Attack
An attack is an action carried out with the intent to gain access to a computer system, the data within a computer system or in transmission between systems, to utilise the processing capacity of a system, or to compromise a system for the purpose of attacking other systems without authorisation.Biometrics
A lose translation of the word 'biometrics' is, measurements of the body. Biometrics includes fingerprint scanning, retinal scanning, voice recognition and facial recognition.Biometrics can be exceptionally useful when used as a complimentary method of authentication as in two-factor authentication.
Brand Hacking
Brand hacking is a relatively new term for a practice that has existed for some time in the physical world, and has transitioned to the cyber-world.Brand hacking occurs when a scammer pretends to represent a reputable brand, so that they may enter negotiations with the customer. What the scammer is offering, may be a product of some value, however it will not be the brand that the scammer is pretending to represent.
In the online context brand hacking is associated with phishing emails, where the scammer wants you to collect your information, and perhaps trick you into downloading malware. Scammers may often advertise software products such as anti-malware suites that have a similar name and logo to a reputable brand, but really give false detections and in the background leak your data to other scammers.
Cat-Phishing
Also 'cat-fishing'. This is a specific kind of targeted phishing attack aimed at scamming those who are single, or in the dating market through dating and romance scams. The most popular target for these scams is those in the over 50 age group, comprising more than half the reported victims in Australia in the last year.Key Logger
A type of malware that monitors your keystrokes and sends them to another computer across the Internet. Scammers can use such malware to capture your passwords.Password manger applications provide some protection by reducing the number of times users must enter passwords, but they do not protect the user's login password.
Biometric devices (fingerprint scanners etc) can be used as an alternative form of authentication in some circumstances and will help avoid key logger malware. A good quality anti-malware suite will also help detect, neutralise and remove key loggers.
Malware
A very broad term used to describe any form of software, application, program or scripted code that is intended to adversely affect the confidentiality of your computer/smartphone/network/data, reduce the integrity of your services or data, or reduce the availability of your devices and services for legitimate use.Malware may be written to damage other software or hardware, steal data, passwords or services, remove the ability of the legitimate user to access their devices or data, or to generally attempt to deliver and perpetrate a scam against an unwitting user.
Phishing
This is a scamming mostly delivered via email, where masses of potential victims are sent the same or very similar emails in an attempt to trick the victims into contacting the scammers and revealing their credentials such as user names and passwords for banking or other accounts.Such emails will attempt to persuade the victim through either panic or fear, or through an opportunity, to release their details. For example, fake Victorian Government speeding notices attempt to rush the victim into contacting the scammers in fear of being taken to court, whilst the Nigerian prince type scams attempt to lure the victims in through the opportunity of wealth.
Such campaigns tend to have a low success rate against individual targets but are easily targeted against mass mailing lists, and therefore can be sent to thousands of potential victims at once. If only a small handful do fall for the ruse, the scammers will likely earn thousands from each victim.
Ransomware
Ransomware is a special type of malware. It is a form of attack where the user's data files (and in some cases the system files of the computer or device) are scrambled by an encryption algorithm rendering them useless to the user. Scammers will offer a digital key to decrypt the files for a cost - often in the order of several hundred dollars, effectively holding the user's data hostage. Failure to pay by a certain date may result in the files being permanently deleted.The best protection against Ransomware is to maintain regular offline backups of your system, maintain your operating system and applications with the latest security patches, and use a combined anti-malware/firewall product to prevent such attacks being delivered.
Spear-Phishing
This is a specific kind of selectively targeted phishing attack aimed at scamming very specific individuals. This is a common form of attack for nation-state affiliated groups who are attempting to target specific individuals who are expected to have access to state secrets, special top-secret computer system accesses, or extremely valuable economic/industrial information. Most of these attacks are linked to various espionage campaigns, and do not general target the average home user.Spyware
A type of malware that tracks internet usage and application actions. May report on the Internet pages a user visits, and the content that they click on. May leverage cookies to assist with tracking the user's activities.Some companies and websites may track your activities through cookies. This can be legitimised if the company involved asked you to accept terms and conditions that detailed their use of cookies - often under the guise of improving their services.
Many anit-malware suites will block or prevent spyware from functioning. Ad-blocker extensions and plugins for your web browser are also useful for defending against spyware.
Threat
A threat is a potential source for an attack or other hostile action. Threats are often general in nature and type, and not attributed to specific actors, rather identified as coming from a more loosely defined source. For example, if your company does business with western European governments, there may be a threat to your information systems from eastern-block governments – rather than identifying a specific eastern European government as the source.Threat Actor
A threat actor is a specific person, or organisation who is the source of a potential or current threat to your business and systems. For example, if your company does business with western European governments and you have known threats from eastern European governments who wish to spy on your activities, one of the threat actors who might be involved could be the Russian Government’s intelligence agency, the GRU – known in the cyber world as ‘Fancy Bear’.Vulnerability
A vulnerability is a flaw or weakness in part of a system that creates an opportunity for an attempted attack to succeed.Vulnerabilities can be fixed by maintaining your devices properly through regular updates to both the system software and all applications.
A decent firewall/anti-malware suite should also help to detect and address vulnerabilities.
No comments:
Post a Comment