Cyber Glossary

AntivirusSoftware that is designed to detect, stop and remove viruses and other kinds of malicious software
AppShort for Application, typically refers to a software program for a smartphone or tablet
Attack (Cyber Attack)Malicious attempts to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means
BitcoinOne of the most popular forms of Cryptocurrency
Black Hat (Hacker)A malicious hacker – often one who does so purely for the challenge rather than any gain
BooterUsed to implement a DoS or DDoS attack. Also known as a stresser
BotnetA network of infected devices, connected to the Internet, used to commit coordinated cyber-attacks without their owner’s knowledge
BrowserA software application which presents information and services from the web
Brute Force AttackUsing computational power to automatically enter a huge number of combination of values, usually in order to discover passwords and gain access
CertificateA form of digital identity for a computer, user of organisation to allow the authentication and secure exchange of information
Certified Ethical Hacker (CEH)A skilled professional who looks for weaknesses and vulnerabilities in target systems using the same knowledge and tools as a malicious hacker, but in a lawful and legitimate way
Closed SourceClosed Source data can only be legitimately accessed by those with permission to do so and generally belongs to a company or organisation. The opposite is Open Source.
CloudWhere shared computer and storage resources are accessed as an online service instead of hosted locally.
CryptocurrencyA digital asset in which encryption techniques are used to regulate the generation of units of ‘currency’ and verify the transfer of funds, operating independently of a central bank
Cyber SecurityThe protection of devices, services and networks — and the information on them — from theft or damage
Dictionary AttackA type of brute force attack in which the attacker uses known dictionary words, phrases or common passwords as their guesses
Denial of Service (DoS) Distributed DoS (DDoS)An attack involving the overloading of a website or web service (such as email) by bombarding it with multiple requests / data messages. If requests come from multiple origins simultaneously it is Distributed. Usually involves a botnet to carry out the attack. Stresser or booter software or websites may be used
Download Attack Drive-By DownloadThe unintentional installation of malicious software or virus onto a device without the user’s knowledge or consent. May also be known as a drive-by download
EncryptionA mathematical function that protects information by making it unreadable by everyone except those with the key to decode it.
Ethical HackerA computer hacker or computer security specialist, who specialises in penetration testing or other security testing. Also see Certified Ethical Hacker and White Hat Hacker
ExploitMay refer to software or data that takes advantage of a vulnerability in a system to cause unintended consequences
FirewallHardware or software which uses a defined rule set to constrain network traffic to prevent unauthorised access to or from a network
Grey Hat (Hacker)A computer hacker who may sometimes violate laws or typical ethical standards, but does not have the malicious intent typical of a black hat hacker and often does legitimate work
HackerSomeone with computer skills who uses them to break into computers, systems and networks (legitimately or not)
Honeypot HoneynetDecoy system or network to attract potential attackers that helps limit access to actual systems by detecting and deflecting or learning from an attack. Multiple honeypots form a honeynet
Internet of Things (IoT)Refers to the ability of everyday objects (rather than computers and devices) to connect to the Internet. Examples include kettles, fridges and televisions
Kali (Linux)A type of Linux operating system which is preconfigured with computer security tools. A favourite with Black Hat hackers too
KeyloggerMalware that once installed records all keystrokes from a keyboard and then send them back to the Cyber Attacker. Often reveals usernames, passwords, banking details
LinuxA free computer operating system, which can run on the same hardware as Microsoft Windows. Often used to run servers which run the internet and intranets
MacroA small program that can automate tasks in applications (such as Microsoft Office) which attackers can exploit to gain access to (or harm) a system
MalwareMalicious software – a term that includes viruses, trojans, worms or any code or content that could have an adverse impact on organisations or individuals
NetworkTwo or more computers linked in order to share resources
Open SourceOpen Source data is that which is freely available if you know how and where to look. The opposite is Closed Source. An Open Source researcher is trained to look for openly available data.
Penetration Testing Pentest / PentesterShort for penetration test. An authorised test of a computer network or system by a Pentester designed to look for security weaknesses so that they can be fixed
PharmingAn attack on network infrastructure that results in a user being redirected to an illegitimate website despite the user having entered the correct address
PhishingUntargeted, mass emails sent to many people asking for sensitive information (such as bank details) or encouraging them to visit a fake website. May result in the installation of Malware.
RansomwareMalicious software that makes data or systems unusable until the Victim makes a payment – usually in Bitcoin
RouterThe network device which allows multiple internet enabled devices to connect to other networks, usually over the internet
SmishingPhishing via SMS: mass text messages sent to users asking for sensitive information (e.g. bank details) or encouraging them to visit a fake website
Social EngineeringManipulating people into carrying divulging personal or technical information, or carrying out actions such as changing an email address, which is of use to a Cyber Attacker
Spear PhishingA more targeted form of phishing, where the email is designed to look like it’s from a person the recipient knows and/or trusts – such as someone in Management or from a finance department.
Stresser / StressorUsed to implement a DoS or DDoS attack. Also known as a booter
TrojanA type of malware or virus disguised as legitimate software. Often used to take remote control of a computer, or extract and send out confidential data
VirusPrograms which can self-replicate and are designed to infect legitimate software programs or systems. May be purely destructive or have other aims. A form of malware
Virtual Private Network (VPN)Software which creates an encrypted network to allow secure connections for remote users, e.g. in an organisation with offices in multiple locations or allows home working
VulnerabilityA weakness, or flaw, in software, a system or process. An attacker may seek to exploit a vulnerability to gain unauthorised access to a system
Water Holing Watering Hole AttackSetting up a fake website (or compromising a real one) in order to exploit visiting users
WhalingHighly targeted phishing attacks (masquerading as a legitimate emails) that are aimed at senior executives
White Hat (Hacker)An ethical computer hacker, or computer security specialist, who specialises in penetration testing or other security testing
WormA self-replicating, self-spreading and self-contained program that spreads across a network
Zero Day / 0DayRecently discovered vulnerabilities (or bugs), not yet known to vendors or antivirus companies, that Cyber Attackers can exploit