Cyber Security Basic Terms and Concepts for Beginners
- April 5, 2021
- Posted by: Muhammad Afaq Khan, CCIE #9070
- Category: Cybersecurity
If you need more reasons to dive into a Cybersecurity career, here are a few pieces of information to consider. Gartner says that the cybersecurity spending is expected to reach $123 billion and continue to grow at about 10% each year for another 8 years. Just for context. At 10,000 feet, the cybersecurity market can be divided into three segments and are Hardware, Software, and Services. As you may expect, the Services happens to be the largest segment by revenue. The global cybersecurity losses are going to add up to a Trillion dollars in 2020 and by 2025, the cost of cybercrime will surpass 10 trillion dollars annually. If that’s enough, it is estimated that the cybersecurity industry will have over 3.5 million vacant positions this year. So, if you are a new grad or someone switching IT careers, and ready to consider a career in cybersecurity, the first thing you want to know is the cybersecurity terminology or jargon.
In this article, I want to discuss the top 10 Cybersecurity terminologies that you must learn on the road to being a cybersecurity professional. To put it all into perspective, I will share an example Cyber incident for each of the terms.
ADVANCED PERSISTENT THREAT
So, let’s start with some of the most common terms. ADVANCED PERSISTENT THREAT or APT. Threat actors in the top tier of sophistication and skill, capable of using advanced techniques to conduct complex and protracted campaigns in the pursuit of their strategic goals, are often called advanced persistent threats. You will notice that in my videos I use nation-state threat actors interchangeably with APT. Often an APT takes advantage of numerous unknown vulnerabilities or zero-day attacks, which allow the attacker to maintain access to the target even as some attack vectors are blocked. In the SolarWinds video, you heard me talking about Silverfish and CozyBear.
AUTHENTICATION AND AUTHORIZATION
The process of proving an individual is a claimed identity is known as authentication and there can be multiple authentication factors such as a password, a token, or a fingerprint. When more than two factors are used at the same time, it is known as two-factor authentication. If you didn’t know, now you know. Authorization is about determining and enforcing what authenticated users are authorized to do within a system or a network.
BLACKLISTS AND WHITELISTS
A blacklist is an access control mechanism that allows everyone access, except for the members of the blacklist. The opposite of a blacklist is a whitelist, which is a list of trusted entities such as applications and websites. BOTNET. It is a collection of legit endpoints such as computers that have been compromised by malicious code to take advantage of the system’s resources to perform cybercrime activities. These activities include traffic flooding attacks, hosting false Web services, spoofing DNS, and so on. One of the recent botnets was created out of IoT devices using the Mirai malware, look it up if you don’t know it already.
The ciphertext is encrypted text transformed from plaintext using an encryption algorithm. It can’t be read until it has been converted into plaintext or decrypted with a key. The typical encryption algorithm includes 3DES, AES, and what have you. CVEs. Another term that you have heard from me when discussing Microsoft Exchange Hack and SolarWinds supply chain attack is Common Vulnerabilities and Exposures or CVEs. It is a list of publicly disclosed hardware or software security flaws. In both cases, Microsoft and SolarWinds assigned CVE numbers to each cyber incident and used them as sort of an identifier to publish their hotfixes.
DENIAL OF SERVICE or DOS ATTACK
It is an attack that attempts to block access to and use of a resource by compromising the availability is known as Denial of Service. The purpose of a DDoS attack is to significantly amplify the level of the attack beyond that which can be generated by a single attack system to overload larger and more protected victims. The largest DDOS attack by volume was conducted against AWS in 2020, where attackers were able to send in over 2.3 Terra Bits Per Second of UDP traffic. It is common for attackers to use a botnet for traffic amplification purposes. The AWS attack was mitigated by the AWS Shield.
DATA LOSS PREVENTION or DLP
It is a collection of security mechanisms that aim at preventing the occurrence of data loss and or data leakage. There is a difference between loss and leakage. Data loss occurs when a storage device is lost or stolen while data leakage occurs when copies of data are possessed by unauthorized entities.
It is the act of listening in on a transaction, communication, data transfer, or conversation. The hackers use man the middle hack and capture data packets by tapping a wire using network packet sniffers such as Wireshark.
It is a trap or decoy for attackers. Cyber companies set up these honeypots, like a Microsoft Exchange server running software with known flaws, to entice and fool hackers into thinking that they are hacking a real system. A honeypot may contain false data to trick attackers into spending considerable time and effort attacking and exploiting the false system. A honeypot may also be able to discover new attacks or the identity of the attackers.
An insider has both physical access and logical access to the systems, so hands-down a compromised insider is a bigger risk than an outsider if that insider goes rogue or is tricked into causing harm. In July 2020, hackers used a phishing attack to gain access to 130 private and corporate Twitter accounts with at least a million followers each and the list of hacked accounts included those of Barack Obama, Elon Musk, Bill Gates, Jeff Bezos among others.
MALWARE, RANSOMWARE, TRAJON, VIRUS, WORM, AND SPYWARE
They may appear as different names for the same thing, but they are not. Malware is an umbrella term that describes all forms of malicious software designed to compromise a computer. Viruses, trojans, worms, and ransomware are all examples of malware. Ransomware is a form of malware that deliberately prevents you from accessing files on your computer, holding your data hostage. It will typically encrypt files and request that a ransom be paid to have them decrypted or recovered. According to one estimate, the total cost of ransomware in 2020 was about 20 billion dollars. A trojan is a piece of malware that often allows a hacker to gain remote access to a computer through a back door. A virus is a type of malware aimed to corrupt, erase or modify information on a computer before spreading to others. A worm is a piece of malware that can replicate itself to spread the infection to other connected computers. Finally, spyware is a type of malware that functions by spying on user activity without their knowledge. The capabilities include activity monitoring, collecting keystrokes, data harvesting.
I have two more bonus terms for you and those are ROOTKIT and DEEPFAKE. A rootkit is another kind of malware that allows cybercriminals to remotely control your computer. Rootkits are especially damaging because they are hard to detect and thus likely to remain active for longer periods. Deepfake is an audio or a video clip that has been generated using artificial intelligence to seem real or believable. The most dangerous consequence of the popularity of deepfakes is that they can easily convince people into believing a certain story or theory that may result in user behavior with a bigger impact as in political or financial. There are some unbelievable examples of deepfakes, I remember there was a recent one where someone Deepfaked Tom Cruise.
HOW DO I LEARN A NEW SKILL
Now, here is my final thought, and for what it’s worth, here is how I develop new skills in three simple steps. First, I focus on understanding the core concepts. If you look deeper, you will realize that there are usually THREE to FIVE main concepts that govern a field, all other secondary concepts are simply a combination of those. Secondly, I learn the jargon, so I go through all of the material available that contains the terminology for what the new skill is about. Finally, I learn by doing. This can be hands-on, labs what have you, the point is to take your theoretical knowledge such as the concepts and terminology and combine it with practice in the real world to fill the gaps in learning and pave the path to mastery. OK, I lied when I said that there are THREE steps, there is one more step and that is finding an expert. If I can find an expert for the skill or in the field, I follow them on Twitter to primarily understand what the current issues are and where the field is going. If I can find a real-life mentor to bounce off ideas, that’s even better.
THANK you for reading the article, I hope you found it helpful. I’d love to hear your thoughts.
Author:Muhammad Afaq Khan, CCIE #9070
5 (1) The United States is home to the world’s most iconic cybersecurity companies such as Palo Alto Networks, Fortinet, FireEye, CrowdStrike, McAfee, Tanium and I can go on and on but here is the point. Despite being at the cutting edge of cybersecurity technologies, US enterprises and the government get successfully targeted and hacked […]
5 (1) If you need more reasons to dive into a Cybersecurity career, here are a few pieces of information to consider. Gartner says that the cybersecurity spending is expected to reach $123 billion and continue to grow at about 10% each year for another 8 years. Just for context. At 10,000 feet, the cybersecurity […]
5 (1) The global Cybersecurity market is worth $202B today and is expected to reach a whopping $433B by 2030. The cyber security market consists of five major segments and those are network security and endpoint, threat detection and intelligence, identity access management or IAM, data and cloud security, encryption, and cryptography, and a few […]
5 (1) If you didn’t know, the SolarWinds hack was not one of, but the most sophisticated software supply chain attack to ever occur. SolarWinds hackers enjoyed unfettered access to thousands of SolarWinds customers worldwide for 9 months. They could have continued it for even longer if not for the unforced error on their part […]
5 (1) Another week, and another hack. If the SolarWinds and Microsoft Exchange hacks were not enough, F5 to the rescue. With a high-severity vulnerability, a patch-ASAP-grade, you can bet attackers reacted like sharks that smell blood in the water. Just for some historical context, a similarly critical remote code execution or RCE vulnerability in […]