Tools of the Bad Guys

Question 1

Data breach

Answer 1

The intentional or unintentional release of secure information to an untrusted environment. Other terms for events like this are: unintentional information disclosure, data leak, and data spill.

Question 2

DoS attack

Answer 2

Denial-of-Service Attack

The attackers seek to make a computer or network unavailable to its intended user(s), by temporarily or indefinitely disrupting service.

DoS attacks are done by flooding the targeted system with unnecessary service requests, which overload the system.

When the attacks come from multiple sources, it’s called DDoS, “distributed denial-of-service.”

Question 3

Security vulnerability

Answer 3

A weakness on a network, computer, or software which allows a bad guy to gain access. A security vulnerability has three elements: a flaw, access to the flaw, and capability to exploit the flaw.

Question 4

Exploit

Answer 4

Software or code—usually malicious—that takes advantage of a flaw or vulnerability.

The purpose is to cause unintended or unanticipated behavior to occur with the software or hardware. Such behavior would be unauthorized access or control of a computer, or denial-of-service.

Question 5

Zero-day

Answer 5

The name of a vulnerability unknown to those who would be interested in securing it, which includes the software vendor or user (good guys). The bad guys use these vulnerabilities to launch an attack.

It is called “zero-day” because the good guys had no warning, or zero-days to do something about it.

Question 6

Zero-day exploit

Answer 6

Also known as “zero-day attack,” is an exploit that takes advantage of a zero-day vulnerability on its first day of release, before the vendor knows about it.

Question 7

Advanced persistent threat

Answer 7

Also known as “APT”, is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time.

The bad guy’s goal is to go undetected and steal data, rather than cause damage to the network or organization.

Question 8

Tailgating

Answer 8

Also known as “piggybacking,” tailgating is a method used by bad guys to gain access to a building or other protected areas. A tailgater waits for an authorized user to open and pass through a secure entry and then follows right behind.

Question 9

Keylogger

Answer 9

Malware or hardware that observes what someone types on their keyboard, which is then sent back to the bad guys.

Question 10

Bitcoin

Answer 10

A digital currency in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank.

Some ransomware uses Bitcoin as the form of payment, because it’s very hard to trace.

Question 11

Money mule

Answer 11

A person recruited by a criminal or criminal organization to quickly receive and turnaround funds involved in scams. The person is often unaware of their role in the criminal act.