40 Most Common Cyber Security Terms That Everyone Should Know

1
40 Most Common Cyber Security Terms That
Everyone Should Know
Keeping yourself ahead of vulnerable threats is
hard, but not understanding those technical
jargons makes it even harder.

• October is marked as the National Cybersecurity
  Awareness Month (NCSAM). As cyber-attacks have
  been on the rise for the past decade and show no
  signs of letting up. NCSAM is commemorating its
  15 years this coming month since its raising
  awareness about the importance of cybersecurity.
  So, through our blog, we aspire to contribute for
  the same!
• The guide is handy for the people who are not
  fluent in common cybersecurity terms and mostly
  find themselves lost in arduous discussions.
• Before beginning with our most common
  cybersecurity glossary, we would like to define
  two terms under which all the further common
  security terms fall. First is Cyberattack and
  other is Cybersecurity.
• Cyber Attack
• Cyberattack is a deliberate action to exploit
  computer systems, tech-dependent enterprises, and
  networks. With the intention to harm, to damage,
  to breach information of an individual or
  organization- Cyber-attacks are attempted.
• Remember- no company is too large, or home
  network is too small, to fall a victim.

2

• Cyber Security
• To simply put, cybersecurity is a protection
  against those cyber-attacks. Multiple security
  layers are spread across the systems, programs,
  and networks in order to keep individuals
  organizations protected from unauthorized
  exploitation.
• Though implementing effective cybersecurity
  shields is a challenging task today, and users
  should always be a step ahead to beat cyber
  criminals.

• Most Common Cyber Security Terms
• Learning these computer security terms will help
  you better understand the importance of digital
  security.
• Adware
• Adware can be defined as a bundle of programs
  that is designed to bombard users with
  advertisements. The main aim behind it is to
  redirect users search requests to advertising
  websites and collect marketing data.
• Adware tracks users online activity, slow down
  devices performance, displays customized ads
• and gets malware downloaded at the back end and
  also eats lots of data costs.
• Botnet
• A botnet is a bunch of several Internet-connected
  devices such as PCs, mobiles, servers and IoT
  devices that is infectious and controlled by a
  specific type of malware.
• As the name suggests, its a blend of two terms,
  Robot Network. And thats exactly what they
• are, a network of robots that are used to commit
  crimes in the cyber world.
• Heres an anatomy of how Botnet works!
• Clickfraud

3
Clickfraud happens when artificially created
bogus clicks are used to manipulate Pay-Per-Click
(PPC) advertising. The idea behind this practice
is to increase the number of payable clicks, in
order to generate revenue to advertisers. Cybercr
ooks use Botnet to create these types of scams.
Either this practice can be followed by
individuals to manually click the AD hyperlinks
or by using automated software or online bots to
click these AD links.

• Cyber Espionage
• When you hear about Cyber Espionage, characters
  like James Bond might come to your mind, that
  pretends to be someone who theyre not,
  infiltrating organizations also stealing
  secrets.
• Similar to that fictional character, Cyber
  Espionage is the term that describes the practice
  of spying on someone to gain illicit access to
  confidential information. The prime target of
  this cybercrime is typically large institutions
  and government organizations. But it doesnt mean
  individuals are too small to fall a victim.
• Dark Web
• With so much happening through the Internet,
  there is so much more in World Wide Web than it
  appears. And Dark Web is that part of the
  Internet that is not visible to regular users. To
  understand what Dark Web is, first you need to
  understand what Deep Web is.
• Its a vast network of websites portals that
  are not categorized by search engines. Likewise,
  Dark Web is just a small portion of Deep Web that
  has thousands of dark sites where all illegal
  activities are executed.
• Defence-in-Depth
• DiD is an approach used to create multiple layers
  of security to protect information
  resources/assets and valuable data in an
  enterprise from attacks. If somehow any mechanism
  gets fails, another security layer steps up
  immediately to thwart an attack.
• No organization can remain secured with a single
  layer of security. Therefore, this multiple
  layered approach to security is applied at each
  level of IT Systems.
• Demilitarized Zone

4

• The Demilitarized Zone is known as a firewall
  setting that separates LAN of an organization
  from the external network. DMZ makes certain
  servers available to everyone while keeping the
  internal LAN access private and accessible to
  only authorized people.
• Detection Deficit
• Detection Deficit is the gap between the times it
  takes to Discover a breach from the time of
  Compromise.
• Easter Egg
• Its a non-malicious surprise embedded in a
  program or media which is entertaining and
  accessible to anyone. It can be found in every
  software these days, especially in video games.
  Its an intentional joke, hidden message or image
  usually found on the menu screen.
• End-to-End Encryption
• End-to-end encryption is a method of protecting
  and securing communication that hinders third
  parties from accessing data when it is
  transferred from one device to another.
• For example, whenever you do online shopping
  using your credit card. Your mobile phone needs
  to send the credit card to the merchant. Its
  End-to-end encryption method that just makes sure
  that only you and the merchants device can
  access the confidential credentials.

• Also Read Cyber Security Insurance A New Age
  Scam?
• Evil Twin
• An evil twin is a fake Wi-Fi hotspot or access
  point that poses to be original and safe, but
  its
• actually set up to snoop on another wireless
  network.
• Exploit Kits
• Exploit Kits are basically the package of
  automated threats that are used by attackers to
  launch exploits against vulnerable programs.
  Exploits are designed to cause unexpected
  behaviors that an attacker can take advantage of
  to perform harmful actions.
• Firewall

5

• Firewall is a defensive technology that is
  focused on to keep bad guys out from ones
  network. It acts as a virtual barrier that
  protects both internal and external cyber-attacks
  that might attack your personal computer.
• It keeps a check on all the unauthorized access
  to or from a private network and also determines
  which entry should be allowed or not to interact
  with your computer.
• FTP
• If you hang out with tech geeks or especially web
  developers, you might have heard FTP a lot. If
  youre nodding, probably you know what it means.
  FTP is short for File Transfer Protocol that is
  meant for uploading and downloading files.
• For instance, any two systems that use the same
  network can transmit files using FTP Protocol.
• Gateway
• Gateway acts as a bridge between two networks
  that connects using different protocols.
• Guessing Entropy
• Its a measure of difficulty that an attacker has
  to guess in order to crack the average password
• used in a system. Generally, entropy is stated in
  Bits.
• When a password has n-bits of Guessing Entropy,
  more the difficulty arises for an attacker in
  guessing the average password.
• Hashing
• Hashing is an encryption algorithm that converts
  the plaintext password into hashes. Its a form
  of cryptographic security method that is used to
  transform strings of characters in shorter fixed-
  length value that poses as the original string.

• Handshaking Procedures
• The process by which two information systems
  establish a communication channel. Handshaking
  begins when one device sends content to another
  device for identifying, syncing, and
  authenticating themselves to one another.
• Identity Theft

6

• Sometimes also referred to as Identity Fraud, it
  involves the unauthorized taking of someones
• personal possessions and then using it in an
  illicit way for their own benefits.
• IDS
• Intrusion Detection System is software or device
  that functions to monitor network traffic for
  malicious activity. These detection systems help
  in identifying suspicious activity, log
  information related and attempts to block and
  report it.
• IP Spoofing
• IP Spoofing or IP Address Forgery is a hijacking
  technique in which a cracker pretends as a
• trusted host to disguise someones identity,
  hijack browsers, or gain access to a network.
  Though its not illegal to spoof an IP Address,
  as youre just faking your address to hide your
  online activities and be anonymous.
• However, if someone uses the technique to
  masquerades as someone else and indulges in
• criminal activities such as identity theft, then
  its illegal.
• Keylogger
• Often referred to as Keystroke logging, Keylogger
  is a computer program that keeps a log of your
  keystrokes on your keyboard. The entire log is
  saved in a log file which is encrypted and can
  be shared with different receivers for different
  purposes. It can be used for both legal and
  illegal means. It can track all the sensitive
  information like passwords and PIN (Personal
  Identification Number) in real time and can be
  used for hijacking your personal accounts.
• Macro Virus
• A macro virus is a small piece of code which is
  lodged into the macros of different
  documentation and software programs such as
  spreadsheets and word documents. Whenever a user
  opens up the document affected with macro virus,
  a series of actions begins automatically. The
  macro virus replicates rapidly upon sharing the
  document with multiple nodes.

24. Malware Malware is a troupe of all the
malicious programs like viruses, Trojan horses
and spyware. It is a malicious program that
reaches a target computer and runs the scripts
which take the entire
7

• control over all the computing functions of the
  target computer. It can steal and hijack all the
  sensitive stored in encrypted files by decrypting
  them.
• Mobile Banking Trojans
• Users who are very frequent in using electronic
  gadgets for banking purposes are most liable to
  get affected by Mobile Banking Trojans. The
  influence begins with overlaying of Trojans
• interface over Banking apps interface. When the
  user input their credentials to login into their
• account, Trojan loots them and impersonates
  users account.
• Acecard family and Faketone Trojans were very
  effective in a cyber plague in 2016 which took
  over dozens of banking applications in Russia.
• Must Read Cyber-Kinetic Attack A Reality Or
  Myth?
• One-Way Encryption
• Hashing and Encryption serve the same purpose,
  that is a secure transmission of data between
  the sender and receiver. The primary difference
  between both is that, in Hashing, you cant
  reverse the process for retrieval of the
  un-hashed original string but in encryption, you
  can.
• Hashing is a kind of One-Way Encryption which is
  an irreversible process thats why it is termed
• to be one-way.
• Open Wi-Fi
• An Open Wi-Fi network is an unprotected
  connection that doesnt require any
  authentication to connect to it. Though for a
  layman it is a treat rather it is a threat to
  your personal information since you are exposing
  yourself to all the nodes connected within that
  network. Hackers can monitor all the entire
  traffic which is unencrypted.
• Password Sniffing
• Password Sniffing is the process of intruding
  between a transfer of data packets which
  encompasses password. The process is performed by
  a software application called Password Sniffer
  which captures the data packets which contains
  password and stores it for illegal and malicious
  purposes.

8

• Pharming
• Pharming is another malicious mechanism which
  redirects a user to a fake site falsely which
  appears to be a genuine one. A user enters all
  the credentials into the duplicate site
  considering it to be the legitimate one.
  Pharming is a sort of Phishing which has become a
  major threat to all the e-commerce and e-tailor
  websites.
• Phishing
• By Phishing, a hacker strives to steal your
  personal information such as passwords and
  e-mails. Phishing is done primarily through
  false e-mails that appear to be sent through a
  legitimate site such as Amazon or e-bay. E-mail
  asks you to update or validate yourself by
  providing the username and password in order to
  read the information. Scammers then take the
  total control of your account and thieve your
  information such as bank accounts information
  etc.
• QAZ
• QAZ is a famous backdoor trojan that launches the
  untampered version of notepad.exe into systems,
  that allows hackers to link and gain access to
  the affected computer.
• Ransomware
• Ransomware can be any malicious software that
  encrypts data found on an individuals or
  enterprise system. Once the data gets encrypted
  in wrong hands, the victim is demanded a huge
  amount of money i.e. ransom.
• Reverse Engineering
• Reverse Engineering is a mechanism for
  maintenance and improvisation of the software
  over time. It is used to find bugs and
  vulnerabilities in software by analyzing the
  underlying blocks of code. This mechanism also
  helps in reducing the replication of unintended
  code reducing the overall costing for testing
  and maintenance. Hackers and Crackers use Reverse
  Engineering to find the vulnerabilities in any
  Operating System.
• Rootkit

9
The word Rootkit has been derived by two words,
root which means total control over the system
or getting administrator rights by bypassing the
authentication process and kit means the set
of tools like software applications and packages
to undergo this intrusion for privileged access.
Once the intruder gets total control over the
system like that of an administrator, it can
modify and delete the elements of software
applications which is not otherwise accessible.

• Script Kiddie
• Script kiddie is a term used for the newbies in
  hacking and cracking. They dont carry their own
  skill to write a script on their own, they use
  scripts developed by other hackers. It doesnt
  require a skill or experience to be a script
  kiddie.
• Social Engineering
• Social Engineering happens when a scammer
  manipulates a user into giving up their personal
  data. A social engineer is a man who interacts
  with individuals in order to gather their
  sensitive information and eventually rip them
  off.
• The most common example of social engineering is
  when some attacker tricks users into giving
  their banking credentials and other transaction
  information.
• Trojan Horse
• Trojan horse is a malicious program that was
  first reported in 19744 in US Air Force report.
  The payload of this may be anything but, in many
  instances, it acts as a backdoor for the
  attacker. Once the attacker has control of the
  hosts system, they can lay their hands on the
  personal info like banking credentials or infect
  the network as well.
• Vishing
• This is yet another attempt of the attackers to
  get access to financial details of a victim.
  Vishing or voice phishing is special because
  attackers try to do so via phone call.
• Zero Day

10
Zero Day is a computer software vulnerability
which is unknown to security professionals but
known to hackers. Before the concerned parties
can detect and mitigate this, the hackers
exploit that loophole. Read Also What Is Cyber
Insurance And Why Do You Need One? 40. Zombie
Computer Zombie Computer happens when the
remote-access Trojan horse leaves hidden codes
into a system that allows a criminal to control
the computer remotely. Attackers rely on various
robot networks that help is creating zombie
computers so that they can carry out crimes in
the cyber world. Regardless of what you
understand and learn from this cybersecurity
glossary, your mind has at least been opened to
some new thinking today!