contents, making it near-impossible for anybody — together with a malicious hacker, and even the app maker — to snoop inside on somebody’s non-public communications. Lately, E2EE has grow to be the default safety commonplace for a lot of messaging apps, together with Apple’s iMessage, Fb Messenger, Sign, and WhatsApp.
E2EE has additionally grow to be the topic of governmental frustration in recent times, as encryption makes it unattainable for tech corporations or app suppliers to present over data that they themselves wouldn’t have entry to.
Most trendy programs are protected with a number of layers of safety, together with the power to set person accounts with extra restricted entry to the underlying system’s configurations and settings. This prevents these customers — or anybody with improper entry to one in all these person accounts — from tampering with the core underlying system. Nevertheless, an “escalation of privileges” occasion can contain exploiting a bug or tricking the system into granting the person extra entry rights than they need to have.
Malware can even benefit from bugs or flaws attributable to escalation of privileges by gaining deeper entry to a tool or a linked community, probably permitting the malware to unfold.
An exploit is the best way and means through which a vulnerability is abused or taken benefit of, often with the intention to break right into a system.
(See additionally: Bug; Vulnerability)
Extortion
Basically phrases, extortion is the act of acquiring one thing, often cash, via using pressure and intimidation. Cyber extortion is not any totally different, because it sometimes refers to a class of cybercrime whereby attackers demand fee from victims by threatening to break, disrupt, or expose their delicate data.
Extortion is commonly utilized in ransomware assaults, the place hackers sometimes exfiltrate firm information earlier than demanding a ransom fee from the hacked sufferer. However extortion has shortly grow to be its personal class of cybercrime, with many, usually youthful, financially motivated hackers, opting to hold out extortion-only assaults, which snub using encryption in favor of easy information theft.
(Additionally see: Ransomware)
There isn’t a one single definition of “hacker.” The time period has its personal wealthy historical past, tradition, and which means inside the safety neighborhood. Some incorrectly conflate hackers, or hacking, with wrongdoing.
By our definition and use, we broadly discuss with a “hacker” as somebody who’s a “breaker of issues,” often by altering how one thing works to make it carry out otherwise with the intention to meet their targets. In observe, that may be one thing so simple as repairing a machine with non-official components to make it operate otherwise as meant, or work even higher.
Within the cybersecurity sense, a hacker is often somebody who breaks a system or breaks the safety of a system. That could possibly be something from an internet-connected pc system to a easy door lock. However the particular person’s intentions and motivations (if recognized) matter in our reporting, and guides how we precisely describe the particular person, or their exercise.
There are moral and authorized variations between a hacker who works as a safety researcher, who’s professionally tasked with breaking into an organization’s programs with their permission to establish safety weaknesses that may be fastened earlier than a malicious particular person has an opportunity to use them; and a malicious hacker who positive factors unauthorized entry to a system and steals information with out acquiring anybody’s permission.
As a result of the time period “hacker” is inherently impartial, we usually apply descriptors in our reporting to supply context about who we’re speaking about. If we all know that a person works for a authorities and is contracted to maliciously steal information from a rival authorities, we’re prone to describe them as a nation-state or authorities hacker (or, if applicable, an superior persistent menace), for instance. If a gang is understood to make use of malware to steal funds from people’ financial institution accounts, we might describe them as financially motivated hackers, or if there may be proof of criminality or illegality (akin to an indictment), we might describe them merely as cybercriminals.
And, if we don’t know motivations or intentions, or an individual describes themselves as such, we might merely discuss with a topic neutrally as a “hacker,” the place applicable.
(Additionally see: Superior persistent menace; Unauthorized)
Brief for “data safety,” another time period used to explain defensive cybersecurity centered on the safety of knowledge and data. “Infosec” could also be the popular time period for business veterans, whereas the time period “cybersecurity” has grow to be extensively accepted. In trendy instances, the 2 phrases have grow to be largely interchangeable.
Infostealers
Infostealers are malware able to stealing data from an individual’s pc or system. Infostealers are sometimes bundled in pirated software program, like Redline, which when put in will primarily hunt down passwords and different credentials saved within the particular person’s browser or password supervisor, then surreptitiously add the sufferer’s passwords to the attacker’s programs. This lets the attacker check in utilizing these stolen passwords. Some infostealers are additionally able to stealing session tokens from a person’s browser, which permit the attacker to check in to an individual’s on-line account as in the event that they had been that person, however with no need their password or multi-factor authentication code.
(See additionally: Malware)
Jailbreaking is utilized in a number of contexts to imply using exploits and different hacking strategies to bypass the safety of a tool, or eradicating the restrictions a producer places on {hardware} or software program. Within the context of iPhones, for instance, a jailbreak is a method to take away Apple’s restrictions on putting in apps outdoors of its “walled backyard” or to realize the power to conduct safety analysis on Apple units, which is generally extremely restricted. Within the context of AI, jailbreaking means determining a method to get a chatbot to give out data that it’s not speculated to.
Malware is a broad umbrella time period that describes malicious software program. Malware can land in lots of types and be used to use programs in several methods. As such, malware that’s used for particular functions can usually be known as its personal subcategory. For instance, the kind of malware used for conducting surveillance on individuals’s units can be referred to as “adware,” whereas malware that encrypts recordsdata and calls for cash from its victims is named “ransomware.”
(See additionally: Infostealers; Ransomware; Adware)
Metadata is data about one thing digital, slightly than its contents. That may embody particulars concerning the dimension of a file or doc, who created it, and when, or within the case of digital photographs, the place the picture was taken and details about the system that took the picture. Metadata might not establish the contents of a file, however it may be helpful in figuring out the place a doc got here from or who authored it. Metadata can even discuss with details about an alternate, akin to who made a name or despatched a textual content message, however not the contents of the decision or the message.
Ransomware is a sort of malicious software program (or malware) that stops system house owners from accessing its information, sometimes by encrypting the particular person’s recordsdata. Ransomware is often deployed by cybercriminal gangs who demand a ransom fee — often cryptocurrency — in return for offering the non-public key to decrypt the particular person’s information.
In some instances, ransomware gangs will steal the sufferer’s information earlier than encrypting it, permitting the criminals to extort the sufferer additional by threatening to publish the recordsdata on-line. Paying a ransomware gang is not any assure that the sufferer will get their stolen information again, or that the gang will delete the stolen information.
One of many first-ever ransomware assaults was documented in 1989, through which malware was distributed by way of floppy disk (an early type of detachable storage) to attendees of the World Well being Group’s AIDS convention. Since then, ransomware has advanced into a multi-billion greenback prison business as attackers refine their ways and hone in on big-name company victims.
(See additionally: Malware; Sanctions)
Distant code execution refers back to the capacity to run instructions or malicious code (akin to malware) on a system from over a community, usually the web, with out requiring any human interplay from the goal. Distant code execution assaults can vary in complexity however could be extremely damaging when vulnerabilities are exploited.
(See additionally: Arbitrary code execution)
Sanctions
Cybersecurity-related sanctions work equally to conventional sanctions in that they make it unlawful for companies or people to transact with a sanctioned entity. Within the case of cyber sanctions, these entities are suspected of finishing up malicious cyber-enabled actions, akin to ransomware assaults or the laundering of ransom funds made to hackers.
The U.S. Treasury’s Workplace of International Belongings Management (OFAC) administers sanctions. The Treasury’s Cyber-Associated Sanctions Program was established in 2015 as a part of the Obama administration’s response to cyberattacks focusing on U.S. authorities businesses and personal sector U.S. entities.
Whereas a comparatively new addition to the U.S. authorities’s bureaucratic armory in opposition to ransomware teams, sanctions are more and more used to hamper and deter malicious state actors from conducting cyberattacks. Sanctions are sometimes used in opposition to hackers who’re out of attain of U.S. indictments or arrest warrants, akin to ransomware crews based mostly in Russia.
A broad time period, like malware, that covers a variety of surveillance monitoring software program. Adware is often used to discuss with malware made by non-public corporations, akin to NSO Group’s Pegasus, Intellexa’s Predator, and Hacking Workforce’s Distant Management System, amongst others, which the businesses promote to authorities businesses. In additional generic phrases, these kinds of malware are like distant entry instruments, which permits their operators — often authorities brokers — to spy and monitor their targets, giving them the power to entry a tool’s digital camera and microphone or exfiltrate information. Adware can be known as business or authorities adware, or mercenary adware.
(See additionally: Stalkerware)
Stalkerware is a form of surveillance malware (and a type of adware) that’s often offered to abnormal customers beneath the guise of kid or worker monitoring software program however is commonly used for the needs of spying on the telephones of unwitting people, oftentimes spouses and home companions. The adware grants entry to the goal’s messages, location, and extra. Stalkerware sometimes requires bodily entry to a goal’s system, which provides the attacker the power to put in it immediately on the goal’s system, actually because the attacker is aware of the goal’s passcode.
(See additionally: Adware)
What are you making an attempt to guard? Who’re you nervous about that might go after you or your information? How might these attackers get to the info? The solutions to those sorts of questions are what’s going to lead you to create a menace mannequin. In different phrases, menace modeling is a course of that a corporation or a person has to undergo to design software program that’s safe, and devise strategies to safe it. A menace mannequin could be centered and particular relying on the state of affairs. A human rights activist in an authoritarian nation has a unique set of adversaries, and information, to guard than a big company in a democratic nation that’s nervous about ransomware, for instance.
Once we describe “unauthorized” entry, we’re referring to the accessing of a pc system by breaking any of its safety features, akin to a login immediate or a password, which might be thought of unlawful beneath the U.S. Laptop Fraud and Abuse Act, or the CFAA. The Supreme Courtroom in 2021 clarified the CFAA, discovering that accessing a system missing any technique of authorization — for instance, a database with no password — isn’t unlawful, as you can’t break a safety characteristic that isn’t there.
It’s price noting that “unauthorized” is a broadly used time period and infrequently utilized by corporations subjectively, and as such has been used to explain malicious hackers who steal somebody’s password to interrupt in via to incidents of insider entry or abuse by staff.
Digital non-public community (VPN)
A digital non-public community, or VPN, is a networking know-how that enables somebody to “nearly” entry a personal community, akin to their office or residence, from anyplace else on the earth. Many use a VPN supplier to browse the online, considering that this may help to keep away from on-line surveillance.
TechCrunch has a skeptics’ information to VPNs that may show you how to determine in case you suppose a VPN is sensible for you. If it does, we’ll present you the way to arrange your personal non-public and encrypted VPN server that solely you management. And in case you don’t, we discover among the privateness instruments and different measures you may take to meaningfully enhance your privateness on-line.
A vulnerability (additionally known as a safety flaw) is a sort of bug that causes software program to crash or behave in an surprising approach that impacts the safety of the system or its information. Typically, two or extra vulnerabilities can be utilized at the side of one another — often known as “vulnerability chaining” — to realize deeper entry to a focused system.
(See additionally: Bug; Exploit)
A zero-day is a particular kind of safety vulnerability that has been publicly disclosed or exploited however the vendor who makes the affected {hardware} or software program has not been given time (or “zero days”) to repair the issue. As such, there could also be no speedy repair or mitigation to stop an affected system from being compromised. This may be significantly problematic for internet-connected units.
(See additionally: Vulnerability)
Final up to date on November 5.