Cyberthreat Glossary

Cybersecurity

​​Illustration by Viktor Koen​​​

Cyberthreat Glossary
 

Hackers are using increasingly sophisticated methods to plunder assets, gain attention, and line their pockets—all while wreaking possible havoc on your organization. Cybersecurity experts give an overview of some of the biggest threats currently on the cyberscape.

What's the Difference?

Malware: The term malware is derived from the phrase “malicious software.” Malware is written to damage or perform unwanted actions on a computer machine. Worms, viruses, and Trojans are among the common types of malware. Hackers can install malware on machines in a number of ways, including through spear-phishing e-mails, infected Web pages, and Web downloads. Once malware has infected a machine or site, the hacker can gain access or control and move through the network. 

Vulnerability: A weakness in an operating system or network that can be exploited for the hacker’s gain. These flaws permit hazardous situations to occur, and software updates known as patches are used to fix them. Heartbleed and Shellshock are notable vulnerabilities that emerged in the past year. Injection attacks also occur when a server contains a vulnerability, allowing the attacker to “inject” malicious code in a website’s script even though the page appears innocuous.

Sources: National Initiative for Cybersecurity Careers and Studies/U.S. Department of Homeland Security, FortiGuard Labs

Bitcoin-Mining Malware

A cyberattack where computing devices are hacked to run code that solves complex algorithms to generate Bitcoin currency. Cryptocurrencies, like Bitcoin, are “mined” by solving complex algorithms, a process that gets harder as it goes on, requiring more and more computing power, and electricity, to generate new currency. The hacker uses malware to infect the computer drives, harnessing their collective power to generate Bitcoins. This type of attack can occur on both computers and smartphones and has been used in surveillance cameras. Criminals typically focus on machines with enough number-crunching power to generate Bitcoins quickly. 

Stephen Cobb, Senior Security Researcher, ESET

Point-of-Sale Malware

Retailers use point-of-sale (POS) systems to ring up orders and collect credit card information for in-store retail purchases. POS malware was instrumental in several major public breaches such as those at UPS, Target, and Home Depot. These represent millions of compromised credit card numbers and tremendous losses associated with investigating and remediating the underlying issues. This will likely continue to be a focus area for attackers due to the easy availability of valuable credit card data, as well as retailers’ reluctance to overhaul their POS systems. 

Dan Cornell, Principal, Denim Group

Darkhotel

The targets of this advanced persistent threat campaign, which has been in operation for almost a decade but has recently grown larger, are top executives and high-tech entrepreneurs from companies around the world. The attacks happen when executives stay at certain luxury hotels in different countries in the Asia-Pacific region. The actor uses a set of three attack techniques, including compromising specific hotel networks, then staging attacks from those networks on selected high-profile victims. Another Darkhotel offensive technique is to spread malware indiscriminately via peer-to-peer file-sharing sites. The attackers also use spear-phishing e-mails to infiltrate organizations from different sectors. 

Kurt Baumgartner, Principal Security Researcher, Kaspersky Lab

Advertising Malware

There are two schemes by which systems infected with malware can make money for their bot owners through the exploitation of digital advertising.

The bot owners can sell ad space to purveyors of highly questionable and sometimes fraudulent products or services and present the resulting ads to the user of the infected system. This often results in pop-up ads—the malware can disable the browser’s pop-up blocker—and can make the system nearly unusable. 

In the second scheme, the bot owners can instruct the system to click on ads served up at fake websites that the bot owners control and thereby defraud the legitimate companies placing these ads. This is done without any visible sign to the end user. The ad clicks emulate what a browser would do if a user clicked on the ad, but without actually using a browser.

Oliver Tavakoli, Chief Technology Officer, Vectra Networks

Shellshock

In this cyberattack, computing devices are hacked to run code that affects Bash, one of the most commonly used Linux shells in the world. Any Linux service that interacted with Bash, allowing settings to be imported, was vulnerable. The vulnerability was particularly problematic because it allowed remote code access, meaning that hackers could interact with a service remotely as if they were on the server. The attack was widespread—most people running Linux were affected. The bug was uncovered in September 2014, and software companies began releasing patches to fix the vulnerability. 

James Foster, Chief Executive Officer, ZeroFOX

SQL Injection Attacks

SQL (structured query language) is the “language” used in modern relational databases like MySQL, Microsoft SQL Server, and Oracle. In today’s data-driven world, many Web applications and services rely upon SQL databases to store countless gigabytes of information. Everything from sensitive financial information to usernames and passwords can be stored in back-end databases that are integrated into the Web applications and sites everyone uses on a daily basis. A successful SQL injection attack can allow an attacker free rein over the data stored in the database. 

Richard Henderson, Security Strategist, FortiGuard Labs

Heartbleed

A flaw in OpenSSL’s session “keep alive” function allows remote users to read random chunks of a Web server’s memory. Using this attack, a persistent attacker can even obtain the server’s private keys, which are what keeps most encrypted connections private on the Internet. Heartbleed made the news in a big way, and it led to expedited patching by system administrators worldwide. 

George Baker, Director of Professional Services, Foreground Security