Time: 6 minute read
Savvy IT professionals know that their networks and security are under a constant barrage of cyberattacks.
As a business professional, you, too, can ensure that you are aware of significant cybersecurity risks as they appear.
However, the challenge for many who don’t live in a world of cybersecurity is that the security industry presumes that you already know the hacking terms discussed.
To help, we’ve assembled and updated this list of standard hacking terms to keep you on the same page as the security professionals.
Malware, which is short for malicious software, is a generic term for any software designed to disrupt a computer’s operation with malicious intent. While many malware attacks result from stealthy attacks on the computer, others, such as the Lenovo SuperFish debacle, may simply result from vendors installing adware on computers that they ship to the public without being aware of potential issues.
2. Back door
A back-door attack generally involves a piece of code intentionally left by the software developer or firmware that allows access without going through the standard security process. Back doors can also result from different malware or virus attacks that leave a way for remote, unsecured access to a device once the malicious code has been executed.
3. Denial of Service (DoS)
Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks attempt to make network resources unavailable, usually by flooding the resource—often a website—with requests that can’t be adequately serviced. A DDoS attack is usually accomplished by using a network of zombie computers, which are end-user systems previously infected. A zombie computer may still function normally from the user’s perspective, while the DDoS attack occurs entirely in the background.
4. Brute force attacks
There are three main types of brute force attacks: dictionary attacks, credential recycling, and reverse brute force attacks.
- A dictionary attack is maybe the most basic form that tries thousands, if not millions, of randomly generated passwords to break password security. In a more sophisticated dictionary attack, the attacker will start with lists of probable passwords, removing randomness from the attack.
- Credential recycling is an attack that employs usernames and passwords captured from previous data breaches.
- Reverse brute force attacks take a shared password, like “password”, and attempt to match a username to it. This is why password management is so important.
5. Logic bomb
A logic bomb is an attack that is triggered by a specific event. The infected computer or hacked code waits for a single event or combination of events to launch its attack. The best known of these attacks might have been the Michelangelo virus, which was supposed to attack millions of computers on March 6, 1992. The attacks remain devastating when they occur, such as the South Korean logic bomb cyber-attack of 2013 that wiped data from computers in the country’s banking and broadcasting industries.
For most companies, the threat comes from the inside. Like a disgruntled IT employee, an inside actor inserts code that causes computers to fail. Often, the problems do not manifest all at once but in a way that leaves the cause of the malfunction challenging to determine. For example, this happened at Siemans from 2014 through 2016.
Social engineering attacks are aimed at the weakest part of any IT security system: the end-user. These are attacks that attempt to trick the user into responding.
6. Man in the middle
A man-in-the-middle attack requires that the connection between two computers be compromised. When it is, the “man in the middle” captures and relays the information being passed between the originator and the target to glean information from the data. Using secured authentication methods between computers – the type that repeatedly checks for an authentication signature – helps mitigate a man-in-the-middle attack.
Phishing is the most common type of attack. Those social engineering messages from a Nigerian princess or global lotteries tell you that you now have access to untold riches—but only if you complete certain steps, which can range from filling out online forms to directly sending people money. Another type of phishing scheme pretends to be from a trusted friend. If you look closely at the actual email address, you’ll see it’s not. What happened? Their computer – and address book – were compromised by a virus and then used to get you to click on the link.
Spear phishing attacks are more narrowly targeted than regular phishing attacks. These attacks are messages from trusted and recognizable sources, such as bank communications or your internal network resource. They aim to get you to respond to a message or link. If you do, you are taken outside your protected network, making your computer susceptible to attack.
Ransomware is a malicious program that infects a single computer or network of computers and encrypts the data, making the device inaccessible. Once infected, the cybercriminals behind the infection deliver their demands – typically a ransom the infected organization must pay if they want to use their device(s) again. Cryptolocker is one famous example of ransomware.
9. Social engineering
Social engineering attacks are aimed at the weakest part of any IT security system—the end-user. These are attacks that attempt to trick the user into responding. The attack may ply on the user’s sympathy or link to something of interest (the famous Anna Kournikova attack in 2001). These attacks can be as straightforward as a simple phishing email or more complex, involving cyberattacks or even interactions in the real world.
10. Visual hacking
Visual hacking is an in-person form of hacking that takes advantage of poor security from end-users. When securing a work computer and physical workspace, a lack of employee training on cybersecurity best practices and executing those best practices can leave essential information easily accessible. For example, seeing logged-in, unattended computers, passwords taped to monitors, and sensitive corporate data left in plain sight on desks are typical examples of lax security and visual hacking opportunities.
11. Zero-day attack
A zero-day attack or zero-day exploit is simply using a previously undiscovered flaw in an application or operating system that can be exploited to gain access to or control system resources. The term zero-day refers to the fact that it is the day on which the attack or exploit was first identified.