IT Threat Glossary
The Internet can be a dangerous place, especially now that hackers are taking advantage of advanced tools and threats.
New types of malware, ransomware, and viruses are being created every day, for the express purpose of seeing your organization fail. If your business isn’t using comprehensive security solutions, you remain vulnerable to threats that can potentially compromise and damage your business’s IT infrastructure.
To help make cybersecurity easier for you, we’ve compiled a list of threats that your business should be prepared to face.
Advanced Persistent Threat (APT): An APT is a stealthy network breach that’s designed to remain undetected for a certain amount of time. APTs are usually used to steal information from a specific individual or organization over time, rather than cause an immediate disruption to operations.
Adware: Adware automatically displays ads on software, particularly web browsers, in an effort to generate revenue for its creator. Adware can often come packaged with free online software, and while it’s not immediately threatening, it can become a severe annoyance and potential security threat. When used as malware, adware can display unwanted (and often embarrassing) advertisements in the form of popups or web ads.
Botnet: A botnet is a collective term used for a network of devices built from “bots,” which are computers controlled remotely by a hacker. Botnets are typically used to complete repetitive tasks, like sending spam messages or participating in Distributed Denial of Service (DDoS) attacks. Due to botnets spreading their infection to other computers, they’re often likened to a “zombie horde.”
Brute-force Attacks: Brute-force attacks are commonly used tactics to break into online accounts, particularly those that take advantage of encryption. A brute-force attack consists of the hacker rapidly inputting as many passwords as possible in an attempt to find the right combination of characters.
Command and Control Server: A command and control server (C&C server) is the central computer that remotely issues commands to botnets and other malware. These botnets and malware will then send information back to the C&C server, like sensitive data or account credentials.
Dictionary Attack: Dictionary attacks utilize known words or phrases in an attempt to crack through passwords and usernames. They can be used in conjunction with brute-force attacks to guess credentials and infiltrate accounts.
Distributed Denial of Service (DDoS): A DDoS attack consists of multiple systems from varied locations target a single system. The resulting traffic is usually an attempt to bring down a server, forcing it offline until the attack ceases. DDoS attacks are often performed by botnets, compromised computers that have been enslaved by hackers to do their bidding.
Exploit: A loose definition would be a tool designed for use in exploiting a specific vulnerability within an IT system component, usually for the purpose of stealing data or installing malicious software.
Keylogging: A keylogger could be either a software or a hardware that’s designed to capture and record keystrokes. Software versions of keyloggers are often included in viruses or malware packages to capture credentials for later use. The victim is typically unaware that their activities are being monitored.
Malware: Malware, derived from “malicious software,” is a term used to describe any cyber threat that is intrusive and malicious in nature. This can include any number of online threats, including computer viruses, trojans, ransomware, spyware, and others. Malware is usually activated through the use of executable code or scripts. Basically, anything that has malicious intent can be considered malware.
Phishing: Phishing tactics are used by hackers to lure targets into handing over sensitive credentials, like usernames, passwords, credit card numbers, Social Security numbers, and so on, usually through email spam tactics or other electronic means. Phishing tactics will often masquerade as a trusting or intimidating entity.
Ransomware: Ransomware is a type of malware that attempts to extort money or credentials from users by locking down local files on their PC or workstation, usually through the use of encryption technology. The user may (or may not) receive the decryption key upon giving in to the hacker’s demands.
Social Engineering: Social engineering is a tactic used by hackers that appeals to the weaknesses of the end user. Hackers find ways to circumvent common security protocol by posing as important officials or users within a company, or even as an internal IT department. Social engineering tactics are cause for concern primarily because they target the unpredictable nature of human activity.
Spam: Spam is mostly known as the time-wasting emails that users receive on a daily basis. Technically, spam can be any unsolicited or unwanted message sent to your email address. These messages may not seem overtly malicious, but hackers will often use spam to achieve a certain agenda. Spam messages might come with malicious links or attachments, that when clicked on can execute code or send you to compromised websites.
Spear Phishing: Spear phishing tactics are focused phishing attempts on an individual, customized to appear as legitimate as possible. An example would be a local bank representative calling or sending an email asking to confirm credit card numbers or credentials.
Spoofing: Spoofing is the act of tricking users into believing that they’re viewing something legitimate, when in reality they’re only looking at a fake. For example, email spoofing is a common tactic in which hackers will pose as someone from your contacts, but will have the wrong email address. Another example would be clicking a link and having it take you to a website that looks like the one you want to view, but the domain name is wrong. The idea is that hackers can replicate legitimate email names and websites to trick users into succumbing to their attacks.
Spyware: Spyware is a type of malware that’s specifically designed to covertly gather information from a computer, and transfer that information to a hacker. Spyware can be difficult to identify due to it being designed to remain hidden.
Trojan: Also known as a backdoor or “Trojan horse,” a trojan is designed to infiltrate your network and create a reliable way to obtain access to the system in the future. Trojans are often used in conjunction with advanced persistent threats (APT) in an attempt to gather as much information as possible, while remaining hidden from security protocol.
Virus: A virus is a malware program that, when executed, attempts to replicate itself and spread to other computer components. Viruses are often disruptive and dangerous, especially in the business environment. They can slow business systems, delete critical data, and much more.
Vulnerability: A vulnerability, in terms of computing, is a bug or a problem within the code of operating systems and other software that needs to be fixed. Vulnerabilities leave networks open to potential threats, and are often resolved by patches and security updates issued by software manufacturers.
Zero-Day Exploits: This term applies to vulnerabilities which are presently unpatched or unresolved. These issues are often found in legacy software that’s incompatible with modern technology, like Windows XP.
Stay Safe Online with ISC
Don’t be intimidated by online threats.
We’ve only scratched the surface of what’s possible for hackers and their technology. There are limitless possibilities for online threats, so it’s imperative that you arm yourself against these threats. For more information about these threats and how you can protect your business assets, contact ISC at 502.292.5097.
What Our Clients Say
ISC’s Security Risk Assessment helped our Practice meet our HIPPA Compliance and Meaningful Use requirements and the Advanced Security Assessment and Network Security solutions provide ongoing protection for our Network and Patient Data.
ISC’s IT Consulting, Sourcing and Managed Support Services provides a Total Solution for all our IT needs. They met with us to understand our business, budget and IT requirements. They implemented the solution and their Managed IT Services provide ongoing protection for our supply chain. This allows us to focus on growing our business and serving our customers’ needs. We have peace of mind that our IT is supported and our customer data is protected.
It wasn't until someone called to see if we had an IT service provider that I realized I have used the services of ISC for over 20 years and have relied on their expertise. In a previous job, ISC managed our SQL server and POS system for 30+ stores in 5 states plus our office network. In my present job, they have been there when we expanded from a 3-person office to over a dozen employees across 4 states. We are able to collaborate using Microsoft Office 365 and a virtual private network. The staff is experienced, knowledgeable and extremely helpful. I wouldn't trust anyone else.
As a mid-size manufacturer of custom woodwork our operations are large enough to be complex but too small to justify an internal IT staff. ISC has been an ideal fit for us. Capable, responsive, cost-efficient, and they share our customer-centric values. ISC allows us to focus on what we do best with the peace of mind knowing our IT infrastructure is in good hands.
I am pleased to strongly recommend the team at ISC Kentucky. For years we attempted to support our IT hardware and software installation/upgrade needs internally with limited success. The ISC team effectively assessed our current state, established and executed an improvement plan that covered immediate needs AND projected risks, and have consistently supported our ongoing needs…largely via remote access…in a timely and efficient manner. Partnering with ISC has been clearly one of the best decisions we’ve made for our business…so we can focus on the business.
I could not be more satisfied with ISC Kentucky. They were vital in advising, implementing, and supporting my family medicine practice network. Every time I have needed network support their service was prompt and courteous. I feel that I am a valued customer and they have my best interests in mind.
We have been using ISC Kentucky for almost 2 years. We were in the market looking for an IT company to take care of our needs as a skilled nursing home. One of our board members uses ISC and gave us James Naive as a contact for them. We have been more than satisfied with their work and their knowledge of what we needed and when we needed it. They came in and looked around our building assessed what we had and developed a plan for us to follow to get where we needed to be. I rest much more comfortably knowing that our IT solutions are in their hands. I would highly recommend ISC Kentucky to anyone looking to solve their IT problems. ISC have professional and knowledgeable staff that have handled any situation that we have had in the last 2 years.
As a company we brought in ISC to handle the equipment at our office and 16 locations. They have provided excellent customer service on all levels. They are quick to respond and to resolve any issues. Their office and service staff is efficient, knowledgeable and professional. ISC staff will be instrumental in our planning for the next year. They have been a real asset to our company. We appreciate the relationship and service they have provided.
I have always been completely satisfied with the IT service and support I have received from ISC Kentucky. I have not had to worry about our IT needs since 2008 when we decided to use your services Thanks for all that you do for Rueff and Associates!