0mega

A ransomware group that works using a double extortion technique, demanding money as ransom.

Air Gap

An air-gapped backup is a copy of an organization's data that is offline and inaccessible through the network. Making it impossible for the backup data to be accessed and hacked or corrupted.

Antivirus

A program designed to protect the system against viruses and malware.

Attack Vector

The method used by a hacker to access a network or computer

Authenticator

A method for users to prove their identity to a system. It can be a password, multifactor authentication, fingerprint, or facial recognition.

Avaddon

A 'ransomware-as-a-service' ransomware model.

Backup

A copy of one or more files or systems is created as a copy of the original

Bianlian

Bianlian is a very sneaky file-encryption malware piece that is usually distributed with the help of email attachments, suspicious links, and infected web pages.

Black Basta

A ransomware group known for their double extortion attacks, threatening victims to pay a demanded ransom or risk having stolen data slowly leaked on a dedicated data leak site.

Black Hat Hacker

A hacker, who exploits vulnerabilities for personal gain.

BlackByte

A ransomware group that has been known to use phishing emails or exploit unpatched ProxyShell vulnerability in Microsoft Exchange Servers

BlackCat

Also know as ALPHV is a ransomware-as-a-service ransomware that was first seen at the end of 2021.

Blacklist

Term to describe a list containing disallowed items such as passwords, spam emails, websites, applications, etc. Whitelist, the opposite of Blacklist, contains everything that is allowed.

BlackMatter

A resurrected version of the DarkSide ransomware group.

Blue Team

A team that assesses network security and identifies possible vulnerabilities

Bot

Computer program that operates as an agent for a user to simulate human activity.

Breach

An incident in which computer data, systems, or networks are accessed or affected in an unauthorized way.

Bring Your Own Device

A company's strategy or policy that allows employees to use their own personal computers, cell phone devices for work purposes.

Brute Force Attack

A method used to obtain privileged information

Business Email Compromise

Email scam targeting a business.

Catfishing

An online scam where a person pretends to be someone else on the internet. People create fake profiles on social media or dating apps and other platforms.

Cheers

Cheers is a new ransomware group that targets vulnerable VMWare ESXi servers

Chopper

A downloader for other malware. It launches the destructive program.

Clop Ransomware

Part of the Cryptomix ransomware family is a file-encrypting virus that infects an unprotected system and encrypts the computers files by planting the. Clop extension.

Closed Source

Computer programs whose source code is not published except to licensees. It is available to be edited only by the individual or company that developed it and can be used by those licensed to use the software.

Cloud Access Security Broker

Software or hardware that is used to protect against cloud security risks

Cloud or Cloud Computing

On-demand access, via the internet, to computing resources

Conti

An extremely damaging ransomware software.

Cracker

An outdated term used to describe someone who broke into computer systems

Crypto-Jacking

To use people's devices without their consent or knowledge, to secretly mine cryptocurrency

Cyber

Of or relating to computers, typically used in technology with the combining form cyber-, as cyberterrorism, cyberwarfare, or cyberattack.

Cyber Incident

Unauthorized use of systems without the system owner's permission

Cyber Kill Chain

In a cyber-attack, it identifies vulnerabilities and helps the security team to stop the attacks.

Cyberattack

A malicious attempt to damage, disrupt or gain unauthorized access to computer systems, networks, or devices, via cyber means.

Cybersecurity

The protection of systems, devices, services, and networks, as well as the information on them from theft or damage.

DarkSide

A cybercriminal hacking group believed to be based in Eastern Europe

Data Aggregation

The process of collecting and presenting data in a summarized format

Data Encryption

A security method where information is encrypted and can only be accessed by using the correct encryption key

Data Loss Prevention

It is a strategy for preventing individuals who should not have access, from accessing sensitive information.

Data Protection

Safeguarding important information from corruption, compromise, or loss.

Denial of Service Attack

An attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target with a flood of Internet traffic.

Dictionary Attack

A brute force attack in which the attacker uses known dictionary words, phrases, or common passwords as their guesses to gain access to an unauthorized asset.

Digital Footprint

The 'footprint' of the digital information that a user's online activity leaves behind.

Digital Signature

A mathematical scheme for verifying the authenticity of digital messages or documents

Encryption

The process of encoding information

End-of-Life Systems

When the manufacturer no longer supports end-of-life systems. This means that they are no longer being updated with security patches. As a result, these systems are more vulnerable to attack.

Endpoint

A device that exists at the end of a network connection

Endpoint Detection and Response

Provides real-time continuous monitoring and the collection of endpoint data

Endpoint security

The subsect of security that deals with the devices at the end of a network connection.

Exploit

An attack on a computer system taking advantage of a particular vulnerability that the system offers to intruders. Exploit also refers to the act of successfully making such an attack.

Extended Detection and Response

An extended detection and response is a new approach to endpoint threat detection and response, providing correlation and normalization of massive amounts of data.

Firewall

Computer hardware or software security device helps protect the network.

FrizFrog

A form of peer-to-peer (P2P) malware.

Gh0st

Gh0st RAT (Remote Access Terminal) is a trojan remote access tool used on Windows platforms, and has been used to hack into some of the most sensitive computer networks.

GlobeImposter

A ransomware application that will encrypt files on a victim machine and demand payment to retrieve the information.

Green Team

They are the creators of the security system put themselves in the shoes of The Defender

Group Authenticator

Used in addition to a sign-on authenticator, a Group Authenticator may be used to allow access to specific data or functions that may be shared by all members of a designated group.

Hardening

The process of making a system or network more secure by reducing its vulnerability to attack.

Health Insurance Portability and Accountability Act

A federal law that required the creation of national standards to protect sensitive patient health information

Hermetic Wiper

A wiper malware that damages the master boot record making the device unable to boot the operating system.

HiveLeak

The ransomware was initially discovered in June 2021, specifically targeting Linux servers, providing faulty decryption tools to victims who pay the ransom, and using double extortion techniques against victims.

Honeypot

Computer or computer system intended to imitate the likely targets of cyberattacks

IceFire

IceFire is a harmful malware infection that encrypts victims' files and renders them inaccessible.

Identity Access Management

A sub-section of cybersecurity that deals with the access and identity check and control of the individual's privilege in the cloud.

Identity check

The process of verifying the identity of a person or device.

Incident Response Rlan

Documented method of approaching and managing situations resulting from IT security incidents or breaches.

Insider Threat

A threat to a company's data that is coming from someone within the organization, usually an employee or another company insider.

Internet of Things

Refers to the ability of everyday objects to connect to the internet. Examples include connected appliances, smart home security systems, and televisions.

Intrusion detection system

A system that allos organizations to instantly detect cyber attacks.

IP Address

A unique address for a device connected to the internet or a local network.

Jailbroken Mobile Device

Apple devices on which users bypass these restrictions to gain control of the OS.

KaraKurt

A threat actor that primarily uses VPN credentials to gain initial access to a victim's network.

Ke3chang Group

The threat group is believed to be operating out of China.

Keylogger

A program that records the keystrokes on a computer

Lapsus$

A group of cybercriminals who were known for their uncommon techniques and tendency to be dramatic

Lockbit

A threat actor that uses any method available to compromise a network.

Logging

Logging refers to collecting and storing data that can be used to identify and investigate cybersecurity incidents.

Lorenz

A ransomware group that has been targeting enterprise organizations worldwide, using a double extortion technique utilizing a data leak site ("DLS") to house victims' stolen and exposed data.

Malvertising

The use of online advertising as a delivery method for malware.

Malware

Malicious and intrusive software that is designed to damage and destroy endpoints and computer systems.

Mamba

Mamba is an example of HDD-encoding ransomware.

Man-in-the-Middle Attacks

A type of cybersecurity attack that allows the attackers to eavesdrop on the communication between two targets

Mespinoza

Mespinoza is a malicious software that encrypts data and blocks access to it unless a ransom is paid.

Mirai

A malware that turns networked devices running Linux into remotely controlled bots.

Mitigation

The steps for organizations and individuals take to address, eliminate, or minimize the risks posed by a cybersecurity threat.

Monitoring

An essential cybersecurity process that helps organizations detect and respond to cybersecurity incidents.

More_eggs

Malware that is used to create a backdoor in Windows-based operating systems.

Multi-Factor Authentication

Authentication method that requires the user to provide two or more verification factors to gain access.

Nerbian Rat

A complex malware with low complexity obfuscation, that was designed to affect as many systems as possible.

Netwalker

Netwalker is a ransomware that is performed through either vulnerability exploitation or spear phishing.

Nickel

A China-based threat actor who targets governments and non-governmental organizations (NGOs). Often work together with Ke3chang, APT15, and APT25

Night Sky

A malware that is designed to extort money by using blackmail.

Open Source

A program's source code that is free and readily available to the public.

Password Sniffing

A software application that scans and records passwords that are being used on a computer or network interface.

Patch

A Patch is a computer software update made up of code inserted into the code of an existing executable program.

Pentest

Pentest is short for penetration testing. It is a test of a computer network or system that is designed to look for security weaknesses so that they can be identified and remediated.

Personal Identifiable Information

Information that can be used by organizations on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.

Pharming

Pharming is an attack on network infrastructure that results in a user being redirected to an illegitimate website despite the user having entered the correct website address.

Phishing

A cyber-attack that uses disguised email as deception attempting to trick the email recipient into believing that the message is something they want or need.

Phobos

A ransomware virus that targets small and medium-sized organizations to encrypt their data and lock all files

Principle of Least Privilege

The security guideline is that a user should only have access to the system, tools, and data that is required for them to do their work

Privileged Access Management

Managing the access of elevated privileges to safeguard identities beyond that of regular users.

Purple Team

The Purple team is the team that in a cybersecurity testing exercise, takes on the role of both the red team and the blue team.

PYSA

Pysa is a variant of the strain known as Mespinoza and is Ransomware as a Service (RaaS) that the attackers sell access to.

Qakbot

Qakbot is a multi-component malware threat.

Quantum

This group is among the fastest ransomware groups due to the speed of its attacks, where some incidents have taken place within as little as 4 hours. The groups' victims tend to be in the financial and healthcare sectors, targeting them with an email containing an attachment or link to an ISO image.

Ransomcloud

A strain of ransomware that infiltrates cloud-based systems such as Microsoft 365 and Google Workspace to encrypt emails.

Ransomware

Ransomware is a type of malware that prevents you from using your computer or accessing certain computer files

Ransomware-as-a-Service

Ransomware as a Service is a business model in which individuals or organizations pay ransomware developers to deploy their software to infiltrate a company.

Red Team

In a cybersecurity testing exercise the red team is focused on penetration testing of different systems

RedAlert

RedAlert is ransomware that can spread via RDP configuration hacking, malicious emails, or botnets encrypting Windows and Linux VMWare ESXi servers.

Remote Desktop Protocol

It provides a user the ability to connect to another user's computer over a network connection.

Response Planning and Testing

A plan for how an organization will respond to a cybersecurity incident.

Risk Analytics

Examining each risk to the security of your organization’s information systems, devices, and data and prioritizing the potential threats.

Rootkit

A malicious software that allows an unauthorized user to have privileged access to a computer.

Secure Shell Protocol

It provides a secure, encrypted communication between two untrusted hosts over an unsecured network.

Shadow IT

Shadow IT is when applications and infrastructure are managed and utilized without the knowledge of the company's IT department.

Snatch

Snatch is a ransomware executable that forces a Windows machine to reboot into Safe Mode before beginning its encryption process.

Snatch

A high-risk malware infection categorized as ransomware

Social Engineering

Tricking people into divulging personal information or other confidential data via email or text

Sodinokibi

A ransomware program that encrypts files stored on a victim's computers and prevents people from accessing their files until they have paid a ransom.

Software as a Service

Software as a Service is a business model in which companies and consumers access centrally hosted software applications over the internet. Normally under a 'pay for the resources' used model.

Spear-Phishing

Spear-Phishing is a more targeted form of phishing, where an email is designed to look like it's from a person the recipient knows and trusts.

Spyware

A malicious software designed to enter your computer, gather information about you, and forward it to a third party without your consent.

Suncrypt

A ransomware that prevents victims from accessing files due to encryption of their files.

Trojan

A Trojan is a type of malicious code or software that looks legitimate but can take control of your computer.

Two-Factor Authentication

Two-factor authentication is the use of two different components to verify a user's identity. Also known as multi-factor authentication.

User and Entity Behavior Analytics

A software used to detect, identify and control the possibility of Insider Threats. It is not foolproof, and even with the software insider threats remain a huge problem.

Vice Society

Vice Society has been in the public eye since June 2021, mainly targeting small or mid-sized companies. They are known for breaching networks by exploiting known vulnerabilities on unpatched systems.

Virtual Private Network

A technology that extends a private network and all its encryption, security, and functionality across a public network.

Virus

A Virus is a type of malware that is aimed to infect and harm a file, a system, or a network.

Vulnerability

A vulnerability is a weakness, or flaw, in software, a system, or a process.

Vulnerability Assessment

A vulnerability assessment is the process of identifying any risks or vulnerabilities in computer networks, systems, hardware, and applications, within an IT environment.

Water-Holing

Whaling

Highly targeted phishing attacks, masquerading as a legitimate email, that are aimed at senior executives.

White Hat Hacker

White hat hack is an ethical Hacker who are cybersecurity specialists who test a system's security.

White Team

In a cybersecurity testing exercise, the white team oversees the cyber defense competition and referees the event.

Whitelist

Whitelist is a list containing allowed items such as passwords, spam emails, websites, applications, etc

Worm

A Worm is a malicious, self-replicating software program (also termed as 'malware') that affects the functions of software and hardware programs.

Yellow Team

It is the team responsible for developing the security system of an organization.

Zeppelin

A Zeppelin is a simple piece of code distributed as Ransomware as a Serice (RAAS)

Zero-Day

Zero-Day refers to a recently discovered vulnerability, that is not yet known to software vendors, EDR, or antivirus companies, that hackers can exploit.