Can\u2019t tell your malware from malarkey? Do you think phishing is something you do with your mates on the weekend? If you\u2019re sick of just smiling and nodding politely when the subject turns to cybercrime, you\u2019re in luck \u2013 we\u2019ve broken down the meanings of the most common cybercrime terms here.<\/p>\n\n\n\n
Account harvesting<\/strong>: Collecting email accounts that are in the public domain or using software to collect email addresses that are stored on a computer. These accounts are often used later for spamming. <\/p>\n\n\n\n Attack surface<\/strong>: The sum of the different points in a system that an attacker could potentially breach. Your attack surface is essentially your digital footprint, and the larger it is, the more chances there are that an attacker could find exploitable vulnerabilities in it. <\/p>\n\n\n\n Back door<\/strong>: A means to access a system that bypasses the normal security measures. Back doors are sometimes created deliberately by developers as a troubleshooting tool, and sometimes installed as part of a cyber attack by criminals who return to exploit it later.<\/p>\n\n\n\n Black hat<\/strong>: A person who hacks into a computer system with malicious intent. Bad guys. <\/p>\n\n\n\n Browser hijacking<\/strong>: Software that can modify a user\u2019s browser settings without their knowledge or consent, often to inject unwanted content or advertising. <\/p>\n\n\n\n Brute force<\/strong>: A process of attempting to crack a cryptographic key or password by systematically trying every possible combination until you find the right one. <\/p>\n\n\n\n Business email compromise<\/strong>: When criminals use email fraud to target business, government and non-profit organisations. This can include impersonating businesses by using similar names and domains, or even impersonating specific co-workers by compromising their email accounts. From here, the criminal can raise false invoices or change banking details so that money is sent to their account, among other scams.<\/p>\n\n\n\n BYOD (Bring Your Own Device)<\/strong>: An IT policy that allows employees to access a business\u2019 systems and data using their own personal tablets, computers and phones, broadening that business\u2019 attack surface. <\/p>\n\n\n\n Countermeasure<\/strong>: Techniques, actions and procedures to minimise the threat of a cyberattack by using cyber security and other measures. <\/p>\n\n\n\n Cryptographic key<\/strong>: <\/strong>A string of seemingly random characters that, when processed through a cryptographic algorithm, can encrypt data to make it unreadable ciphertext, or decrypt it to make it plaintext. Just like a physical key, it\u2019s used to ensure that only the people in possession of it can lock and unlock data. <\/p>\n\n\n\n Dark web<\/strong>: The dark web contains websites that aren\u2019t indexed by search engines, and are only accessible through specialised browsers and software. The dark web can be used for highly illegal activity, including extoring ransomware payments, by users who wish to remain anonymous. <\/p>\n\n\n\n Data at rest<\/strong>: Data that\u2019s stored in any digital form on a computer. <\/p>\n\n\n\n Data in transit<\/strong>: Data that\u2019s moving between locations, either through the internet or a private network. <\/p>\n\n\n\n Denial-of-service (DoS) attack<\/strong>: A DoS attack crashes a user\u2019s system or network, making it completely unusable. This is usually done by overloading the system with requests. <\/p>\n\n\n\n Double extortion<\/strong>: A similar process to ransomware (see below), but the hacker will also threaten to publish the data publicly if the ransom is not paid. <\/p>\n\n\n\n Encryption<\/strong>: The conversion of readable plaintext data into unreadable cyphertext. A strong security measure against cyber attacks, it makes data virtually useless to anyone who accesses it without the cryptographic key required to unlock it. <\/p>\n\n\n\n