The cybersecurity world is filled with technical lingo and jargon. At TechCrunch, we’ve been writing about cybersecurity for years, and even we generally want a refresher on what precisely a selected phrase or expression means. That’s why we’ve created this glossary, which incorporates a number of the most typical — and never so frequent — phrases and expressions that we use in our articles, and explanations of how, and why, we use them.
It is a creating compendium, and we’ll replace it often.
Superior persistent risk (APT)
A sophisticated persistent risk (APT) is usually categorized as a hacker, or group of hackers, which beneficial properties and maintains unauthorized entry to a focused system. The primary goal of an APT intruder is to stay undetected for lengthy durations of time, usually to conduct espionage and surveillance, to steal knowledge, or sabotage crucial programs.
APTs are historically well-resourced hackers, together with the funding to pay for his or her malicious campaigns, and entry to hacking instruments usually reserved by governments. As such, lots of the long-running APT teams are related to nation states, like China, Iran, North Korea, and Russia. Lately, we’ve seen examples of non-nation state cybercriminal teams which are financially motivated (equivalent to theft and cash laundering) finishing up cyberattacks related when it comes to persistence and capabilities as some conventional government-backed APT teams.
(See: Hacker)
The power to run instructions or malicious code on an affected system, usually due to a safety vulnerability within the system’s software program. Arbitrary code execution may be achieved both remotely or with bodily entry to an affected system (equivalent to somebody’s machine). Within the circumstances the place arbitrary code execution may be achieved over the web, safety researchers usually name this distant code execution.
Typically, code execution is used as a approach to plant a again door for sustaining long-term and protracted entry to that system, or for working malware that can be utilized to entry deeper components of the system or different gadgets on the identical community.
(See additionally: Distant code execution)
Botnets are networks of hijacked internet-connected gadgets, equivalent to webcams and residential routers, which were compromised by malware (or generally weak or default passwords) for the needs of being utilized in cyberattacks. Botnets may be made up of tons of or hundreds of gadgets and are usually managed by a command-and-control server that sends out instructions to ensnared gadgets. Botnets can be utilized for a spread of malicious causes, like utilizing the distributed community of gadgets to masks and defend the web site visitors of cybercriminals, ship malware, or harness their collective bandwidth to maliciously crash web sites and on-line companies with enormous quantities of junk web site visitors.
(See additionally: Command-and-control server; Distributed denial-of-service)
A bug is actually the reason for a software program glitch, equivalent to an error or an issue that causes the software program to crash or behave in an surprising method. In some circumstances, a bug can be a safety vulnerability.
The time period “bug” originated in 1947, at a time when early computer systems had been the dimensions of rooms and made up of heavy mechanical and transferring tools. The primary identified incident of a bug present in a pc was when a moth disrupted the electronics of one in all these room-sized computer systems.
(See additionally: Vulnerability)
Command-and-control servers (also referred to as C2 servers) are utilized by cybercriminals to remotely handle and management their fleets of compromised gadgets and launch cyberattacks, equivalent to delivering malware over the web and launching distributed denial-of-service assaults.
(See additionally: Botnet; Distributed denial-of-service)
Cryptojacking is when a tool’s computational energy is used, with or with out the proprietor’s permission, to generate cryptocurrency. Builders generally bundle code in apps and on web sites, which then makes use of the machine’s processors to finish advanced mathematical calculations wanted to create new cryptocurrency. The generated cryptocurrency is then deposited in digital wallets owned by the developer.
Some malicious hackers use malware to intentionally compromise massive numbers of unwitting computer systems to generate cryptocurrency on a big and distributed scale.
Once we speak about knowledge breaches, we in the end imply the improper elimination of information from the place it ought to have been. However the circumstances matter and may alter the terminology we use to explain a specific incident.
A knowledge breach is when protected knowledge was confirmed to have improperly left a system from the place it was initially saved and often confirmed when somebody discovers the compromised knowledge. Most of the time, we’re referring to the exfiltration of information by a malicious cyberattacker or in any other case detected because of an inadvertent publicity. Relying on what is understood in regards to the incident, we might describe it in additional particular phrases the place particulars are identified.
(See additionally: Knowledge publicity; Knowledge leak)
A knowledge publicity (a kind of information breach) is when protected knowledge is saved on a system that has no entry controls, equivalent to due to human error or a misconfiguration. This would possibly embrace circumstances the place a system or database is related to the web however with no password. Simply because knowledge was uncovered doesn’t imply the information was actively found, however however may nonetheless be thought-about a knowledge breach.
A knowledge leak (a kind of information breach) is the place protected knowledge is saved on a system in a method that it was allowed to flee, equivalent to because of a beforehand unknown vulnerability within the system or by the use of insider entry (equivalent to an worker). A knowledge leak can imply that knowledge may have been exfiltrated or in any other case collected, however there might not at all times be the technical means, equivalent to logs, to know for certain.
A distributed denial-of-service, or DDoS, is a form of cyberattack that includes flooding targets on the web with junk internet site visitors so as to overload and crash the servers and trigger the service, equivalent to a web site, on-line retailer, or gaming platform to go down.
DDoS assaults are launched by botnets, that are made up of networks of hacked internet-connected gadgets (equivalent to dwelling routers and webcams) that may be remotely managed by a malicious operator, often from a command-and-control server. Botnets may be made up of tons of or hundreds of hijacked gadgets.
Whereas a DDoS is a type of cyberattack, these data-flooding assaults usually are not “hacks” in themselves, as they don’t contain the breach and exfiltration of information from their targets, however as a substitute trigger a “denial of service” occasion to the affected service.
(See additionally: Botnet; Command-and-control server)
Encryption is the way in which and means by which data, equivalent to recordsdata, paperwork, and personal messages, are scrambled to make the information unreadable to anybody apart from to its meant proprietor or recipient. Encrypted knowledge is often scrambled utilizing an encryption algorithm — basically a set of mathematical formulation that determines how the information ought to be encrypted — together with a personal key, equivalent to a password, which can be utilized to unscramble (or “decrypt”) the protected knowledge.
Almost all fashionable encryption algorithms in use right this moment are open supply, permitting anybody (together with safety professionals and cryptographers) to assessment and test the algorithm to ensure it’s freed from faults or flaws. Some encryption algorithms are stronger than others, which means knowledge protected by some weaker algorithms may be decrypted by harnessing massive quantities of computational energy.
Encryption is completely different from encoding, which merely converts knowledge into a unique and standardized format, often for the advantage of permitting computer systems to learn the information.
Finish-to-end encryption (or E2EE) is a safety function constructed into many messaging and file-sharing apps, and is extensively thought-about one of many strongest methods of securing digital communications as they traverse the web.
E2EE scrambles the file or message on the sender’s machine earlier than it’s despatched in a method that enables solely the meant recipient to decrypt its contents, making it near-impossible for anybody — together with a malicious hacker, and even the app maker — to snoop inside on somebody’s non-public communications. Lately, E2EE has change into the default safety customary for a lot of messaging apps, together with Apple’s iMessage, Fb Messenger, Sign, and WhatsApp.
E2EE has additionally change into the topic of governmental frustration lately, as encryption makes it unattainable for tech firms or app suppliers to present over data that they themselves shouldn’t have entry to.
Most fashionable programs are protected with a number of layers of safety, together with the flexibility to set consumer accounts with extra restricted entry to the underlying system’s configurations and settings. This prevents these customers — or anybody with improper entry to one in all these consumer accounts — from tampering with the core underlying system. Nevertheless, an “escalation of privileges” occasion can contain exploiting a bug or tricking the system into granting the consumer extra entry rights than they need to have.
Malware can even reap the benefits of bugs or flaws attributable to escalation of privileges by gaining deeper entry to a tool or a related community, probably permitting the malware to unfold.
An exploit is the way in which and means by which a vulnerability is abused or taken benefit of, often so as to break right into a system.
(See additionally: Bug; Vulnerability)
There isn’t a one single definition of “hacker.” The time period has its personal wealthy historical past, tradition, and which means inside the safety group. Some incorrectly conflate hackers, or hacking, with wrongdoing.
By our definition and use, we broadly seek advice from a “hacker” as somebody who’s a “breaker of issues,” often by altering how one thing works to make it carry out in a different way so as to meet their goals. In apply, that may be one thing so simple as repairing a machine with non-official components to make it perform in a different way as meant, or work even higher.
Within the cybersecurity sense, a hacker is often somebody who breaks a system or breaks the safety of a system. That could possibly be something from an internet-connected laptop system to a easy door lock. However the particular person’s intentions and motivations (if identified) matter in our reporting, and guides how we precisely describe the particular person, or their exercise.
There are moral and authorized variations between a hacker who works as a safety researcher, who’s professionally tasked with breaking into an organization’s programs with their permission to determine safety weaknesses that may be mounted earlier than a malicious particular person has an opportunity to take advantage of them; and a malicious hacker who beneficial properties unauthorized entry to a system and steals knowledge with out acquiring anybody’s permission.
As a result of the time period “hacker” is inherently impartial, we usually apply descriptors in our reporting to offer context about who we’re speaking about. If we all know that a person works for a authorities and is contracted to maliciously steal knowledge from a rival authorities, we’re more likely to describe them as a nation-state or authorities hacker (or, if applicable, an superior persistent risk), for instance. If a gang is understood to make use of malware to steal funds from people’ financial institution accounts, we might describe them as financially motivated hackers, or if there may be proof of criminality or illegality (equivalent to an indictment), we might describe them merely as cybercriminals.
And, if we don’t know motivations or intentions, or an individual describes themselves as such, we might merely seek advice from a topic neutrally as a “hacker,” the place applicable.
(Additionally see: Superior persistent risk; Unauthorized)
Brief for “data safety,” an alternate time period used to explain defensive cybersecurity centered on the safety of information and knowledge. “Infosec” could also be the popular time period for trade veterans, whereas the time period “cybersecurity” has change into extensively accepted. In fashionable instances, the 2 phrases have change into largely interchangeable.
Jailbreaking is utilized in a number of contexts to imply the usage of exploits and different hacking methods to bypass the safety of a tool, or eradicating the restrictions a producer places on {hardware} or software program. Within the context of iPhones, for instance, a jailbreak is a way to take away Apple’s restrictions on putting in apps exterior of its “walled backyard” or to realize the flexibility to conduct safety analysis on Apple gadgets, which is often extremely restricted. Within the context of AI, jailbreaking means determining a approach to get a chatbot to give out data that it’s not speculated to.
Malware is a broad umbrella time period that describes malicious software program. Malware can land in lots of varieties and be used to take advantage of programs in numerous methods. As such, malware that’s used for particular functions can usually be known as its personal subcategory. For instance, the kind of malware used for conducting surveillance on individuals’s gadgets can also be known as “adware,” whereas malware that encrypts recordsdata and calls for cash from its victims known as “ransomware.”
(See additionally: Ransomware; Spyware and adware)
Metadata is data about one thing digital, somewhat than its contents. That may embrace particulars in regards to the dimension of a file or doc, who created it, and when, or within the case of digital pictures, the place the picture was taken and details about the machine that took the picture. Metadata might not determine the contents of a file, however it may be helpful in figuring out the place a doc got here from or who authored it. Metadata can even seek advice from details about an change, equivalent to who made a name or despatched a textual content message, however not the contents of the decision or the message.
Ransomware is a kind of malicious software program (or malware) that forestalls machine homeowners from accessing its knowledge, usually by encrypting the particular person’s recordsdata. Ransomware is often deployed by cybercriminal gangs who demand a ransom fee — often cryptocurrency — in return for offering the non-public key to decrypt the particular person’s knowledge.
In some circumstances, ransomware gangs will steal the sufferer’s knowledge earlier than encrypting it, permitting the criminals to extort the sufferer additional by threatening to publish the recordsdata on-line. Paying a ransomware gang is not any assure that the sufferer will get their stolen knowledge again, or that the gang will delete the stolen knowledge.
One of many first-ever ransomware assaults was documented in 1989, by which malware was distributed by way of floppy disk (an early type of detachable storage) to attendees of the World Well being Group’s AIDS convention. Since then, ransomware has advanced into a multi-billion greenback prison trade as attackers refine their ways and hone in on big-name company victims.
(See additionally: Malware)
Distant code execution refers back to the capability to run instructions or malicious code (equivalent to malware) on a system from over a community, usually the web, with out requiring any human interplay from the goal. Distant code execution assaults can vary in complexity however may be extremely damaging when vulnerabilities are exploited.
(See additionally: Arbitrary code execution)
A broad time period, like malware, that covers a spread of surveillance monitoring software program. Spyware and adware is often used to seek advice from malware made by non-public firms, equivalent to NSO Group’s Pegasus, Intellexa’s Predator, and Hacking Crew’s Distant Management System, amongst others, which the businesses promote to authorities companies. In additional generic phrases, all these malware are like distant entry instruments, which permits their operators — often authorities brokers — to spy and monitor their targets, giving them the flexibility to entry a tool’s digital camera and microphone or exfiltrate knowledge. Spyware and adware can also be known as business or authorities adware, or mercenary adware.
(See additionally: Stalkerware)
Stalkerware is a form of surveillance malware (and a type of adware) that’s often bought to peculiar customers below the guise of kid or worker monitoring software program however is usually used for the needs of spying on the telephones of unwitting people, oftentimes spouses and home companions. The adware grants entry to the goal’s messages, location, and extra. Stalkerware usually requires bodily entry to a goal’s machine, which supplies the attacker the flexibility to put in it instantly on the goal’s machine, actually because the attacker is aware of the goal’s passcode.
(See additionally: Spyware and adware)
What are you attempting to guard? Who’re you nervous about that would go after you or your knowledge? How may these attackers get to the information? The solutions to those sorts of questions are what’s going to lead you to create a risk mannequin. In different phrases, risk modeling is a course of that a company or a person has to undergo to design software program that’s safe, and devise methods to safe it. A risk mannequin may be centered and particular relying on the state of affairs. A human rights activist in an authoritarian nation has a unique set of adversaries, and knowledge, to guard than a big company in a democratic nation that’s nervous about ransomware, for instance.
Once we describe “unauthorized” entry, we’re referring to the accessing of a pc system by breaking any of its safety features, equivalent to a login immediate or a password, which might be thought-about unlawful below the U.S. Laptop Fraud and Abuse Act, or the CFAA. The Supreme Courtroom in 2021 clarified the CFAA, discovering that accessing a system missing any technique of authorization — for instance, a database with no password — shouldn’t be unlawful, as you can not break a safety function that isn’t there.
It’s price noting that “unauthorized” is a broadly used time period and infrequently utilized by firms subjectively, and as such has been used to explain malicious hackers who steal somebody’s password to interrupt in via to incidents of insider entry or abuse by workers.
Digital non-public community (VPN)
A digital non-public community, or VPN, is a networking expertise that enables somebody to “just about” entry a personal community, equivalent to their office or dwelling, from anyplace else on the earth. Many use a VPN supplier to browse the online, pondering that this may also help to keep away from on-line surveillance.
TechCrunch has a skeptics’ information to VPNs that may show you how to determine when you assume a VPN is smart for you. If it does, we’ll present you how you can arrange your personal non-public and encrypted VPN server that solely you management. And when you don’t, we discover a number of the privateness instruments and different measures you possibly can take to meaningfully enhance your privateness on-line.
A vulnerability (additionally known as a safety flaw) is a kind of bug that causes software program to crash or behave in an surprising method that impacts the safety of the system or its knowledge. Typically, two or extra vulnerabilities can be utilized together with one another — often known as “vulnerability chaining” — to realize deeper entry to a focused system.
(See additionally: Bug; Exploit)
A zero-day is a selected kind of safety vulnerability that has been publicly disclosed or exploited however the vendor who makes the affected {hardware} or software program has not been given time (or “zero days”) to repair the issue. As such, there could also be no instant repair or mitigation to forestall an affected system from being compromised. This may be significantly problematic for internet-connected gadgets.
(See additionally: Vulnerability)
Up to date on September 25 so as to add a number of new entries, and once more on October 3.
Add Comment