Chapter 2 Key Terms Flashcards
Malware
Software designed to take over or damage a computer without the user’s knowledge or approval.
Virus
A program that attempts to damage a computer system and replicate itself to other computer systems.
Worm
A self-replicating malware program.
Trojan horse
A malicious program that is disguised as legitimate or desirable software.
Zombie
A computer that is infected with malware and is controlled by a command and control center called a zombie master.
Botnet
A group of zombie computers that are commanded from a central control infrastructure.
Rootkit
A set of programs that allows attackers to maintain hidden, administrator-level access to a computer.
Logic bomb
Malware designed to execute only under predefined conditions. It is dormant until the predefined condition is met.
Spyware
Software installed without the user’s consent or knowledge and is designed to intercept or take partial control of the user’s computer.
Adware
Malware that monitors a user’s personal preferences and sends pop-up ads that match those preferences.
Ransomware
Malware that denies access to a computer system until the user pays a ransom.
Scareware
A scam to fool a user into thinking there is some form of malware on the system.
Crimeware
Malware designed to perpetrate identity theft. It allows a hacker access to online accounts at financial services, such as banks and online retailers.
Crypto-malware
Malicious software that uses a computer’s resources to mine cryptocurrencies in the background undetected. Also known as cryptojacking.
Remote Access Trojan (RAT)
Malware that includes a back door to allow a hacker administrative control over the target computer.
Hacker
A person who commits crimes through gaining unauthorized access to computer systems.
Cracker
A person actively engaged in developing and distributing worms, Trojans, and viruses; engaging in probing and reconnaissance activities; creating toolkits so that others can hack known vulnerabilities; and/or cracking protective measures.
Script Kiddy
A less-skilled hacker who often relies on automated tools or scripts written by crackers to scan systems and exploit weaknesses.
Potentially unwanted Program (PUP)
A PUP is a software inadvertently installed that contains adware, installs toolbars, or has other objectives.
Fileless virus
A fileless virus uses legitimate programs to infect a computer.
Targeted Attack
A type of threat in which threat actors actively pursue and compromise a target entity’s infrastructure while maintaining anonymity.
Opportunistic Attack
An attack in which the threat actor is almost always trying to make money as fact as possible and with minimal effort.
Insider
A threat agent who has authorized access to an organization and either intentionally or unintentionally carries out an attack.
Competitor
A threat agent who carries out attacks on behalf of an organization and targets competing companies.
Cybercriminal
A subcategory of hacker threat agents. Cybercriminals are willing to take more risks and use more extreme tactics for financial gain.
Nation state
A sovereign state threat that may wage an all-out war on a target and have significant resources for the attack.
Internal Threat
A threat from authorized individuals (insiders) who exploit assigned privileges and inside information to carry out an attack.
External Threat
A threat from individuals or groups not associated with the organization, who seek to gain unauthorized access to data.
Persistent Threat
A threat that seeks to gain access to a network and remain there undetected.
Non-Persistent threat
A threat that focuses on getting into a system and stealing information. It is usually a one-time event, so the attacker is not concerned with detection.
Open-source intelligence (OSINT)
Information that is readily available to the public and doesn’t require any type of malicious activity to obtain.
White hat
A skilled hacker who uses skills and knowledge for defensive purposes only. The white hat hacker interacts only with systems for which express access permission is given.
Black hat
A skilled hacker who uses skills and knowledge for illegal or malicious purposes.
Gray hat
A skilled hacker who falls in the middle of white hat and black hat hackers. The gray hat may cross the line of what is ethical, but usually has good intentions and isn’t malicious like a black hat hacker.
Social Engineering
an attack involving human interaction to obtain information or access.
Footprinting
uses social engineering to obtain as much information as possible about an organization.
Pretexting
Pretexting is a fictitious scenario to persuade someone to perform an action or give information.
Elicitation
a technique to extract information from a target without arousing suspicion.
Preloading
influencing a target’s thoughts, options, and emotions before something happens.
SMiShing
(SMS Phishing) is doing phishing through an SMS message. In other words, tricking a user to download a virus, Trojan horse, or malware onto a cell phone.
Impersonation
pretending to be somebody else and approaching a target to extract information.
SPIM
SPIM is similar to spam, but the malicious link is sent to the target over instant messaging instead of email.
Hoax
type of malicious email with some type of urgent or alarming message to deceive the target.
Hacktivist
a hacker with a political motive.
Script Kiddie
A less-skilled (usually younger) hacker that often relies on automated tools or scripts written by crackers to scan systems at random to find and exploit weaknesses.
White hat hacker
is a professional who helps companies find the vulnerabilities in their security. Also known as an ethical hacker.
Cybercriminal
A person (or team of individuals) who use technology to steal sensitive information for a profit. Cybercriminals are often associated with large organized crime syndicates such as the mafia.
Zero-day vulnerability
Zero-day is a software vulnerability that is unknown to the vendor.
Data loss
The loss of files and documents either accidentally or through malicious acts.
Data breach
The exposure of confidential or protected data, either accidentally or through malicious acts.
Data exfiltration
The unauthorized transfer of information or files from a computer.
Identity Theft
A crime in which an attacker commits fraud by using someone else’s name or existing accounts to obtain money or to purchase items.
Availability Loss
Loss of access to computer resources due to the network being overwhelmed or crashing.
