The cybersecurity world is filled with technical lingo and jargon. At TechCrunch, now we have been writing about cybersecurity for years, and even we generally want a refresher on what precisely a particular phrase or expression means. That’s why now we have created this glossary, which incorporates among the most typical — and never so frequent — phrases and expressions that we use in our articles, and explanations of how, and why, we use them.
This is a creating compendium, and we’ll replace it commonly.
An superior persistent risk (APT) is usually categorized as a hacker, or group of hackers, which good points and maintains unauthorized entry to a focused system. The major purpose of an APT intruder is to stay undetected for lengthy intervals of time, usually to conduct espionage and surveillance, to steal knowledge, or sabotage vital methods.
APTs are historically well-resourced hackers, together with the funding to pay for his or her malicious campaigns, and entry to hacking instruments sometimes reserved by governments. As such, most of the long-running APT teams are related to nation states, like China, Iran, North Korea, and Russia. In current years, we’ve seen examples of non-nation state cybercriminal teams which are financially motivated (resembling theft and cash laundering) finishing up cyberattacks related by way of persistence and capabilities as some conventional government-backed APT teams.
(See: Hacker)
The capability to run instructions or malicious code on an affected system, usually due to a safety vulnerability within the system’s software program. Arbitrary code execution will be achieved both remotely or with bodily entry to an affected system (resembling somebody’s machine). In the circumstances the place arbitrary code execution will be achieved over the web, safety researchers sometimes name this distant code execution.
Often, code execution is used as a option to plant a again door for sustaining long-term and chronic entry to that system, or for operating malware that can be utilized to entry deeper components of the system or different gadgets on the identical community.
(See additionally: Remote code execution)
Hackers traditionally have been categorized as both “black hat” or “white hat,” normally relying on the motivations of the hacking exercise carried out. A “black hat” hacker could also be somebody who would possibly break the regulation and hack for cash or private achieve, resembling a cybercriminal. “White hat” hackers usually hack inside authorized bounds, like as a part of a penetration take a look at sanctioned by the goal firm, or to gather bug bounties discovering flaws in numerous software program and disclosing them to the affected vendor. For those that hack with much less clearcut motivations, they might be considered a “grey hat.” Famously, the hacking group the L0pht used the time period grey hat in an interview with The New York Times Magazine in 1999. While nonetheless generally utilized in fashionable safety parlance, many have moved away from the “hat” terminology.
(Also see: Hacker, Hacktivist)
Botnets are networks of hijacked internet-connected gadgets, resembling webcams and residential routers, which were compromised by malware (or generally weak or default passwords) for the needs of being utilized in cyberattacks. Botnets will be made up of a whole lot or 1000’s of gadgets and are sometimes managed by a command-and-control server that sends out instructions to ensnared gadgets. Botnets can be utilized for a spread of malicious causes, like utilizing the distributed community of gadgets to masks and defend the web site visitors of cybercriminals, ship malware, or harness their collective bandwidth to maliciously crash web sites and on-line providers with big quantities of junk web site visitors.
(See additionally: Command-and-control server; Distributed denial-of-service)
A bug is basically the reason for a software program glitch, resembling an error or an issue that causes the software program to crash or behave in an surprising approach. In some circumstances, a bug will also be a safety vulnerability.
The time period “bug” originated in 1947, at a time when early computer systems have been the scale of rooms and made up of heavy mechanical and transferring tools. The first identified incident of a bug present in a pc was when a moth disrupted the electronics of one in all these room-sized computer systems.
(See additionally: Vulnerability)
Command-and-control servers (often known as C2 servers) are utilized by cybercriminals to remotely handle and management their fleets of compromised gadgets and launch cyberattacks, resembling delivering malware over the web and launching distributed denial-of-service assaults.
(See additionally: Botnet; Distributed denial-of-service)
Cryptojacking is when a tool’s computational energy is used, with or with out the proprietor’s permission, to generate cryptocurrency. Developers generally bundle code in apps and on web sites, which then makes use of the machine’s processors to finish complicated mathematical calculations wanted to create new cryptocurrency. The generated cryptocurrency is then deposited in digital wallets owned by the developer.
Some malicious hackers use malware to intentionally compromise giant numbers of unwitting computer systems to generate cryptocurrency on a big and distributed scale.
When we discuss knowledge breaches, we finally imply the improper removing of knowledge from the place it ought to have been. But the circumstances matter and may alter the terminology we use to explain a selected incident.
An information breach is when protected knowledge was confirmed to have improperly left a system from the place it was initially saved and normally confirmed when somebody discovers the compromised knowledge. More usually than not, we’re referring to the exfiltration of knowledge by a malicious cyberattacker or in any other case detected because of an inadvertent publicity. Depending on what is understood in regards to the incident, we might describe it in additional particular phrases the place particulars are identified.
(See additionally: Data publicity; Data leak)
An information publicity (a sort of knowledge breach) is when protected knowledge is saved on a system that has no entry controls, resembling due to human error or a misconfiguration. This would possibly embrace circumstances the place a system or database is related to the web however with out a password. Just as a result of knowledge was uncovered doesn’t imply the information was actively found, however however might nonetheless be thought of an information breach.
An information leak (a sort of knowledge breach) is the place protected knowledge is saved on a system in a approach that it was allowed to flee, resembling attributable to a beforehand unknown vulnerability within the system or by the use of insider entry (resembling an worker). An information leak can imply that knowledge might have been exfiltrated or in any other case collected, however there might not all the time be the technical means, resembling logs, to know for certain.
A distributed denial-of-service, or DDoS, is a form of cyberattack that entails flooding targets on the web with junk internet site visitors with a view to overload and crash the servers and trigger the service, resembling a web site, on-line retailer, or gaming platform to go down.
DDoS assaults are launched by botnets, that are made up of networks of hacked internet-connected gadgets (resembling house routers and webcams) that may be remotely managed by a malicious operator, normally from a command-and-control server. Botnets will be made up of a whole lot or 1000’s of hijacked gadgets.
While a DDoS is a type of cyberattack, these data-flooding assaults will not be “hacks” in themselves, as they don’t contain the breach and exfiltration of knowledge from their targets, however as a substitute trigger a “denial of service” occasion to the affected service.
(See additionally: Botnet; Command-and-control server)
Encryption is the way in which and means during which info, resembling information, paperwork, and personal messages, are scrambled to make the information unreadable to anybody aside from to its meant proprietor or recipient. Encrypted knowledge is often scrambled utilizing an encryption algorithm — basically a set of mathematical formulation that determines how the information ought to be encrypted — together with a non-public key, resembling a password, which can be utilized to unscramble (or “decrypt”) the protected knowledge.
Nearly all fashionable encryption algorithms in use right now are open supply, permitting anybody (together with safety professionals and cryptographers) to evaluation and verify the algorithm to verify it’s freed from faults or flaws. Some encryption algorithms are stronger than others, which means knowledge protected by some weaker algorithms will be decrypted by harnessing giant quantities of computational energy.
Encryption is totally different from encoding, which merely converts knowledge into a unique and standardized format, normally for the advantage of permitting computer systems to learn the information.
(See additionally: End-to-end encryption)
End-to-end encryption (or E2EE) is a safety function constructed into many messaging and file-sharing apps, and is extensively thought of one of many strongest methods of securing digital communications as they traverse the web.
E2EE scrambles the file or message on the sender’s machine earlier than it’s despatched in a approach that permits solely the meant recipient to decrypt its contents, making it near-impossible for anybody — together with a malicious hacker, and even the app maker — to snoop inside on somebody’s personal communications. In current years, E2EE has turn into the default safety commonplace for a lot of messaging apps, together with Apple’s iMessage, Facebook Messenger, Signal, and WhatsApp.
E2EE has additionally turn into the topic of governmental frustration in recent times, as encryption makes it unimaginable for tech firms or app suppliers to present over info that they themselves should not have entry to.
(See additionally: Encryption)
Most fashionable methods are protected with a number of layers of safety, together with the power to set consumer accounts with extra restricted entry to the underlying system’s configurations and settings. This prevents these customers — or anybody with improper entry to one in all these consumer accounts — from tampering with the core underlying system. However, an “escalation of privileges” occasion can contain exploiting a bug or tricking the system into granting the consumer extra entry rights than they need to have.
Malware can even reap the benefits of bugs or flaws attributable to escalation of privileges by gaining deeper entry to a tool or a related community, probably permitting the malware to unfold.
An exploit is the way in which and means during which a vulnerability is abused or taken benefit of, normally with a view to break right into a system.
(See additionally: Bug; Vulnerability)
In common phrases, extortion is the act of acquiring one thing, normally cash, by means of using power and intimidation. Cyber extortion is not any totally different, because it sometimes refers to a class of cybercrime whereby attackers demand fee from victims by threatening to wreck, disrupt, or expose their delicate info.
Extortion is usually utilized in ransomware assaults, the place hackers sometimes exfiltrate firm knowledge earlier than demanding a ransom fee from the hacked sufferer. But extortion has rapidly turn into its personal class of cybercrime, with many, usually youthful, financially motivated hackers, opting to hold out extortion-only assaults, which snub using encryption in favor of easy knowledge theft.
(Also see: Ransomware)
Forensic investigations contain analyzing knowledge and data contained in a pc, server, or cell machine, searching for proof of a hack, crime, or some form of malfeasance. Sometimes, with a view to entry the information, company or regulation enforcement investigators depend on specialised gadgets and instruments, like these made by Cellebrite and Grayshift, that are designed to unlock and break the safety of computer systems and cellphones to entry the information inside.
There is nobody single definition of “hacker.” The time period has its personal wealthy historical past, tradition, and which means throughout the safety neighborhood. Some incorrectly conflate hackers, or hacking, with wrongdoing.
By our definition and use, we broadly confer with a “hacker” as somebody who’s a “breaker of issues,” normally by altering how one thing works to make it carry out in a different way with a view to meet their targets. In observe, that may be one thing so simple as repairing a machine with non-official components to make it operate in a different way as meant, or work even higher.
In the cybersecurity sense, a hacker is often somebody who breaks a system or breaks the safety of a system. That may very well be something from an internet-connected laptop system to a easy door lock. But the individual’s intentions and motivations (if identified) matter in our reporting, and guides how we precisely describe the individual, or their exercise.
There are moral and authorized variations between a hacker who works as a safety researcher, who’s professionally tasked with breaking into an organization’s methods with their permission to determine safety weaknesses that may be mounted earlier than a malicious particular person has an opportunity to use them; and a malicious hacker who good points unauthorized entry to a system and steals knowledge with out acquiring anybody’s permission.
Because the time period “hacker” is inherently impartial, we usually apply descriptors in our reporting to supply context about who we’re speaking about. If we all know that a person works for a authorities and is contracted to maliciously steal knowledge from a rival authorities, we’re prone to describe them as a nation-state or authorities hacker (or, if applicable, a sophisticated persistent risk), for instance. If a gang is understood to make use of malware to steal funds from people’ financial institution accounts, we might describe them as financially motivated hackers, or if there may be proof of criminality or illegality (resembling an indictment), we might describe them merely as cybercriminals.
And, if we don’t know motivations or intentions, or an individual describes themselves as such, we might merely confer with a topic neutrally as a “hacker,” the place applicable.
(Also see: Advanced persistent risk; Hacktivist; Unauthorized)
Sometimes, hacking and stealing knowledge is just step one. In some circumstances, hackers then leak the stolen knowledge to journalists, or straight submit the information on-line for anybody to see. The aim will be both to embarrass the hacking sufferer, or to show alleged malfeasance.
The origins of contemporary hack-and-leak operations date again to the early- and mid-2000s, when teams like el8, pHC (“Phrack High Council”) and zf0 have been concentrating on individuals within the cybersecurity trade who, in response to these teams, had foregone the hacker ethos and had offered out. Later, there are the examples of hackers related to Anonymous and leaking knowledge from U.S. authorities contractor HBGary, and North Korean hackers leaking emails stolen from Sony as retribution for the Hollywood comedy, The Interview.
Some of the latest and well-known examples are the hack in opposition to the now-defunct authorities spyware and adware pioneer Hacking Team in 2015, and the notorious Russian government-led hack-and-leak of Democratic National Committee emails forward of the 2016 U.S. presidential elections. Iranian authorities hackers tried to emulate the 2016 playbook throughout the 2024 elections.
A selected form of hacker who hacks for what they — and maybe the general public — understand as a superb trigger, therefore the portmanteau of the phrases “hacker” and “activist.” Hacktivism has been round for greater than 20 years, beginning maybe with teams just like the Cult of the Dead Cow within the late Nineteen Nineties. Since then, there have been a number of excessive profile examples of hacktivist hackers and teams, resembling Anonymous, LulzSec, and Phineas Fisher.
(Also see: Hacker)
Short for “info safety,” another time period used to explain defensive cybersecurity targeted on the safety of knowledge and data. “Infosec” could also be the popular time period for trade veterans, whereas the time period “cybersecurity” has turn into extensively accepted. In fashionable occasions, the 2 phrases have turn into largely interchangeable.
Infostealers are malware able to stealing info from an individual’s laptop or machine. Infostealers are sometimes bundled in pirated software program, like Redline, which when put in will primarily hunt down passwords and different credentials saved within the individual’s browser or password supervisor, then surreptitiously add the sufferer’s passwords to the attacker’s methods. This lets the attacker check in utilizing these stolen passwords. Some infostealers are additionally able to stealing session tokens from a consumer’s browser, which permit the attacker to check in to an individual’s on-line account as in the event that they have been that consumer however with no need their password or multifactor authentication code.
(See additionally: Malware)
Jailbreaking is utilized in a number of contexts to imply using exploits and different hacking strategies to avoid the safety of a tool, or eradicating the restrictions a producer places on {hardware} or software program. In the context of iPhones, for instance, a jailbreak is a method to take away Apple’s restrictions on putting in apps exterior of its “walled backyard” or to realize the power to conduct safety analysis on Apple gadgets, which is often extremely restricted. In the context of AI, jailbreaking means determining a option to get a chatbot to present out info that it’s not presupposed to.
The kernel, as its title suggests, is the core a part of an working system that connects and controls nearly all {hardware} and software program. As such, the kernel has the best stage of privileges, which means it has entry to nearly any knowledge on the machine. That’s why, for instance, apps resembling antivirus and anti-cheat software program run on the kernel stage, as they require broad entry to the machine. Having kernel entry permits these apps to watch for malicious code.
Malware is a broad umbrella time period that describes malicious software program. Malware can land in lots of kinds and be used to use methods in several methods. As such, malware that’s used for particular functions can usually be known as its personal subcategory. For instance, the kind of malware used for conducting surveillance on individuals’s gadgets can be referred to as “spyware and adware,” whereas malware that encrypts information and calls for cash from its victims is known as “ransomware.”
(See additionally: Infostealers; Ransomware; Spyware)
Metadata is info about one thing digital, somewhat than its contents. That can embrace particulars in regards to the dimension of a file or doc, who created it, and when, or within the case of digital images, the place the picture was taken and details about the machine that took the photograph. Metadata might not determine the contents of a file, however it may be helpful in figuring out the place a doc got here from or who authored it. Metadata can even confer with details about an trade, resembling who made a name or despatched a textual content message, however not the contents of the decision or the message.
Ransomware is a sort of malicious software program (or malware) that stops machine homeowners from accessing its knowledge, sometimes by encrypting the individual’s information. Ransomware is normally deployed by cybercriminal gangs who demand a ransom fee — normally cryptocurrency — in return for offering the personal key to decrypt the individual’s knowledge.
In some circumstances, ransomware gangs will steal the sufferer’s knowledge earlier than encrypting it, permitting the criminals to extort the sufferer additional by threatening to publish the information on-line. Paying a ransomware gang is not any assure that the sufferer will get their stolen knowledge again, or that the gang will delete the stolen knowledge.
One of the first-ever ransomware assaults was documented in 1989, during which malware was distributed through floppy disk (an early type of detachable storage) to attendees of the World Health Organization’s AIDS convention. Since then, ransomware has developed right into a multi-billion greenback felony trade as attackers refine their techniques and hone in on big-name company victims.
(See additionally: Malware; Sanctions)
Remote code execution refers back to the capability to run instructions or malicious code (resembling malware) on a system from over a community, usually the web, with out requiring any human interplay from the goal. Remote code execution assaults can vary in complexity however will be extremely damaging when vulnerabilities are exploited.
(See additionally: Arbitrary code execution)
Cybersecurity-related sanctions work equally to conventional sanctions in that they make it unlawful for companies or people to transact with a sanctioned entity. In the case of cyber sanctions, these entities are suspected of finishing up malicious cyber-enabled actions, resembling ransomware assaults or the laundering of ransom funds made to hackers.
The U.S. Treasury’s Office of Foreign Assets Control (OFAC) administers sanctions. The Treasury’s Cyber-Related Sanctions Program was established in 2015 as a part of the Obama administration’s response to cyberattacks concentrating on U.S. authorities businesses and personal sector U.S. entities.
While a comparatively new addition to the U.S. authorities’s bureaucratic armory in opposition to ransomware teams, sanctions are more and more used to hamper and deter malicious state actors from conducting cyberattacks. Sanctions are sometimes used in opposition to hackers who’re out of attain of U.S. indictments or arrest warrants, resembling ransomware crews based mostly in Russia.
A broad time period, like malware, that covers a spread of surveillance monitoring software program. Spyware is often used to confer with malware made by personal firms, resembling NSO Group’s Pegasus, Intellexa’s Predator, and Hacking Team’s Remote Control System, amongst others, which the businesses promote to authorities businesses. In extra generic phrases, all these malware are like distant entry instruments, which permits their operators — normally authorities brokers — to spy and monitor their targets, giving them the power to entry a tool’s digicam and microphone or exfiltrate knowledge. Spyware can be known as business or authorities spyware and adware, or mercenary spyware and adware.
(See additionally: Stalkerware)
Stalkerware is a form of surveillance malware (and a type of spyware and adware) that’s normally offered to abnormal shoppers underneath the guise of kid or worker monitoring software program however is usually used for the needs of spying on the telephones of unwitting people, oftentimes spouses and home companions. The spyware and adware grants entry to the goal’s messages, location, and extra. Stalkerware sometimes requires bodily entry to a goal’s machine, which provides the attacker the power to put in it straight on the goal’s machine, actually because the attacker is aware of the goal’s passcode.
(See additionally: Spyware)
What are you making an attempt to guard? Who are you fearful about that would go after you or your knowledge? How might these attackers get to the information? The solutions to those sorts of questions are what is going to lead you to create a risk mannequin. In different phrases, risk modeling is a course of that a corporation or a person has to undergo to design software program that’s safe, and devise strategies to safe it. A risk mannequin will be targeted and particular relying on the state of affairs. A human rights activist in an authoritarian nation has a unique set of adversaries, and knowledge, to guard than a big company in a democratic nation that’s fearful about ransomware, for instance.
When we describe “unauthorized” entry, we’re referring to the accessing of a pc system by breaking any of its safety features, resembling a login immediate or a password, which might be thought of unlawful underneath the U.S. Computer Fraud and Abuse Act, or the CFAA. The Supreme Court in 2021 clarified the CFAA, discovering that accessing a system missing any technique of authorization — for instance, a database with no password — isn’t unlawful, as you can not break a safety function that isn’t there.
It’s price noting that “unauthorized” is a broadly used time period and infrequently utilized by firms subjectively, and as such has been used to explain malicious hackers who steal somebody’s password to interrupt in by means of to incidents of insider entry or abuse by staff.
A digital personal community, or VPN, is a networking know-how that permits somebody to “nearly” entry a non-public community, resembling their office or house, from wherever else on the planet. Many use a VPN supplier to browse the online, considering that this will help to keep away from on-line surveillance.
TechCrunch has a skeptics’ information to VPNs that may make it easier to determine if a VPN is sensible for you. If it does, we’ll present you the best way to arrange your personal personal and encrypted VPN server that solely you management. And if it doesn’t, we discover among the privateness instruments and different measures you’ll be able to take to meaningfully enhance your privateness on-line.
A vulnerability (additionally known as a safety flaw) is a sort of bug that causes software program to crash or behave in an surprising approach that impacts the safety of the system or its knowledge. Sometimes, two or extra vulnerabilities can be utilized along with one another — often known as “vulnerability chaining” — to realize deeper entry to a focused system.
(See additionally: Bug; Exploit)
A zero-day is a particular sort of safety vulnerability that has been publicly disclosed or exploited however the vendor who makes the affected {hardware} or software program has not been given time (or “zero days”) to repair the issue. As such, there could also be no instant repair or mitigation to stop an affected system from being compromised. This will be significantly problematic for internet-connected gadgets.
(See additionally: Vulnerability)
First revealed on September 20, 2024. Last up to date on December 23, 2024.
