Cyber Security Basic Terms and Concepts for Beginners
- April 5, 2021
- Posted by: Muhammad Afaq Khan, CCIE #9070
- Category: Cybersecurity
If you need more reasons to dive into a Cybersecurity career, here are a few pieces of information to consider. Gartner says that the cybersecurity spending is expected to reach $123 billion and continue to grow at about 10% each year for another 8 years. Just for context. At 10,000 feet, the cybersecurity market can be divided into three segments and are Hardware, Software, and Services. As you may expect, the Services happens to be the largest segment by revenue. The global cybersecurity losses are going to add up to a Trillion dollars in 2020 and by 2025, the cost of cybercrime will surpass 10 trillion dollars annually. If that’s enough, it is estimated that the cybersecurity industry will have over 3.5 million vacant positions this year. So, if you are a new grad or someone switching IT careers, and ready to consider a career in cybersecurity, the first thing you want to know is the cybersecurity terminology or jargon.
In this article, I want to discuss the top 10 Cybersecurity terminologies that you must learn on the road to being a cybersecurity professional. To put it all into perspective, I will share an example Cyber incident for each of the terms.
ADVANCED PERSISTENT THREAT
So, let’s start with some of the most common terms. ADVANCED PERSISTENT THREAT or APT. Threat actors in the top tier of sophistication and skill, capable of using advanced techniques to conduct complex and protracted campaigns in the pursuit of their strategic goals, are often called advanced persistent threats. You will notice that in my videos I use nation-state threat actors interchangeably with APT. Often an APT takes advantage of numerous unknown vulnerabilities or zero-day attacks, which allow the attacker to maintain access to the target even as some attack vectors are blocked. In the SolarWinds video, you heard me talking about Silverfish and CozyBear.
AUTHENTICATION AND AUTHORIZATION
The process of proving an individual is a claimed identity is known as authentication and there can be multiple authentication factors such as a password, a token, or a fingerprint. When more than two factors are used at the same time, it is known as two-factor authentication. If you didn’t know, now you know. Authorization is about determining and enforcing what authenticated users are authorized to do within a system or a network.
BLACKLISTS AND WHITELISTS
A blacklist is an access control mechanism that allows everyone access, except for the members of the blacklist. The opposite of a blacklist is a whitelist, which is a list of trusted entities such as applications and websites. BOTNET. It is a collection of legit endpoints such as computers that have been compromised by malicious code to take advantage of the system’s resources to perform cybercrime activities. These activities include traffic flooding attacks, hosting false Web services, spoofing DNS, and so on. One of the recent botnets was created out of IoT devices using the Mirai malware, look it up if you don’t know it already.
The ciphertext is encrypted text transformed from plaintext using an encryption algorithm. It can’t be read until it has been converted into plaintext or decrypted with a key. The typical encryption algorithm includes 3DES, AES, and what have you. CVEs. Another term that you have heard from me when discussing Microsoft Exchange Hack and SolarWinds supply chain attack is Common Vulnerabilities and Exposures or CVEs. It is a list of publicly disclosed hardware or software security flaws. In both cases, Microsoft and SolarWinds assigned CVE numbers to each cyber incident and used them as sort of an identifier to publish their hotfixes.
DENIAL OF SERVICE or DOS ATTACK
It is an attack that attempts to block access to and use of a resource by compromising the availability is known as Denial of Service. The purpose of a DDoS attack is to significantly amplify the level of the attack beyond that which can be generated by a single attack system to overload larger and more protected victims. The largest DDOS attack by volume was conducted against AWS in 2020, where attackers were able to send in over 2.3 Terra Bits Per Second of UDP traffic. It is common for attackers to use a botnet for traffic amplification purposes. The AWS attack was mitigated by the AWS Shield.
DATA LOSS PREVENTION or DLP
It is a collection of security mechanisms that aim at preventing the occurrence of data loss and or data leakage. There is a difference between loss and leakage. Data loss occurs when a storage device is lost or stolen while data leakage occurs when copies of data are possessed by unauthorized entities.
It is the act of listening in on a transaction, communication, data transfer, or conversation. The hackers use man the middle hack and capture data packets by tapping a wire using network packet sniffers such as Wireshark.
It is a trap or decoy for attackers. Cyber companies set up these honeypots, like a Microsoft Exchange server running software with known flaws, to entice and fool hackers into thinking that they are hacking a real system. A honeypot may contain false data to trick attackers into spending considerable time and effort attacking and exploiting the false system. A honeypot may also be able to discover new attacks or the identity of the attackers.
An insider has both physical access and logical access to the systems, so hands-down a compromised insider is a bigger risk than an outsider if that insider goes rogue or is tricked into causing harm. In July 2020, hackers used a phishing attack to gain access to 130 private and corporate Twitter accounts with at least a million followers each and the list of hacked accounts included those of Barack Obama, Elon Musk, Bill Gates, Jeff Bezos among others.
MALWARE, RANSOMWARE, TRAJON, VIRUS, WORM, AND SPYWARE
They may appear as different names for the same thing, but they are not. Malware is an umbrella term that describes all forms of malicious software designed to compromise a computer. Viruses, trojans, worms, and ransomware are all examples of malware. Ransomware is a form of malware that deliberately prevents you from accessing files on your computer, holding your data hostage. It will typically encrypt files and request that a ransom be paid to have them decrypted or recovered. According to one estimate, the total cost of ransomware in 2020 was about 20 billion dollars. A trojan is a piece of malware that often allows a hacker to gain remote access to a computer through a back door. A virus is a type of malware aimed to corrupt, erase or modify information on a computer before spreading to others. A worm is a piece of malware that can replicate itself to spread the infection to other connected computers. Finally, spyware is a type of malware that functions by spying on user activity without their knowledge. The capabilities include activity monitoring, collecting keystrokes, data harvesting.
I have two more bonus terms for you and those are ROOTKIT and DEEPFAKE. A rootkit is another kind of malware that allows cybercriminals to remotely control your computer. Rootkits are especially damaging because they are hard to detect and thus likely to remain active for longer periods. Deepfake is an audio or a video clip that has been generated using artificial intelligence to seem real or believable. The most dangerous consequence of the popularity of deepfakes is that they can easily convince people into believing a certain story or theory that may result in user behavior with a bigger impact as in political or financial. There are some unbelievable examples of deepfakes, I remember there was a recent one where someone Deepfaked Tom Cruise.
HOW DO I LEARN A NEW SKILL
Now, here is my final thought, and for what it’s worth, here is how I develop new skills in three simple steps. First, I focus on understanding the core concepts. If you look deeper, you will realize that there are usually THREE to FIVE main concepts that govern a field, all other secondary concepts are simply a combination of those. Secondly, I learn the jargon, so I go through all of the material available that contains the terminology for what the new skill is about. Finally, I learn by doing. This can be hands-on, labs what have you, the point is to take your theoretical knowledge such as the concepts and terminology and combine it with practice in the real world to fill the gaps in learning and pave the path to mastery. OK, I lied when I said that there are THREE steps, there is one more step and that is finding an expert. If I can find an expert for the skill or in the field, I follow them on Twitter to primarily understand what the current issues are and where the field is going. If I can find a real-life mentor to bounce off ideas, that’s even better.
THANK you for reading the article, I hope you found it helpful. I’d love to hear your thoughts.
Author:Muhammad Afaq Khan, CCIE #9070
0 (0) Today, we live in a world where there is nothing, and I mean nothing, off the limits for cyberattacks and particularly ransomware attacks. Our hospitals, our universities, oil pipelines, and now even our meat is under cyberattack. The cyberattack that flattened the IT operations at JBS Foods over the weekend turns out was […]
0 (0) Ransomware has been a growing menace for years, but there has been a marked increase, during the recent months, in sophistication and level of innovation in this portion of the cybercrime underbelly. If you didn’t know, cybercrime comes in many different types, such as email and internet fraud, identity theft, financial theft like […]
0 (0) It’s time to check your Pulse. I mean your Pulse Connect Secure VPN appliance. Hackers have been exploiting several previously known and one zero-day vulnerabilities affecting Pulse Connect Secure aka PCS VPN appliances. They are targeting defense, government, and financial organizations around the world. According to FireEye, several threat actors have been exploiting […]
5 (2) OK, we now have another supply chain attack that could become the next big hack. When April fools’ jokes were being published online, one company known as Codecov discovered something that was far from a joke. So, who is Codecov? Codecov is one of the many DevOps tools out there. It provides hosted […]
5 (2) So, what is Ethical Hacking? Well, it is hacking ethically. OK, that was not helpful. There are two types of hacking, white hat hacking, black hat hacking. They use similar tools and have similar goals, so then what is the difference. Well, there is one big difference and that has to do with […]
How useful was this post?