Cyber security

Malware

Malware is an umbrella term used to describe a variety of hostile or intrusive software

Malware: Virus

Malware that attaches itself to a host file or program and requires user action (like opening a file) to activate. Once activated, it self-replicates by infecting other files or programs on the system. ​

Malware: Worm

Malware that self-replicates and spreads automatically across networks without needing user action.

Malware: Trojan Horse

Malicious code disguised as legitimate software; once installed it creates a backdoor for attackers;

Malware: Ransomware

Malware that encrypts user files and demands payment for the decryption key;

Malware: Spyware

Malware that secretly gathers user data (keystrokes, browsing habits) and sends it to attackers;

Social Engineering: Pharming

Malicious code or DNS manipulation that redirects users to fake websites to harvest credentials;

Social Engineering: Phishing

Sending fraudulent emails or messages to mass audiences to trick recipients into revealing sensitive data;

Social Engineering: Shoulder Surfing

Observing someone’s private information (e.g. PIN at an ATM) over their shoulder to steal it;

Social Engineering: Blagging

Inventing a false scenario to persuade victims to divulge confidential information;

Penetration Testing: White Box Testing

Tester has full knowledge of system internals (source code, network maps, credentials) before attack;

Penetration Testing: Black Box Testing

Tester has no prior knowledge of the system; simulates an external attack with only public information;

Protection: Encryption

Scrambling data into ciphertext before transmission so only those with the key can read it;

Protection: Antimalware Software

Software suite that detects, quarantines and removes malware (antivirus, antispyware, antispam etc.);

Protection: Firewalls

Hardware or software systems that monitor and control incoming/outgoing network traffic based on security rules;

Protection: User Access Levels

Assigning permissions (read, write, execute, delete) to users/groups to restrict access to data/resources;

Protection: Automatic Software Updates

Automated downloading and installation of patches and feature updates to fix vulnerabilities without user intervention;

Protection: MAC Address Filtering

Allowing or blocking network connections based on a device’s unique hardware MAC address;

Authentication: Passwords

Secret strings of characters used to verify a user’s identity when logging in;

Authentication: Biometrics

Use of unique physical characteristics (fingerprint, iris, face) to confirm identity;

Authentication: Email Confirmation

Sending a code or link to a registered email address that the user must click or enter to prove ownership;

Authentication: CAPTCHA

Completely Automated Public Turing test to tell Computers and Humans Apart; challenge-response test to block bots;

Authentication: Advantages of biometric authentication over passwords (3)

1. Can’t forget biometric measure

2. No risk of shouldering when using biometric data

3. Lower risk of hacking