The cybersecurity world is filled with technical lingo and jargon. At TechCrunch, we’ve got been writing about cybersecurity for years, and even we typically want a refresher on what precisely a selected phrase or expression means. That’s why we’ve got created this glossary, which incorporates a few of the commonest — and never so frequent — phrases and expressions that we use in our articles, and explanations of how, and why, we use them.
This is a growing compendium, and we are going to replace it often.
An superior persistent menace (APT) is usually categorized as a hacker, or group of hackers, which good points and maintains unauthorized entry to a focused system. The important intention of an APT intruder is to stay undetected for lengthy durations of time, usually to conduct espionage and surveillance, to steal information, or sabotage vital programs.
APTs are historically well-resourced hackers, together with the funding to pay for his or her malicious campaigns, and entry to hacking instruments usually reserved by governments. As such, most of the long-running APT teams are related to nation states, like China, Iran, North Korea, and Russia. In latest years, we’ve seen examples of non-nation state cybercriminal teams which might be financially motivated (equivalent to theft and cash laundering) finishing up cyberattacks comparable by way of persistence and capabilities as some conventional government-backed APT teams.
(See: Hacker)
The capability to run instructions or malicious code on an affected system, usually due to a safety vulnerability within the system’s software program. Arbitrary code execution may be achieved both remotely or with bodily entry to an affected system (equivalent to somebody’s machine). In the instances the place arbitrary code execution may be achieved over the web, safety researchers usually name this distant code execution.
Often, code execution is used as a method to plant a again door for sustaining long-term and protracted entry to that system, or for working malware that can be utilized to entry deeper components of the system or different gadgets on the identical community.
(See additionally: Remote code execution)
Hackers traditionally have been categorized as both “black hat” or “white hat,” often relying on the motivations of the hacking exercise carried out. A “black hat” hacker could also be somebody who may break the regulation and hack for cash or private achieve, equivalent to a cybercriminal. “White hat” hackers usually hack inside authorized bounds, like as a part of a penetration take a look at sanctioned by the goal firm, or to gather bug bounties discovering flaws in varied software program and disclosing them to the affected vendor. For those that hack with much less clearcut motivations, they could be thought to be a “gray hat.” Famously, the hacking group the L0pht used the time period grey hat in an interview with The New York Times Magazine in 1999. While nonetheless generally utilized in trendy safety parlance, many have moved away from the “hat” terminology.
(Also see: Hacker, Hacktivist)
Botnets are networks of hijacked internet-connected gadgets, equivalent to webcams and residential routers, which were compromised by malware (or typically weak or default passwords) for the needs of being utilized in cyberattacks. Botnets may be made up of a whole lot or 1000’s of gadgets and are usually managed by a command-and-control server that sends out instructions to ensnared gadgets. Botnets can be utilized for a spread of malicious causes, like utilizing the distributed community of gadgets to masks and protect the web site visitors of cybercriminals, ship malware, or harness their collective bandwidth to maliciously crash web sites and on-line companies with enormous quantities of junk web site visitors.
(See additionally: Command-and-control server; Distributed denial-of-service)
A bug is basically the reason for a software program glitch, equivalent to an error or an issue that causes the software program to crash or behave in an surprising method. In some instances, a bug can be a safety vulnerability.
The…
