11 essential hacking terms, defined

by David Chernicoff

Summary

Explanation of 11 types of hacking

Time: 5 minute read

Any savvy IT professional is well-aware of the innumerable attacks going on against his/her network and system security.

By subscribing to a few newsletters and reading the trade websites, it’s within anyone’s reach to learn about vulnerabilities as they appear. But the security industry presumes that you already know the hacking terms being discussed when they describe what types of attacks are appearing.

If you’re entirely new to IT, or are just feeling rusty on your hacking terms, here’s a list of common terms so that you can be sure that you and the security pros are on the same page.

1. Malware

Malware, which is short for malicious software, is a generic term for any software that is designed to disrupt the operation of a computer with a malicious intent. While some recent malware attacks are the result of stealthy attacks on the computer (e.g., Cryptolocker, which encrypted the data on the infected computer and then attempted to extort payment for the key to the encryption), others, such as the Lenovo SuperFish debacle, may simply be the result of vendors installing adware on computers that they ship to the public without being aware of potential issues.

2. Back door

A back door is generally a piece of code intentionally left by the developer of the software or firmware that allows access without going through the normal security process. Back doors may also be the result of different malware/virus attacks that leave a method for remote, unsecured access into a device once the malicious code has been executed.

Subscribe to our newsletter

3. Denial of service (DDoS)

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are attempts to make network resources unavailable, usually by flooding the resource—often a website—with requests that can’t be properly serviced. A DDoS attack is usually accomplished by making use of a network of zombie computers, which are end user systems that have been previously infected. A zombie computer may still function normally from the user’s perspective, while the DDoS attack occurs completely in the background.

4. Dictionary attack

A dictionary attack is a more sophisticated form of the brute force password attack, where thousands, if not millions, of randomly generated passwords are attempted in order to break password security. In the dictionary attack, the attacker starts with lists of probable passwords, removing some of the random element of the brute force attack.

5. Logic bomb

A logic bomb is an attack that is triggered by a specific event. The infected computer or hacked code is waiting for a single event or combination of events to launch its attack. The best known of these attacks might have been the Michelangelo virus, which was supposed to attack millions of computers on March 6, 1992.

Social engineering attacks are aimed at the weakest part of any IT security system: the end user. These are attacks that attempt to trick the user into responding.

6. Man in the middle

The man in the middle attack requires that the connection between two computers be compromised. This man in the middle captures and relays the information being passed between the originator and the target in order to glean information from the data. Using secure authentication methods between computers, which repeatedly check for an authentication signature of some sort, will mitigate the man in the middle attack.

7. Phishing

Phishing is the most common type of attack. It’s those social engineering messages from a Nigerian princess or global lotteries that tell you that you now have access to untold riches—but only if you complete certain steps, which can range from filling out online forms to directly sending people money. The email usually pretends to be from a trusted source like a friend (who has actually had their computer compromised by a virus that uses their address book).

8. Spear phishing

Spear phishing attacks are more narrowly targeted than regular phishing attacks. These attacks pretend to be messages from trusted and recognizable sources, such as bank communications or your internal network resource, to get the user to respond to a message or link. This takes them outside of their protected network, making their computer susceptible to attack.

Know what types of attacks are out there

Stay informed about attacks against network and system security

9. Social engineering

Social engineering attacks are aimed at the weakest part of any IT security system—the end user. These are attacks that attempt to trick the user into responding. The attack may ply on the user’s sympathy, or link to something of interest (such as the famous Anna Kournikova attack in 2001).These attacks can be as straightforward as a simple phishing email, or more complex, involving computer-based efforts as well as interactions in the real world.

10. Visual hacking

Visual hacking is an in-person form of hacking that takes advantage of poor security on the part of end users. When it comes to securing a work computer and physical workspace, few employees take good care not to leave information up on their screens or around their desks. Taking a walk through a large company will often reveal unattended computers still logged into networks, passwords taped to monitors, and sensitive corporate data left in plain sight on desks.

11. Zero-day attack

One of the most common terms you will hear, a zero-day attack or zero-day exploit, is simply the use of a previously undiscovered flaw in an application or operating system that can be exploited to gain access to or control system resources. The term zero-day refers to the fact that it is the day on which the attack or exploit was first identified.

IT professionals need to be constantly vigilant to a changing landscape. Regardless of your industry, follow trends in IT across sectors and stay informed.