The Cybersecurity Dictionary is a collection of terms and definitions related to information protection issues in cyberspace.

The dictionary is intended to facilitate understanding of the basic concepts and principles of cybersecurity, as well as to assist in communication between various entities dealing with this topic.

ADWARE

ADWARE works by making your computer more difficult to use by displaying unwanted advertisements. Adware software may be combined with additional malicious tools that can, for example, spy on the user or redirect him to dangerous websites. ADWARE mechanisms may be built into freeware or shareware versions to provide the developer with revenue from selling user data or to force the user to install a paid version of the program. ADWARE software is often not visible on the list of programs installed on the computer, so uninstalling it may be very difficult.

AUTHORIZATION

This is an action intended to confirm whether the user has permission to perform a specific operation in the system. AUTHORIZATION is performed after confirming the user's identity using AUTHENTICATION and is intended to limit the user's actions only to what he has consented to. An example would be permissions to work on a file - a user may be authorized to view and edit its content, but not to delete it. In the absence of authorization, the user may, for example, receive a message that the operation cannot be performed or he will not see certain options in the program menu.

BLOATWARE

This name refers to unnecessary software that is not ordered by the user and is pre-installed on new computers, telephones or other devices. Such software usually appears as a result of contracts concluded between the manufacturer and the equipment seller and sometimes its operation will only increase the consumption of computer resources or will involve collecting marketing data about the user such as device ID, location, visited websites, etc. Removal of software such as BLOATWARE shouldn't be difficult because it is usually visible in the list of installed programs and can therefore be uninstalled quickly.

BRUT FORCE

The BRUT FORCE attack involves cracking passwords by entering various combinations of characters. This type of attack is simple, so it can also be performed without advanced IT knowledge. An obstacle for criminals is the high time-consuming nature of manually entering access data into the system, which is why hackers do not do it manually. Instead, tools are created that will automatically try to log in to the specified website using various combinations of data. Users who use easy-to-guess passwords are most susceptible to this type of attack.

EXPLOIT

The name EXPLOIT covers tools that exploit programming errors in various types of programs. By exploiting such an error, EXPLOIT can take control of the program's operation and use its privileges in the operating system. Thanks to this, the attacker can gain access to the parts of the computer system that interest him or the ability to connect and take control of another computer or server on the network. There, in turn, further EXPLOITS can be used, which increases the scope of the attack

0-DAY EXPLOIT

ZERO DAY EXPLOIT is the most dangerous type of EXPLOIT, because this term means a programming vulnerability that has not yet been found. As a rule, the attacker is the first person to use such a bug to attack, and often even the person who found such a bug. Defending against such an EXPLOIT is very difficult or even impossible.

MALWARE

The general name of malware is MALWARE. This is a very broad term used to describe all programs and tools used to cause damage to the system or the user.

MALVARETISING

This term comes from the concept of malicious advertising, which means an attack involving placing infected advertisements on the Internet. legally operating websites implementing advertising campaigns. This usually takes the form of messages such as "you have a virus" or "you are using an outdated version of the system". This is, of course, calculated so that an unaware, scared user of the device will click on the proposed link, which will lead to immediate infection with a virus (this time a real one) or redirection to an infected website from which the actual attack will be carried out.

SCAM / FRAUD

A typical mechanism consists in offering the victim a share in huge profits in exchange for alleged intermediation requiring the investment of proportionately small own funds in various types of operating costs. The fees paid by the victim are actually intercepted by the fraudster, who then disappears without ultimately making any payment to the victim. The fraudster usually takes on the role of an heir, a previously defrauded entrepreneur, a descendant of a coup victim, etc.

SPAM

Sending large amounts of information with the same content to unknown people is called SPAM. It does not matter what the content of these messages is. To classify a message as spam, it must meet the following three conditions simultaneously:

– The content of the message is independent of the identity of the recipient.

– The recipient has not given prior, intended consent to receive this message.

– The sender of a message may gain disproportionately to the benefits of the recipient.

SPAM can also be used to distribute malware or links.

SPOOFING

SPOOFING involves an attacker impersonating another person or organization in order to gain trust and carry out an attack. Spoofing involves using a name that sounds similar to the original one and thus misleading the recipient. The most popular ways are to use the letters rin for m or two letters v for w. In this way, the user can be convinced that he is corresponding with the right person or is on the right website. SPOOFING is usually an introduction to PHISHING. The most popular SPOOFING methods are:

EMAIL SPOOFING

It involves sending e-mails whose header data (mainly the name and e-mail address of the sender) have been modified to appear to come from another source. EMAIL SPOOFING is most often used to send spam and in attempts to extort login details (e.g. for electronic banking). Another way of using it may be an attempt to persuade the recipient of the message to provide an apparently trusted person (e.g. someone in a managerial position in another department of the company) with information that he should not share.

DOMAIN SPOOFING

It involves creating an Internet domain with a name similar to the original one and embedding a website on it with an appearance identical or very close to the original. By using such a website, the attacker can persuade visitors to leave their login details, send money or download malware to their computer.

PHARMING

This is an attack that redirects traffic that should go to a fake website to a fake website. Even after entering the correct website address, the user lands on the website provided by the attacker. A fake website may look identical to the real website and contain identical content (news, messages, and even warnings). PHARMING uses TROJANS that infect the computer and change its configuration in such a way as to force the user to go to the website created by the attacker. The attack aims to take over passwords, credit card numbers or other confidential data entered by the user.

PHISHING

A method of fraud in which the criminal impersonates another person or institution in order to obtain specific information (e.g. login details, credit card details) or to persuade the victim to take specific actions. This is a type of social engineering attack. Popular targets are, for example, people using electronic banking. A typical method is information about the alleged blocking of the account and the need to reactivate it, providing all confidential information (login, password). Typically, the attack begins with an e-mail containing a message encouraging you to perform a specific action, e.g. clicking on a link leading to a website controlled by the attacker, which contains a message asking you to confirm your identity by providing data such as personal data, password and bank login. , SMS code, etc. Criminals use the information obtained to gain access to the account and steal money from it.

RANSOMWARE

This is a type of malware that modifies the operating system, the contents of the hard drive or data. The most dangerous versions of RANSOMWARE encrypt the victim's files in such a way that only the author of the software can decrypt them. RANSOMWARE is also called blackmail software because often, after encrypting data, they send a message in which they propose to decrypt the data and restore access to the data, of course for a fee - often high. However, the decision to pay a ransom to decrypt data is risky because there are known cases when criminals broke off contact after receiving the money or when decryption turned out to be impossible.

SMISHING

The name SMISHING comes from the concept of SMS phishing and, as the name suggests, it is one of the PHISHING techniques. SMISHING involves sending SMS messages with malicious content. These may include incentives to subscribe to paid premium services via return SMS or, for example, links to fake websites. A widely used method of SMISHING are messages with information about the need to make an additional payment to the bill, shipping costs, etc. Such messages contain a link to a fake payment gateway, which allows criminals to take over access to the bank account and steal the money.

SPYWARE

SPYWARE is the name of spyware whose task is to collect information about the user and send it without his knowledge to the person using SPYWARE. The following may be collected and sent: addresses of websites visited, user's IP address, computer specifications, credit card details, passwords and much more. SPYWARE may be distributed as MALWARE, but sometimes spyware is offered as a free program, such as an antivirus, or as part of a package whose contents have not been thoroughly verified.

TROJAN

A term for a type of computer virus that, while pretending to be useful software for the user, also installs hidden functions during installation, such as tools for spying, installing malware or modifying the content of the computer. TROJANS can be distributed via e-mail or placed for download on various websites. They may also be part of illegal software or music and movie files.

AUTHENTICATION

This is the process of confirming the user's identity, usually involving confirming the correctness of the username and password. The purpose of AUTHENTICATION is to protect access to the system against unauthorized access. Modern authentication methods are called MULTI-FACTOR AUTHENTICATION.

MULTI-FACTORAL AUTHENTICATION

This name refers to modern authentication methods that require more information than just a login and password to log in. This could be a verification code sent via SMS, an app on a mobile device, the use of a physical key, or more. MULTI-FACTOR AUTHENTICATION is much safer than regular AUTHENTICATION with login and password and protects, among others: against BRUTE FORCE attacks.

VIRUS

A VIRUS is a computer program that has the ability to attach itself to another program and replicate itself when transferred to another environment, just like a real virus. A VIRUS is a type of malware and can act in various ways - slowing down your computer, stealing data, recording keystrokes, etc. VIRUSES, like TROJANS, can spread via email attachments and infected (often pirated) programming. VIRUSES are often called MALWARE, i.e. malicious software, but there is a difference between them. VIRUSES do not start working without any action on the part of the user, e.g. opening a document to which the VIRUS is attached, but malware usually works independently, independently of the user.

VISHING

VISHING is voice phishing carried out during a telephone conversation. Criminals pretending to be an employee of a bank, investment company or office are able to convince the interlocutor to provide detailed personal data and access data to the bank account, and then steal the money. Voice phishing does not require advanced IT knowledge because the basic technique used by attackers is SOCIAL TECHNOLOGY. This type of attack may also be partially carried out by automated machines calling numbers from the database collected by criminals.

DNS POISONING

DNS is a system that translates domain names (gogle.com) into IP addresses that identify devices on the Internet. DNS POISONING involves sending false information to the DNS server about the IP address under which the Internet domain is located. The server saves this information for a certain period of time and consequently redirects the person who wants to visit the selected website to an incorrect IP address and a fake website. Fake websites may be more or less similar to the original website, but the better the website is made and the more similar it is to the real one, the more difficult the attack is to detect.