Cybersecurity Glossary
Our comprehensive guide to the complex terminology of the digital security realm. As the landscape of cybersecurity continues to evolve at a rapid pace, we believe in empowering our users with a clear understanding of the terms and concepts that shape this field. This glossary serves as an essential resource, providing succinct and easily-digestible explanations for both foundational and advanced cybersecurity jargon.
A
Air Gapping
Read moreAir Gapping is a security measure that ensures a device or system has limited or no connectivity and is physically isolated from any other device or system such as the public Internet or a local area network. This means the device has no interface controllers connected to other networks, creating a physical or conceptual “air gap."
Read moreA
Anti-Ransomware
Read moreAnti-Ransomware is a software or tool designed to prevent, detect, and respond to ransomware attacks on computer systems and networks. Most endpoint protection solutions were trained on characteristics that all malware share, including some ransomware samples in the mix. But ransomware does not behave like other malware, so training detection models on the few characteristics that ransomware shares with other malware leave a lot of room for missed detections. Conversely, anti-ransomware detection models are trained on characteristics that all ransomware share to deliver more efficient and effective detection of ransomware attacks.
Read moreA
Antivirus (AV)
Read moreAntivirus (AV) is legacy a software tool designed to detect and prevent known commodity malware from executing a device or network. AV does not provide protection against novel, polymorphic repacked or otherwise altered forms of malware. AV requires human analysis and detection signature development as well as daily updates and lengthy scanning procedures that require a lot of resources and significantly impact productivity while only offering a modicum of protection. AV is best suited for personal computing use, but does not offer the level of protection organizations require from advance threats.
Read moreA
Archiveus Trojan
Read moreArchiveus Trojan was one of the earliest ransomware viruses created that encrypts files on a victim's computer and demands payment in exchange for the decryption key.
Read moreA
Artificial Intelligence (AI) in Security
Read moreArtificial intelligence (AI) is a vast branch of computer science concerned with a development in software that allows computer systems to perform tasks that imitate human cognitive intelligence. The use of advanced machine learning (ML) algorithms to automate and enhance the detection, prevention and response to cyberattacks.
Read moreB
Big-game Hunting
Read moreCyberattacks that are customized to compromise high-value targets and large organizations.
Read moreB
Bitcoin
Read moreBitcoin is a decentralized digital currency that is often used as a form of payment in ransomware attacks due to its anonymity and difficulty to trace.
Read moreB
Botnet
Read moreShort for “robot network” a botnet is a network of computers or multiple devices that are under control of an attacker or attacking party. When a system or computer is compromised it becomes a “bot” and is controlled by the “bot-herder” or “bot-master.”
Read moreC
Crypto Ransomware
Read moreCrypto ransomware is another term for malicious software that encrypts a victim's files and demands payment in exchange for the decryption key.
Read moreC
Cryptocurrency
Read moreA digital or virtual currency that uses cryptography for security and operates independently of a central bank, often used as a form of payment in ransomware attacks due to its anonymity and difficulty to trace.
Read moreC
Cyber Insurance
Read moreCyber insurance is a type of insurance policy that reduces the financial risk to businesses and individuals in the event of a cyberattack. Cyber insurance is a good complement to a robust security program, but it is not a replacement for an active defense posture. In order to make a claim against a cyber insurance policy, insurers typically require the insured to deploy and maintain adequate security controls. Failure to adhere to the security requirements may render the policy unenforceable and negate any claims.
Read moreD
Data Exfiltration
Read moreThe unauthorized transfer of sensitive or confidential data from a computer or network to an external location or attacker-controlled server. Today's more complex ransomware operations are multi-staged attacks,\ where the threat actors are looking to infiltrate as much of the targeted network as possible while exfiltrating sensitive data along the way. They threaten to expose the stolen data to put more pressure on the victim to pay the ransom demand and receive the decryption key to restore their systems. In some cases, the attackers will demand an additional payment for the stolen data in addition to the initial ransom.
Read moreD
Decryption
Read moreThe process of converting encrypted data back into its original, readable form using a key or password. In a ransomware attack, the threat actors typically offer to provide a decryption key to restore systems and data. Decrypting in this manner is a manual process that needs to be conducted on every impacted device, and often the decryption keys provided by attackers either fail or return corrupted data. Organizations can protect their data and make it more easily recoverable in the event of a ransomware attack if they maintain isolated data backups.
Read moreD
Double Extortion
Read moreDouble extortion is a ransomware tactic where cybercriminals not only encrypt the victim's data but also threaten to release sensitive information unless a ransom is paid. Other forms of double extortion, sometimes referred to as triple or quadruple extortion include threatening denial of service attacks (DoS), threatening to expose customer or partner data, short-selling a company's stock, or other tortious business interference tactics.
Read moreE
EDR
Read moreEndpoint Detection and Response (EDR) is a security solution that allows security teams to monitor, detect and investigate suspicious activity on hosts and endpoints. It employs automation that allows security teams to quickly identify and respond to threats. EDR is a powerful tool for protecting endpoints but has serious shortcomings with regard to things like preventing the abuse of user credentials, protecting the larger network and cloud deployments, or leveraging telemetry from other sources.
Read moreE
Encryption
Read moreEncryption is the process of converting data into a code to prevent unauthorized access or modification during transmission or storage. In the final stages of a ransomware attack, threat actors deploy the ransomware payload and encrypt the target's data, files and systems rendering them inaccessible. They typically will offer a decryption key in exchange for a ransom payment ranging from hundreds to tens of millions of dollars.
Read moreE
Encryption Key
Read moreAn encryption key is a code or password used to encrypt and decrypt data in order to protect it from unauthorized access or theft in the event of a ransomware attack. In the final stages of a ransomware attack, threat actors deploy the ransomware payload and encrypt the target's data, files and systems rendering them inaccessible. They typically will offer a decryption key in exchange for a ransom payment ranging from hundreds to tens of millions of dollars.
Read moreE
Endpoint Detection and Response (EDR)
Read moreEndpoint Detection and Response (EDR) is a security solution that allows security teams to monitor, detect and investigate suspicious activity on hosts and endpoints. It employs automation that allows security teams to quickly identify and respond to threats. EDR is a powerful tool for protecting endpoints but has serious shortcomings with regard to things like preventing the abuse of user credentials, protecting the larger network and cloud deployments, or leveraging telemetry from other sources.
Read moreE
Endpoint Protection (EPP)
Read moreEndpoint Protection (EPP) is a security solution that protects individual devices, such as laptops and mobile devices, from cyber threats such as ransomware.
Read moreE
Extended Detection and Response (XDR)
Read moreExtended Detection and Response (XDR) is a comprehensive security solution that extends EDR by correlating telemetry from multiple sources beyond endpoints (network, cloud, identity, etc.) to detect, investigate, and respond to advanced threats such as multi-stage ransomware attacks. XDR holds much promise, but it is still in its infancy and has years of development ahead before it can deliver on its promised potential.
Read moreI
Immutability
Read moreImmutability refers to the security and integrity of an organization’s critical data, especially backup data, and the assurance that this data cannot be altered or destroyed.
Read moreI
Incident Response
Read moreIncident response (IR) is the set of immediate actions that an organization takes in response to a cyber attack or data breach. A tested IR plan, or playbook, can help address incidents efficiently and contain them before they spread.
Read moreL
Living-off-the-Land (LotL)
Read moreA technique used by cyber criminals to evade detection by abusing legitimate network tools, binaries, and processes already present on a targeted system to carry out their attacks.
Read moreL
Locker Ransomware
Read moreLocker ransomware is an earlier type of ransomware that encrypts a victim's files and demands payment in exchange for the decryption key, while also locking the victim out of their system.
Read moreM
MDR
Read moreManaged Detection and Response (MDR) is a service that offers third-party threat detection and response that are otherwise undertaken in-house. MDR offers enhanced protection to organizations that either do not have the personnel or resources to support security operations or find managed services for some aspects of security operations to be financially optimal.
Read moreM
Machine Learning
Read moreMachine learning (ML) is a branch of Artificial Intelligence (AI) that uses algorithms to teach computer systems to learn and program themselves in order to classify data and/or predict future outcomes.
Read moreM
Machine Learning (ML) in Security
Read moreMachine learning in security refers to the use of algorithms and statistical models to analyze and identify patterns in data to detect and prevent cyberattacks, including ransomware.
Read moreM
Malware
Read moreMalware is malicious software, code, and scripts that are designed to harm or exploit computer systems. Ransomware is a type of malware which encrypts files and demands payment for their release.
Read moreM
Managed Detection and Response (MDR)
Read moreManaged Detection and Response (MDR) is a service that offers third-party threat detection and response that are otherwise undertaken in-house. MDR offers enhanced protection to organizations that either do not have the personnel or resources to support security operations or find managed services for some aspects of security operations to be financially optimal.
Read moreM
Managed Security Service Provider (MSSP)
Read moreA Managed Security Service Provider (MSSP) is a third-party company that provides cybersecurity services to organizations, including monitoring, threat detection, incident response, and remediation.
Read moreN
Next Generation Antivirus (NGAV)
Read moreNext Generation Antivirus (NGAV) is a type of cybersecurity software that uses advanced techniques such as machine learning and behavioral analysis to detect and prevent ransomware attacks.
Read moreP
Phishing
Read morePhishing is a type of social engineering attack where a threat actor sends fraudulent emails or messages to trick individuals into revealing sensitive information or downloading malware.
Read moreP
Playbook/Runbook
Read moreA Cyber Security Playbook defines the roles and responsibilities for members of an organization in response to a cyber security incident. It identifies the communications team and a contact liaison between the board and the rest of the organization. Playbooks also establish formal processes and procedures to ensure that required steps are systematically followed during the response and investigation. This helps organizations meet and comply with regulatory frameworks like NIST or GDPR. Playbooks support procedures, like breach notification and technical processes such as malware reverse engineering.
Read moreR
RaaS
Read moreRansomware-as-a-Service (RaaS) operators provide the software platform and backend to launch attacks. They have development teams constantly improving their feature sets, they assist in negotiations during a successful attack, they manage customer service agents, market to new affiliates, and more all for a slice of the profits.
Read moreR
Ransomware
Read moreRansomware is a type of malware that encrypts a victim’s data, files, and systems before a ransom demand is paid and the attackers provide the victim with a decryption key to restore access.
Read moreR
Ransomware Attack
Read moreA ransomware attack uses malicious code to encrypt a victim’s data, files, and systems until a ransom payment is received and the attackers provide the victim with a decryption key to restore access.
Read moreR
Ransomware Campaign
Read moreA ransomware campaign is a coordinated attack operation designed to compromise and infect multiple targets with ransomware to encrypt data, files, and systems until a ransom payment is received and the attackers provide the victim with a decryption key to restore access.
Read moreR
Ransomware Gang
Read moreReferences to ransomware gangs are generally in regard to Ransomware-as-a-Service (RaaS) operators who provide the software platform and backend to launch attacks. They have development teams constantly improving their feature sets, they assist in negotiations during a successful attack, they manage customer service agents, market to new affiliates, and more all for a slice of the profits. Ransomware variants and ransomware gangs often share the same nomenclature, but that is not always the case.
Read moreR
Ransomware Prevention
Read moreThe proactive measures taken to prevent ransomware attacks, such as implementing security software, training employees on safe online practices, and regularly backing up important data.
Read moreR
Ransomware Protection
Read moreBusinesses of all sizes are vulnerable to cyberattacks like ransomware. To protect against this increasing risk, business owners can invest in endpoint protection solutions and educate themselves about how to prevent, mitigate and be resilient against the potential impact of ransomware attack on operations.
Read moreR
Ransomware Recovery
Read moreRansomware recovery is the incident response, investigation, and remediation procedures that address a ransomware attack and its potential impact to a victim organization.
Read moreR
Ransomware Rollback
Read moreThe process of restoring data and systems to the previous unencrypted state before a ransomware attack occurred.
Read moreR
Ransomware-as-a-Service (RaaS)
Read moreRansomware-as-a-Service (RaaS) operators provide the attack platform and other mechanisms to carry out ransomware attack campaings. They have development teams constantly improving their feature sets, they assist in negotiations during a successful attack, they manage customer service agents, market to new affiliates and more for a portion of the ransom proceeds.
Read moreR
Resilience
Read moreResilience is the ability of an organization, tool, or environment to adapt to changing conditions and prepare for, withstand, and recover quickly from disruption.
Read moreR
Resilience in Security
Read moreThe ability of a system or organization to withstand and recover from cyberattacks, including ransomware, through proactive measures such as backups, incident response plans, and employee training.
Read moreS
SLA
Read moreA Service Level Agreement (SLA) is a document that defines the level of service expected from a vendor. It lists the specific metrics to measure the services rendered and compensatory actions if those service levels are not achieved. An SLA is a critical component of any technology vendor contract.
Read moreS
SOC/SOCaaS
Read moreA Security Operations Center (SOC) is an organization’s central command post that monitors and analyzes data from across all of its networks, devices, and databases. The goal is to improve the overall security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents. Some organizations outsource their SOC functions and infrastructure to a third-party technology vendor such as an MSP or MSSP.
Read moreS
Scareware
Read moreScareware is a type of malicious software that tricks users into believing their computer is infected with a virus or other malware, and then prompts them to purchase fake antivirus software or pay a ransom to remove the supposed threat.
Read moreS
Social Engineering
Read moreSocial engineering attacks are the most common way ransomware operators get initial access to a targeted network. Phishing via malicious emails or messages on social platforms is a favorite tactic. Specially crafted emails are designed to trick targets into clicking malicious links, opening tainted attachments, or providing sensitive information like user credentials. Attackers who have already successfully infiltrated a network may also use social engineering techniques to compromise identities that have more user privileges at a targeted organization, like network admins and company executives.
Read moreT
Tabletop Exercise
Read moreA simulated scenario designed to test an organization's response to a cyberattack, allowing them to identify weaknesses and improve its incident response plan.
Read moreT
Threat Hunting
Read moreThe proactive process of searching for and identifying potential cyber threats and active attacks before they can cause harm to a system or network.
Read moreT
Time-to-Ransom
Read moreThe amount of time it takes for a ransomware attack to encrypt a victim's data and demand payment for its release.
Read moreT
Triple Extortion
Read moreTriple extortion is a technique where cybercriminals not only encrypt the victim's data but also apply multiple extortion methods to compel a ransom payment, like threatening to attack a victim's customers or partners or commencing a denial of service attack (DoS) in addition to the threat of leaking compromised data if a ransom payment is not received. See "Double Extortion" for more details.
Read more