Over 10 years we helping companies reach their financial and branding goals. Onum is a values-driven SEO agency dedicated.

LATEST NEWS
CONTACTS

Articles

LESSON FOUR

18 Essential Cyber Security Terms You Need To Know

  1. Anti-Spyware Software 

Anti-spyware software is used in detecting, blocking and/or removing spyware attempts.

Spyware is a type of software that seeks to gather your personal information, without your permission. It has the capability to take over your computer entirely! The information it collects is then sent to a third party without your consent.

There are 4 main types of spyware:

  • System Monitors
  • Trojans
  • Adware
  • Tracking Cookies 

Spyware is mainly used for tracking a user’s movements online and serving annoying and dangerous pop-up ads.

HOW YOU CAN GET INFECTED:

Your system can get infected with spyware if you visit certain websites, by pop-up messages that ask you to download an application or program (told you they’re evil!), through security holes in the browser or in other software, etc.

Usually, spyware is well hidden and it’s also difficult to observe. You might notice a spyware infection when the virus starts using your system’s resources and slows it down in a way that’ll make you really, really angry.

2. Antivirus Software

Antivirus software, sometimes called an anti-malware program (you can also call it AV if you want to show off), is computer software used to prevent, detect and remove malicious software.

Antivirus protects your computer from a large number of threats, such as ransomware, rootkits, Trojans, spyware, phishing attacks and botnets.

Without getting technical, let’s just say that the way antivirus scans for infections is not really coping with current threats. Cyber criminals are smart. Really, really smart! And their attacks are vicious, so just remember that antivirus is not enough and you need something more to keep you safe.

But that doesn’t mean you don’t need antivirus. YOU DO, trust me! But you need other stuff too and I’ll tell you more about that later on.

3. Cyber-Attack

A cyber-attack is classified as any type of offensive action used by cyber criminals to deploy malicious code in your system with the purpose of stealing, altering, destroying or taking any advantage from this action.

Cyber-attacks can target both people and things. ANYWHERE. ANYTIME.  Individual users, computer networks, information systems, IT infrastructure of all types and sizes – no one is safe! (And I’m not being dramatic about it.)

And smarter cyber criminals launch stronger attacks, which lead to worse consequences.

4. Drive-By Download   

A drive-by download can refer to 2 things:

  • A download which you authorized but without understanding the consequences (example: downloads which install an unknown or counterfeit executable program, ActiveX component, or Java applet).
  • The unintentional download of a virus or malicious software (malware) onto your computer or mobile device.

HOW YOU CAN GET INFECTED:

Drive-by downloads can happen when you visit a website, when reading an email or by clicking on a deceptive pop-up window.

These type of malicious downloads usually take advantage of (or “exploit”) a browser, an app, or an operating system that is out of date and has a security flaw that has not been solved or patched.

This is why it’s crucial to constantly maintain your software updated. (No worries, I’ll nag you about this along the way.)

5. Exploit

An exploit is a piece of software, a chunk of data, or a set of commands that takes advantage of a bug, glitch or vulnerability in order for malicious purposes.

Exploits can cause disruptions in the behavior of computer software, hardware, or something electronic (usually computerized).

HOW YOU CAN GET INFECTED:

By using exploits, cyber criminals can gain control of your computer.

After that, they can do pretty much what they want.

One of the ways to protect yourself from exploits is to keep your software updated at all times (told you I’d nag you about this!) and take all essential security measures (which I’ll show you in this course).

6. Keylogging     

Keylogging (also called keystroke logging) is a method that cyber criminals use to record (or log) the keys you strike on your keyboard in order to get confidential information about you.

Of course they do this in a concealed manner, so that you won’t know you are being monitored while typing passwords, addresses and other secret data on your keyboard as usual.

HOW YOU CAN GET INFECTED:

Keyloggers are usually used with malicious intentions, to steal passwords or credit card information.

Although many anti-spyware applications can detect some software based keyloggers and quarantine, disable or cleanse them, there is no solution that can claim to be 100% effective against this type of threat.

7. Malvertising  

Malvertising (short for “malicious advertising”) is the use of online advertising to spread malware.

Cyber criminals inject malicious or malware-loaded code into online advertising networks or legitimate websites, which then infect your systems through clicking, redirection or drive-by downloads.

Since online ads are managed by online advertising networks, even a legitimate website may host an infected web banner, although the website itself remains uncompromised. Some of the websites that have unknowingly hosted malvertising are The New York Times, the London Stock Exchange, Spotify, and The Onion.

HOW YOU CAN GET INFECTED:

Cyber criminals use pop-up ads, drive-by downloads, web widgets, hidden iframes, malicious banners, and third-party applications (example: forums, help desks, customer relationship management systems, etc.) to deliver malware. This is why malvertising is so wide-spread, affecting many users without their knowledge.

8. Malware

Malware (short for malicious software) is one of the terms you’ll hear most often when it comes to cyber security threats. The terms defines any software used by cyber criminals to:

  • disrupt computer operations,
  • gather sensitive information,
  • or unlawfully gain access to private computer systems.

Malware is characterized by its malicious intent, because it acts stealthily to steal your information or to spy on your computer for a long time, without your knowledge.

‘Malware’ is a general term used to refer to an entire category of malicious or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other harmful programs.

HOW YOU CAN GET INFECTED:

Malware is usually spread through executable code, scripts, active content, and other software. The major threat is poses comes from malware being disguised as, or embedded in, non-malicious files, such as .jpeg, .mpeg, .exe, .gif, .mp3 and many, many more.

You should definitely check out this list of 50+ File Extensions That Are Potentially Dangerous on Windows to get an even better idea of how malware can sneak into your system.

9. Patching          

Patching is the process of updating software to a different, newer version. A patch is a small update released by a software manufacturer to fix bugs in existing programs.

A patch can relate to features and usability, but is can also include security features.

Patching is essential for your online security, because it prevents cyber criminals from launching attacks using Zero Day viruses (definition at #18).

10. Phishing           

Phishing is (yet) another method that cyber criminals use in order to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by posing as a trustworthy entity in emails or other means of electronic communication.

Phishing is an example of social engineering techniques (definition at #12) used to deceive users, and exploits the poor usability aspects of current web security technologies.  

HOW YOU CAN GET INFECTED:

 A phishing email could seem that it legitimately comes from your bank, and could trick you into entering valid credentials on a fake website.

Phishing is done through emails, instant messaging apps or social media posts (on Facebook, Twitter, LinkedIn, etc.).

11. Ransomware

Ransomware is a form of malware that essentially holds a computer system captive while demanding a ransom.

This type of malware locks you out of your computer by either:

  • encrypting files on the hard drive
  • or locking down the system and displaying messages that extort you into paying the malware creator to remove the restrictions and regain access to their computer, usually via a key. The bad news is that the malware creator is the only one who knows the key.

HOW YOU CAN GET INFECTED:

Ransomware typically spreads like a normal computer worm (by replicating itself in order to spread to other computers), and it could infect your system via a downloaded file or through some other vulnerability in a network service.

The chances of retrieving your data are very slim, unless you’re willing to pay the ransom (which is why it’s crucial to have a back-up of your data in a secure location).

The malware creator will either supply a program which can decrypt the files, or he will send an unlock code that decrypts your data. But there is no guarantee that this will happen, even if you pay the requested ransom.

12. Social Engineering     

Social engineering is one of the most commonly used methods of cyber hacking, which requires little to no technology. It relies on psychological manipulation to persuade the victims to perform certain actions or divulge confidential information.

HOW YOU CAN BE COMPROMISED:

In this case, cyber criminals use lies, impersonation, tricks, bribes, blackmail, and threats (just like your ex) to attack information systems. Phishing (defined at #10) is also a form of social engineering.

For example, cyber criminals may pose as contractors, exterminators, fire marshals and technicians to go unnoticed as they steal your secrets or trick you into divulging confidential information about your company.

13. Spam  

We all know that spam is made of those pesky, unsolicited emails that clog our inboxes. But, in recent years, spam has spread to instant messaging apps, texting, blogs, forums, search engines, file sharing and social media.

HOW YOU CAN GET INFECTED:

While spam itself may not seem very dangerous, it sometimes carries malware, spreads viruses, worms and other types of threats, such as financial theft, identity theft, data and intellectual property theft, fraud, and deceptive marketing.

14. Trojan

A Trojan horse (commonly known as a Trojan) is a type of malware that conceals itself as a normal file or program to trick you into downloading and installing malware.

A Trojan can do many dangerous things to your system, like give cyber criminals unauthorized, remote access to your infected computer.

Once that happens, cyber criminals can:

  • steal data (logins, financial data, even electronic money),
  • install more malware, modify files,
  • monitor your activity (screen watching, keylogging, etc.),
  • use the computer in botnets (a collection of Internet-connected programs communicating with other similar programs in order to spread malware),
  • encrypt your files, like in the case of ransomware (defined at #11)
  • crash your computer
  • format your disks, destroying all the contents on your device, etc.

HOW YOU CAN GET INFECTED:

There are plenty of ways in which your system can become compromised by a Trojan:

  • through email attachments
  • software or music downloads
  • unsafe instant messages
  • peer 2 peer downloads
  • routine forms that need to be filled in
  • drive-by downloads, etc.

15. URL or Web Content Filtering

URL or web filtering technology is software which keeps you from accessing inappropriate websites or content or that prevents you from ending up in a dangerous web location (and by dangerous I mean malware-laden).

The software’s filter checks the origin or content of a web page against a set of rules provided by company or person who has installed the URL filter. If the web page has been blacklisted or marked as infected, it will deny access to that web location, blocking a potential cyber attack.

16. Virus (Computer Virus)

A computer virus (shortly called virus) is a type of malware (told you it would come up often!) capable of replicating itself and spreading to other computers and data files.

Viruses spread to other computers by attaching themselves to various programs and executing code when you launch one of those infected programs.

But they’re really sneaky, so they can also spread through script files, documents, and cross-site scripting vulnerabilities in web apps (defined at #17).

Viruses are also evil, because they can be used to steal information, harm your computers, log keystrokes (keylogging – defined at #6), create botnets, spam your contacts, steal your money, display political or humorous messages on your screen (the least of your worries), and more.

(Nasty stuff, I know!)

HOW YOU CAN GET INFECTED:

Viruses install themselves without your consent, because cyber criminals use social engineering (defined at #12) and exploit software bugs and vulnerabilities (defined at #17) to gain access to your computing resources.

Viruses can reside in executable files (.exe or .com files), in data files (Microsoft Word documents or PDFs), or in the boot sector of your hard drive. Or in a combination of all of these.

And the worst part is that some viruses are polymorphic, which means that the virus has no parts which remain identical between infections, making it very difficult to detect directly with an antivirus solution.

17. Vulnerability 

A cyber security vulnerability is a weakness which allows an attacker to undermine your system’s data security defenses.

A vulnerability appears at the intersection of 3 elements:

  1. a system susceptibility or flaw (example: your Java software hasn’t been updated to the latest version – seems pretty innocent, right?)
  2. attacker access to the flaw (example: you click on a malware-infected banner ad which delivers a download on your computer)
  3. and attacker capability to exploit the flaw (example:  now the cyber criminal has a way in, through that malicious download).

A vulnerability is just a pretense that a cyber criminal can use to launch a full scale attack on your system. He still needs the right tools for that, but they come in a large supply online and they’re cheap as well.

The way to protect yourself against vulnerabilities is to maintain your software updated at all times, and there are other tips & tricks I’ll share in the coming lessons as well.

18. Zero-Day Virus          

Now that you know what a vulnerability is, it’ll be easy to understand what a Zero-Day virus is.

Zero-Day viruses appear when cyber criminals discover a flaw in a piece of software (for example, in Adobe Air). They exploit that vulnerability, launching an attack that users can’t defend themselves against, for two simple reasons:

  • The flaw they exploit is attacked by launching a previously unknown computer virus or other malware
  • Antivirus programs rely upon signatures to identify malware, but the signature for this new breed of malware or virus is not in their database, because it’s new and hasn’t been sampled.

That is why antivirus software is not effective against Zero-Day viruses, and that why you need additional solutions to protect you from advanced attacks such as these.

HOW YOU CAN GET INFECTED:

The usual methods described beforehand work in this case as well:

  • drive-by downloads
  • malvertising
  • spam
  • through email attachments
  • software or music downloads
  • unsafe instant messages
  • peer 2 peer downloads
  • routine forms that need to be filled in, etc.

The difference is that, once you get infected, there’s very little you’ll be able to do to stop the infection and mitigate its effects.

Coming up in the next lesson (#5): It would take a hacker about 2 minutes to crack your passwords. But there’s something you can do about it!

This course is presented in partnership with Heimdal Security – a worldwide leader in enterprise and consumer cyber security solutions.

SCAMPROOF heimdal-logo-1-e1612979479333 LESSON FOUR

Share it on social media

Share on facebook
Facebook
Share on twitter
Twitter
Share on whatsapp
WhatsApp
Share on pinterest
Pinterest
Share on reddit
Reddit
Share on linkedin
LinkedIn
Social Proof Apps