11 essential hacking terms, defined
Summary
Time: 6 minute read
As a business professional, you too can ensure your awareness of major cybersecurity risks as they appear. Some of the simplest ways include reading IT trade journals, receiving business operations or IT newsletters, or following cybersecurity professionals/websites.
The challenge for many who don’t live in the world of cybersecurity, however, is that the security industry presumes that you already know the hacking terms discussed.
To help, we’ve assembled and updated this list of common terms so that you can be on the same page as the security professionals.
1. Malware
Malware, which is short for malicious software, is a generic term for any software that is designed to disrupt the operation of a computer with malicious intent. While many malware attacks are the result of stealthy attacks on the computer, others, such as the Lenovo SuperFish debacle, may simply be the result of vendors installing adware on computers that they ship to the public without being aware of potential issues.
2. Back door
A back-door attack is generally involves a piece of code intentionally left by the developer of the software or firmware that allows access without going through the normal security process. Back doors can also result from different malware or virus attacks that leave a way for remote, unsecured access into a device once the malicious code has been executed.
Subscribe to our newsletter
3. Denial of service (DoS)
Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks attempt to make network resources unavailable, usually by flooding the resource—often a website—with requests that can’t be properly serviced. A DDoS attack is usually accomplished by making use of a network of zombie computers, which are end-user systems that have been previously infected. A zombie computer may still function normally from the user’s perspective, while the DDoS attack occurs completely in the background.
4. Brute force attacks
There are three main types of brute force attacks: dictionary attacks, credential recycling, and reverse brute force attacks.
- A dictionary attack is maybe the most basic form that tries thousands, if not millions, of randomly generated passwords in an attempt to break password security. In a more sophisticated dictionary attack, the attacker will start with lists of probable passwords, removing randomness from the attack.
- Credential recycling is an attack that employs usernames and passwords captured from previous data breaches.
- Reverse brute force attacks take a common password, like “password”, and attempt to match a username to it. This is why password management is so important.
5. Logic bomb
A logic bomb is an attack that is triggered by a specific event. The infected computer or hacked code is waiting for a single event or combination of events to launch its attack. The best known of these attacks might have been the Michelangelo virus, which was supposed to attack millions of computers on March 6, 1992. The attacks remain devastating when they occur such as the South Korean logic bomb cyber attack of 2013 that wiped data from computers in the country's banking and broadcasting industries.
For most companies, the threat comes from the inside. An inside actor, like a disgruntled IT employee, inserts code that causes computers to fail. Often, the problems do not manifest all at once, but in a way that leaves the cause of the malfunction difficult to determine. For example, this happened at Siemans from 2014 through 2016.1
Social engineering attacks are aimed at the weakest part of any IT security system: the end user. These are attacks that attempt to trick the user into responding.
6. Man in the middle
A man in the middle attack requires that the connection between two computers be compromised. When it is, the “man in the middle” captures and relays the information being passed between the originator and the target in order to glean information from the data. Using secured authentication methods between computers – the type that repeatedly checks for an authentication signature – helps mitigate a man in the middle attack.
7. Phishing
Spear phishing attacks are more narrowly targeted than regular phishing attacks. These attacks pretend to be messages from trusted and recognizable sources, such as bank communications or your internal network resource. They aim to get you to respond to a message or link. This takes them outside of their protected network, making their computer susceptible to attack.
8. Ransomware
9. Social engineering
Social engineering attacks are aimed at the weakest part of any IT security system—the end user. These are attacks that attempt to trick the user into responding. The attack may ply on the user’s sympathy or link to something of interest (such as the famous Anna Kournikova attack in 2001). These attacks can be as straightforward as a simple phishing email, or more complex, involving cyberattacks or even interactions in the real world.
10. Visual hacking
Visual hacking is an in-person form of hacking that takes advantage of poor security on the part of end-users. When it comes to securing a work computer and physical workspace, a lack of employee training on cybersecurity best practices and actual execution of those best practices can leave key information easily accessible. For example, seeing logged-in, unattended computers, passwords taped to monitors, and sensitive corporate data left in plain sight on desks are common examples of lax security and visual hacking opportunities.
11. Zero-day attack
Bonus terms: Deep web and dark web
This bonus terms may not refer to a type of cyberattack, but they are relevant.
- The deep web refers to the part of the internet not indexed by Google. Cybercriminals may reside there but so also might legitimate – and legal – groups like a chess club that simply do not want to appear on Google.
- The dark web is a smaller part of the deep web. To access it, you need a special browser called Tor. Here cybercriminals certainly reside.
Stolen data and credentials pass through the dark web, like those stolen if you get hacked. This is why many businesses today turn to dark web monitoring through managed security services. It provides an added layer of cybersecurity for increased awareness and protection for your business.
IT professionals know they must be constantly vigilant in an ever-changing landscape. For more on cybersecurity best practices, especially for a remote workforce, check out our article, “Cybersecurity best practices for a remote workforce to protect your business.”
