CYDEF created a comprehensive Glossary of Cybersecurity Terms to provide your team with the confidence to make secure, operational decisions about cybersecurity.
Security awareness is a key component to a comprehensive cybersecurity strategy. However, with attacks on the rise, so too is disinformation. This guide provides clear definitions of common attacks for your reference.
The Glossary is a perfect companion to the CYDEF blog, a resource that provides up-to-date analysis of cyber threats and risks.
Malicious Software
Malware: Software designed to cause harm to the computer running it or the network on which it resides.
Potentially unwanted Program, Potentially unwanted Application or Potentially unwanted Software (PuP, PuA or PuS):
Software that does not actively cause harm, but that performs actions against the user’s wishes or has deceptive business practices.
Adware: A class of PuP that shows disruptive ads to the user.
Bundler: A class of potentially unwanted program that installs (often without the user’s knowledge) additional software in order to get paid referral fees.
Trojan or Trojan Horse: A class of malware that disguises malicious functionality, often by bundling the malicious functionality in a legitimate program.
Backdoor: A class of malware that provides a hidden remote access.
RAT (Remote Access Tool or Remote Access Trojan): A class of malware that provides attackers with full remote control of a machine.
Botnet: A class of malware that forces a victim computer to join a group of machines executing remote commands from a botnet operator.
Virus or File Infector: A class of malware that propagates by corrupting other legitimate files when a corrupted file is opened.
Worm: A class of malware that self-propagates, usually through the use of a software vulnerability allowing execution of remote code.
Mass-mailer: A class of worm that propagates by mailing a copy of itself to the victim’s contacts instead of using a software vulnerability.
Module: A malware component that provides dedicated functionality and that is loaded on demand.
Stager: A specialized piece of malware that is very compact and whose functionality is limited to loading more complex malware components.
Downloader: A specialized piece of malware that is used only to download and run additional software, usually more malware components. Downloaders are often used as stagers.
Implant: In strict terms, this is a device used to collect signals intelligence. Additionally, it is often used to describe software with espionage capabilities or used with espionage intent.
Payload (in a malware context) or monetization payload: A module that is dropped by a malware operator to monetize a compromised machine.
Cybersecurity Defensive Solutions
Antivirus: Software designed to detect, prevent and/or remove malicious software.
Firewall: Hardware or software designed to prevent unauthorized network communications.
HIPS (Host-based Intrusion Prevention System): A system designed to run on an endpoint and detect if the system has been compromised. If compromised, the HIPS proceeds with automated remediation.
Internet Security Suite: A “software suite” designed for personal computers. The suite bundles a host-based firewall, anti-virus software, and sometimes includes a HIPS component.
EDR (Endpoint Detection and Response): Any security tool focused on detecting and investigating (or remediating) suspicious activity on endpoints.
MDR (Managed Detection and Response): A managed security service that detects and investigates (or remediates) cyber threats.
Spam-filter/Anti-spam: A system designed to filter out unsolicited and unwanted emails.
Zero-Trust (or Zero-Trust Architecture): A concept (most used for network architecture) that endpoints should not be trusted by default. Even if they are inside your corporate perimeter, they must provide additional proof of their trustworthiness to access resources.
Risk and Threats
Cyber Threat: A vector of harm, damage or loss involving computers or computer networks.
Vulnerability: In the larger sense, a software defect, or deficient process/behavior that gives a threat an opportunity to cause harm. In cybersecurity jargon, software vulnerabilities are often referred to as ‘vulnerability’.
Zero-day or 0-day: A vulnerability for which it has been zero (or less) days since a software patch is available. In other words, a vulnerability for which no security patch is available. The concept is sometimes stretched to refer to any threat for which no defensive measure exists. For example, a malware that was never seen before and for which no detection exists may be labelled a “0-day malware”.
Exploit (in the context of vulnerability): A piece of code that enables an attacker to trigger a vulnerability with the intent to cause harm.
Payload (in the context of software vulnerabilities): A piece of code that generates the harm once a software vulnerability has been triggered by an exploit.
RCE (Remote Code Execution): A class of vulnerability that enables attackers to run code on a victim machine for a remote computer. This is generally the most dangerous type of software vulnerability.
APT (Advanced Persistent Threat): A class of threat actors that use specialist techniques and that are determined to attack specific targets leading to a persistence in attempts at victimization. This is in contrast to commodity threats.
Commodity Threat: A class of threats that aims to steal widely available resources to show limited target selection preferences. For example, a credit card thief might not care about which specific credit card is stolen, so they will take whatever card is easier to steal.
Social Engineering: An attack technique where an attacker targets a psychological vulnerability in order to compel or trick legitimate users into self-harm.
Phishing: A social engineering technique where an attacker sends communication to a user pretending to be someone else with the intent to either trick the user into revealing their credentials or entice the user into running malicious software. The latter part can be done either by including the malicious software as an attachment, sending an attachment that triggers a software vulnerability or including a link to a website that will trigger a vulnerability or allow the download of the malicious attachment.
Spearphishing: A class of phishing where the victim has been targeted by the attacker and the social engineering lure has been customized to the victim.
Whaling or Harpooning: A class of spear phishing where the victim is a “big fish”, in particular executives or individuals with the ability to make large money transfers.
BEC (Business Email Compromise): A class of attack monetization where the attacker leverages the compromise of an email system to enable social engineering attacks aimed at soliciting money transfers. The most common technique used is the sending of fake invoices with altered banking information to trick customers into paying the attacker.