Социальная инженерия относится к изощренному использованию обмана для манипулирования людьми с целью разглашения конфиденциальной или личной информации в мошеннических целях, когда злоумышленники пытаются использовать людей, а не уязвимости системы.
acceptable usage policy | A document drawn up by an organisation that defines proper it system usage (network, system or website), restrictions and the responsibilities of users. while users might be aware of their organis... |
advanced persistent threat (apt) | A prolonged attack when an attacker gains access to a system or network for a prolonged period of time. the motivation for this category of attack is usually data exfiltration. common targets incl... |
alert fatigue | The phenomenon of users ignoring warnings of potential problems from their it security software, usually as a result of being exposed to a large number of frequent alarms. |
angler phishing | A recent trend where cyber criminals pose as customer support representatives of various organisations on social media platforms, such as twitter and facebook. here they can initiate an interactio... reverse social engineering; |
anti-virus software | Software designed to prevent and detect malware infections. early versions of anti-virus software were signature-based, which meant detection relied on a database of known malware. however, malwar... scareware; |
baiting | A social engineering attack that involves the attacker leaving malware infected portable storage media, such as usb memory sticks, in locations where people will find them. the hope is that the ta... |
baselining | Monitoring resource usage (such as email usage) to determine typical usage patterns so that significant deviations can be detected. |
business email compromise (bec) | A type of social engineering attack in which one party of a financial transaction gets impersonated. for example, in the buying or selling of a house, an attacker may impersonate the real estate a... ceo fraud; |
business process compromise (bpc) | A form of attack where business processes or their underlying systems have been manipulated by an attacker. for example, starting from 2011, the belgian port of antwerp was infiltrated by hackers ... |
caller id spoofing | A direct social engineering attack that often involves using a spoofed phone number to create a sense of trust. the number will appear on the victim’s caller identification display, leading them t... |
ceo fraud | A type of business email compromise in which the attacker purports to be the ceo, and uses a compromised or spoofed email address to make a payment request to an employee with the authority to iss... business email compromise (bec); |
clean desk policy | A policy which encourages employees to remove sensitive documents or materials from their workspace when they are not in use. a clean desk policy hopes to mitigate the risk of the insider threat. ... |
clear text | See plain text. plain text; |
clickbait | A website url or email attachment that appears to be from a trusted source, but is actually connected to a source set up by a hacker. clickbait urls or attachments will often have alluring titles ... |
clickjacking | Occurs when an attacker tricks the target into clicking on something different to what they had expected. this can potentially reveal sensitive information, take control of their computer, or caus... |
clone phishing | Occurs when the text and graphics of an authentic email that has been previously sent to the target (e.g. from a financial institution) is copied and resent to them. the “new” version of the email... |
credential harvesting | Occurs when the login credentials for webmail, domain access, vpn access, etc. are collected via a compromised web browser, application, malware or dns server. this can have serious ramifications ... typo-squatting; |
cyber-espionage | Espionage geared towards financial, commercial and technological goals. organisations can spend millions of euros on research and development for new products and services only to have that intell... |
data audit | A data process involves the process of finding out where your organisation’s data is stored, how it is processed and whether it is compliant with data protection law. this process can be performed... |
data breach | - Any event where confidential data is viewed, transmitted, stolen or used by an unauthorised individual. data breaches are often caused by user error, lost or stolen devices, data-stealing malw...
|
data egress | Data leaving a network to an external location. this term is usually used in reference to authorised data. |
data leak | An unintentional release of confidential information to an untrusted environment. an increasingly large number of data leaks can now be attributed to social engineering attacks or plain human erro... |
data loss prevention (dlp) | This aims to prevent the unauthorised loss or exfiltration of data. dlp solutions typically monitor data traffic that leaves a network for document tags, watermarks and “dlp fingerprints”. dlp fun... |
data minimisation | Collecting the minimum amount of data needed to fulfil a purpose. data minimisation also refers to the practice of carrying the bare minimum of data on portable computing devices and storage media... |
data portability | Refers to data which is in a format that is easily accessible and easily transmissible to a third party. data portability is a stipulation in the gdpr which means organisations that are subject to... |
data quality principle | Personal data collected by organisations should be relevant for purpose, accurate and kept up-to-date. |
data remanence | In many computing environments, the execution of the “delete” or “move to trash” command does not actually result in data getting irreversibly deleted. data remanence is data that persists beyond ... data wiping; |
data wiping | Secure data wiping usually involves writing zeros or random characters to a storage device so that any stored data becomes overwritten and is unrecoverable. there are several free and commercial a... data remanence; |
data-at-rest | Inactive data that is stored on a physical storage device, such as the server, workstation, usb drive or smartphone. |
data-in-motion | (a.k.a. data in transit) – data that is transmitted over a network. data-in-motion can be secured by encrypting the communications channel (e.g. by using ipsec encryption) or by encrypting the dat... |
data-in-use | This is one of the three states of data. it primarily refers to data that is stored in a computing system while it’s being processed. for example, a user working on a microsoft word document will ... |
de-identified information | Records that have had personal data removed or obfuscated so that the information does not identify a data subject. information can be de-identified by using a code, algorithm or pseudonym. common... |
digital rights management (drm) | In the context of organisational data protection, drm, which is sometimes referred to as enterprise digital rights management (edrm), helps to protect data that has been properly classified and re... |
distinguishable information | Information that can be used to identify a data subject. |
dmarc (domain-based message authentication, reporting & conformance) | This is the email message validation standard that is used to prevent spoofed emails. dmarc combines sender policy framework with domainkeys identified mail protocols to confirm that a message cam... |
dns cache poisoning | The attacker “poisons” the dns cache of a dns server with incorrect routing information. this results in dns requests that resolve to the attacker’s proxy server and browser requests being surrept... pharming; pharming, credential harvesting; |
domain keys identified mail (dkim) | A system which allows receiving mail servers to check whether an email came from the domain that it purports to and was not modified during transport. this is done largely to prevent mail spoofing... |
domain spoofing | The creation of a website domain that is made to look like a bona fide website. the victim logs into the spoofed website domain with their real credentials, which are then used by the attacker. fo... |
double-barrel attack | A phishing technique where the victim is sent multiple emails from the same malicious sender. the initial emails do not contain an attack as they are used to establish some credibility and garner ... |
doxing | The release of confidential personal or organisational information from a compromised computer or storage device into the public domain. an infamous case of doxing involved 11.5 million leaked doc... |
drive-by download | Va malicious file that downloads automatically from a compromised website with little or no user intervention. drive-by-downloads usually exploit out-of-date website plug-ins. in 2011, visitors to... |
dumpster diving | Process whereby the attacker examines the contents of waste bins, skips or recycling bins for the purpose of obtaining confidential information, such as invoices, email printouts or company memos.... |
email hijacking | Occurs when a bad actor takes control of a user’s email address via unauthorised means such as credential harvesting. once they have control, they can prey on the user’s contacts list to propagate... |
encryption (device) | Encryption is the scrambling of data so that it can only be accessed by someone with a decryption key. all devices that contain confidential or sensitive information should be encrypted. the login... |
evil twin | A wireless access point or computing device that spoofs the legitimate access point’s ssid or uses a similar name to another network. this can be used to instigate a man-in-the-middle attack where... |
file-less malware | This malware is extremely difficult to detect as it’s not written to the systems’ disk. instead, such infections reside in the systems’ memory, which can be within the windows registry, in a rootk... |
form grabbing | Malware that works by capturing data in a web form before the form is submitted. it is considered more effective than keylogging software, as it captures data even when a virtual keyboard, autofil... |
fullz | Hacker slang for information that is needed to steal one’s identity. cybercriminals will often offer some “free samples” of people’s identities to buyers on the dark web to show that they’re credi... |
general data protection regulation (gdpr) | - This data protection regulation will allow individuals to have greater control over how their data is collected and controlled when it comes into effect in may 2018. under this regulation, all...
|
host intrusion prevention system (hips) | Performs a similar role to anti-virus software in that it both detects and blocks threats, but its broader scope means that hips can detect changes to the operating system. however, with the evolu... |
identity access management | The system for controlling access to an organisation’s information assets. the whole premise of an iam solution is one identity per individual. that identity should be maintained, modified and mon... |
incident reporting | Modern day it security does not just come under the remit of the it department. instead, it is everyone’s job. it can greatly enhance an organisation’s security posture if incident reporting polic... |
incident response (data breach) | Organisations should develop contingency plans in preparation for a possible data breach. these should contain information, such as how individuals should be notified about the breach, how the bre... |
inference attack | This usually refers to a database when an authorised entity is able to infer sensitive information from authorised query results and prevailing common knowledge. for example, an authorised user ac... |
instant messenger (im) attack | Instant messenger tools, such as those provided by google, facebook and a host of other vendors, can provide a vector for a number of phishing attacks. |
internal data | Data generated from day-to-activities that are not identified as confidential or restricted. typical examples of internal data might include email correspondence with clients or internal telephone... |
internationalized domain name (idn) homograph attack | Website domain names can be registered using non-latin characters. this means that websites for popular domain names can be mimicked whilst appearing to be totally normal in the user’s browser. fo... |
least access privilege | The basic principle of it security, which dictates that people should only have access to data or systems that are strictly required for the performance of their duties. “privilege creep” occurs w... |
linkable information | Information which, when linked with other information, can be used to identify a data subject. for example, in a relational database, date-of-birth linked with a home address will probably identif... |
mis-delivery (email) | Email mis-delivery is a common cause of data breaches. this user error can occur when a user inadvertently sends an email containing sensitive data to the wrong recipient. mis-delivery errors can ... |
mis-direction | The act of deliberately drawing a target’s attention to one thing in order to distract them from another. this is often used in social engineering attacks. |
multi-factor authentication (mfa) | Passwords have an inherent weakness as they can be stolen, guessed or brute-forced. as a result, hardware manufacturers and software providers decided this more secure authentication solution was ... |
open source intelligence techniques (osint) | The practice of using publicly available information found in sources, such as google, linkedin, twitter, whois and facebook, to glean intelligence on an individual. using such sources has made it... |
out of band (oob) authentication | The use of a separate communication channel, such as an email, telephone, or in-person request, to verify the veracity of a request. this is considered to be a type of two-factor authentication. m... |
pass the hash | Many users erroneously believe that hashed passwords stored in their internet browser cannot be used in attacks. in reality, however, attackers can use what are known as “hash dumping tools” which... |
personally identifiable information (pii) | Any information, such as date of birth, credit card details, home address, driving license information etc., can be classified as pii. there is a thriving black market for pii on the so-called “da... данные, идентифицирующие личность; |
phishing susceptibility framework | Framework that correlates user attributes, such as culture, age, gender and experiential factors (technology savviness and professional experience), to phishing attack susceptibility. |
post-completion error | Occurs when a user fails to complete a task securely. for instance, a user might be logged on to outlook web access or another email portal, but fails to log-out, leaving the email account open to... |
pretexting | This is using a fabricated story to elicit an action from a target. common pretexts include attackers “verifying your account information” or posing as “it support personnel investigating a proble... |
privacy by design | Designing systems and applications which have data protection by default. privacy experts have always espoused privacy by design, but under gdpr it has become an explicit requirement. for example,... |
privacy notice | This is a document that informs data subjects how you use their data. under gdpr, your privacy notice must contain a number of details, including the contact details of your company and dpo, the r... |
protected health information (phi) | This refers to any health information that is created or received by a health care provider, health plan, public health authority, employer, life insurer, school, university or healthcare clearing... |
pseudo-randomised data | This refers to data which has been partially anonymised. for example, somebody’s name might be replaced with a number. |
qr code phishing | While qr codes may seem innocuous, the information encoded in them can be used to open a url, send a text message or compose an email. this often automatically executes an action in the related ap... |
remote access trojan (rat) | A rat is a piece of malware that provides a backdoor for the administrative control of the target. the goal of some phishing attacks is to install a remote access trojan onto the target’s computer... |
sandbox | This is an isolated environment within a computer’s operating system that is used for the opening of suspicious or untested executable files. in the same way that armies blow up suspicious package... dynamic analysis; |
scareware | Also known as “fake anti-virus”, scareware software issue a pop-up alert that aims to frighten unsuspecting internet users into purchasing worthless security software. scareware can also take the ... anti-virus software; |