Glossary
Glossary of the main cyber security terms.
Very common. An attacker will send an email designed to look genuine or even like it’s from someone you know. The attachment is invariably bad news, designed to attack your computer in some way. Examples would be;
An email from a courier company asking you open the attached invoice.
An email from HMRC explaining you have a tax refund and can you ‘please read the attached’.
The point of the attack is to persuade the user to surrender confidential information such as usernames, passwords, credit card details etc.
If directed to a website via an email then it’s always a good idea to look at the URL at the top of the page. For instance if directed to HMRC then you would expect to see something like taxclaim.hmrc.gov.uk and not hmrc.taxclaim.com
Further info can be found from clicking the following links;
• How to avoid Phishing Attacks – National Centre for Cyber Security
• Wikipedia – Phishing
• Microsoft – How to recognise phishing emails and messages
Malware is usually installed from browsing around web sites although it can also be delivered via email. It usually needs be installed consciously, ie ‘Click here to install Yahoo search into your toolbar’ or ‘Click here to install our AntiVirus software’ are the more honest methods but it can also be secreted in a download link or as an email attachment. Malware is usually (but not always) harmless, being more of an irritant in making your web browser do things that you didn’t actually ask it to do – using a non standard search engine for instance. Malware sweeps should be done regularly of course. Not all Malware is harmless, Ransomware attacks and keystroke recorders are both forms of Malware. The name is derived from the term ‘Malicious Software’ and is an umbrella for a variety of different types of intrusive software including viruses, worms, Trojan Horses, Spyware and Adware. Usually easily removed by using tools freely available on the internet (Malware Bytes for instance)
Further info can be found from the following links;
Wikipedia – Malware
Malware Bytes – Removal Software
This is one of the attacks that most people will have heard of, certainly one of the most invasive. Usually propagated via email attachment (although an un-patched internet facing server will also be vulnerable). Once infected the virus will firstly try to replicate across the local network and then proceed to encrypt data on the local drive and any other drive it has access to.
The user sometimes gets a screen message advising the data has been encrypted with advice on methods of decryption, however there is actually no way to obtain a decryption key. Similar to ransomware but much worse in that once the data is encrypted there isn’t actually a way to recover other than deletion and restore.
The attack is purely malicious.
Denial of Service (DoS) attacks aren’t actually designed to steal Data. They are, however, extremely effective in denying access to a particular website. Websites are designed to service traffic requests, an attacker simply generates thousands of web requests and fires them off at the target site. The volume of requests denies service to genuine queries. A Dos attack can be effectively dealt with by programming the sites router to drop all traffic from the originator meaning the requests never actually reach the server. In response to this defence hackers developed the Distributed Denial of Service attack. The attackers code is distributed about the internet using malware. When the attack commences all infected computers send thousands of web requests to the target server. Because the traffic is coming from many more sources then filtration and thereby defence against a DDoS attack is much more difficult.
SQL is the predominant database and database query language used today. There are known vulnerabilities with SQL which can be used to exploit a Database server into divulging Data it otherwise would not. The really dangerous point with an SQL injection attack is that unlike the methods mentioned above it is a targeted attack on a specific server. A hacker will typically use 1 type of attack and if that doesn’t yield results then they will move on to another type of attack. Sadly the internet allows hackers to share newly discovered vulnerabilities almost instantaneously. The best defence here is to keep SQL and the core operating system up to date with latest patches and fixes.
Cross Site Scripting (XSS) is again more dangerous in terms of a particular site being targeted. Rather than the actual site being the victim though the target of an XSS hack is actually the sites users or visitors. The attack can vary in complexity, the most simple, for example, being to hide a Javascript link in a Blog entry. More complex attack may actually compromise the sites actual html code. Although the actual site isn’t the target the sites reputation can of course take serious damage should it become compromised.
Probably the most invasive of all current viruses and attacks. The first half of 2016 saw a threefold increase over the whole of 2015 and 2017 will see RansomWare attacks increase yet again. RansomWare, once installed, will usually encrypt the hard drive and lock the computer with a splash screen advising the data has been encrypted and demanding a payment (the ransom). Payments have in the past been inexpensive but there is no guarantee that once payment has been made the required decryption key will actually be sent. Payment is almost always by an untraceable Cryptocurrency (ie bitcoin but there are others). RansomWare almost always targets Windows operating systems but Mac and Linux variants have been reported.
• Wikipedia – RansomWare
• Microsoft – RansomWare FAQ
• National Cyber Secure Centre – Ransomware