Download our eBook
Receive a free copy of HiCLIFF's eBook: Critical Cybersecurity Considerations for your IoT & AV environment.
Glossary of Cybersecurity Terms
Advanced Persistent Threat represents an attack where advanced tactics that consist of multiple stages are orchestrated over some time to avoid detection. An example of an APT would be disrupting the timing generated by a PTP master timing system, the disruption would happen over a long period, but the impact when successful would have a wide-ranging impact on many systems.
An attempt to gain unauthorized access to a system, or an attempt to compromise the stability of a system.
Refers to the network characteristics of an asset that would permit an adversary to attack the asset. Open ports, applications, and operating systems all make up the attack surface of an asset.
The act of swapping a destination MAC address with an alternate MAC address so traffic is routed to the attacker instead of the intended recipient.
Defines if the asset is considered functional or not. If a device is not powered on or has been disrupted from its intended function the device is therefore not available. Availability is part of the CIA triad security structure.
A password cracking attack where consecutive guesses are used to access an account or obtain confidential information.
Defines that information remains private to the intended audience. It also refers to authorized access to access asset configuration, information, etc. Confidentiality is part of the CIA triad security structure.
A malicious activity where a compromised asset collects credentials from the network. Credential collection may be part of a larger APT.
The use of mathematical techniques to provide security for information transmitted over a network or for stored data. Encryption uses the science of cryptology to convert clear data into scrambled data that cannot be easily deciphered.
The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation.
Denial of Service is an attack that disrupts the operation of a target asset or system by flooding it with traffic and making it unavailable.
Distributed Denial of Service is an attack that involves multiple assets that have been compromised and used in a coordinated attack against a target. An example would be in the weaponizing of IoT or AV devices on a network to send malicious traffic to disrupt the services of a critical business system.
A password cracking attack where a dictionary of user credentials is used to log into an asset. This password cracking attempt is more refined than a brute force attack, as some logic is applied to the dictionary and may be based on social engineer/phishing activities.
A hardware or software that limits network traffic according to a set of rules between networks and systems.
An unauthorized user who attempts or gains access to a system.
A process of applying a mathematical algorithm against data to produce a numeric value known as a “hash value” that represents the data. Hashing is commonly used when storing passwords so they cannot be easily read.
A person or group within an organization with permitted access to a system that would allow them to exploit the vulnerabilities of a system and cause harm.
The property of data that remains unaltered from the point it was produced from the sender to the recipient. Integrity is part of the CIA triad security structure.
The malicious act of changing a destination IP address within a packet to a different IP address used by the attacker. IP spoofing may be part of a larger APT.
A term that refers to the technique cyber attackers, or threat actors, use to progressively move through a network as they search for the key data and assets that are ultimately the target of their attack campaigns.
Software that compromises the operation of a system by performing an unauthorized function or process.
An attack where a compromised asset eavesdrops on communications or alters communication packets before they reach the destination.
Provides the capability to determine whether a given individual took an action or sent data at a specific time. This refers to the historical tracking of events within a system to maintain proof of specific activities that can be audited.
A person or group external to an organization who is not authorized to access its assets but poses a threat to the organization.
Malicious activity where a compromised asset intercepts and logs traffic being sent across the network. Packet sniffing may be part of a larger APT.
Permanent Denial of Service is an attack where the intent is to render the asset inoperable leaving it damaged.
A term used to describe a lab-based test, or off-line test, with the intent to verify security features and find vulnerabilities in an asset or system.
A digital form of social engineering to deceive individuals into providing sensitive information such as user name and password.
A cryptographic key that must be kept confidential and is used to enable the operation of asymmetric cryptography. TLS/SSL uses asymmetric encryption to establish a secure client-server session.
A cryptographic key that may be widely published and is used to enable the operation of asymmetric cryptography. TLS/SSL uses asymmetric encryption to establish a secure client-server session.
Remote Code Injection
A vulnerability that allows an attacker to remotely inject code into an application in order to change its execution flow.
The potential for an unwanted or adverse incident is determined by the likelihood that a threat will exploit a particular vulnerability.
The process that collects information about assets and systems and determines the risks. The assessment is intended to help determine priorities and inform decision-making.
An attack where the intruder takes over an active session by pretending to be the legitimate destination device.
An attack based on human interaction to persuade people into giving up confidential information.
Supply Chain Attack
An attack that targets the manufacturing process by compromising a product at the source or in the delivery to the client. Compromised products are then installed by the customer on their networks without the knowledge that the product was already compromised and contains malicious code put there by attackers.
An individual, group, organization, or government that has an intent to conduct malicious activities using digital methods.
A program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms.
A program that can replicate itself, infect an asset without permission or the knowledge of the user, and can also spread to another asset.
A weakness within the firmware/software of an asset that is exploitable to an attack.