Account Takeover (ATO)
A form of identity theft in which the criminal obtains access to a victim's bank, credit card accounts or business systems — through a data breach, malware or phishing — and uses them to make unauthorized transactions.
Active Directory
ATM Malware
Attack Surface Management
An attack surface is the sum of an organization’s internet-facing entry points that a threat actor can use to infiltrate a network.
Banking Trojan
Malicious software designed to steal account-related information related to card payments, online banking and e-payment gateways.
Blue Team
A group who performs analysis of information systems to identify security flaws, verify the effectiveness of each security measure, and to make certain all security measures will continue to be effective after implementation.
Botnet
A collection of internet-connected devices, referred to as bots, that are commanded and controlled by malicious actors to carry out nefarious activities.
Brute Force
Bulletproof Hosting (BPH)
Hosting services that are lenient about the kinds of activity and material they allow their customers to upload and distribute. These services generally are immune to law enforcement or takedown efforts. Malware and illegal websites are commonly hosted on these types of providers.
Business Email Compromise (BEC)
Carding
Credit or debit card information obtained, sold or used by unauthorized individuals. Also known as "payment card fraud."
Cashout
Clipper
Malware that targets a computer's clipboard, particularly for the purpose of hijacking a cryptocurrency transaction to swap a wallet address with one owned by the malware author.
Command and Control (C2)
A server in control of a hacker or any cybercriminal, which is maliciously used for commanding the various systems that have already been exploited or compromised by malware. These servers are also used for receiving the desired data by the hacker from the compromised machines covertly on the target network.
Crypting
Cryptomining
With regard to malware, cryptocurrency mining, cryptomining, or cryptojacking is malware designed to use a device’s CPU resources to mine cryptocurrency without authorization.
Cyber Insurance
Data Breach
Data Dump
Denial of Service
Distributed Denial of Service (DDoS)
A denial of service technique that uses numerous hosts to perform the attack.
Document Fraud
Schemes to manufacture, counterfeit, alter, sell and/or use identity documents and other fraudulent documents. Also known as "identity fraud."
Drop Accounts
Endpoint
Exfiltration
Exploit Kit
Fast Flux
A DNS technique used by bulletproof hosting services that hides phishing and malware delivery sites behind an ever-changing network of hosts.
Forensics
The practice of collecting and analyzing data from computer systems, networks, wireless communications, and storage devices that supports an investigation.
Fullz
The full financial information tied to a payment card beyond standard account information. "Fullz" often include a Social Security Number, date of birth and associated publicly identifiable information.
Geolocation
The geographical location of a person based on the digital information given off by their internet-connected device.
Incident Response
The process by which security operations prepare for, identify, contain, and recover from a security event.
Indicator of Compromise (IoC)
Evidence found on a computer network or operating system that, with high confidence, indicates a computer intrusion.
Information Stealer
Malicious software designed to gather information from a system such as login credentials, keystrokes and screenshots of sensitive information.
Insider Threat
IoT Malware
Malicious software used to compromise networked devices, such IoT devices, then used for nefarious purposes such as forming botnets to launch network attacks.
IP
Keylogging
The use of a computer program to record every keystroke made by a computer user, particularly to gain fraudulent access to passwords and other confidential information.
Lateral Movement
Techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target and subsequently gain access to it. Reaching their objective often involves pivoting through multiple systems and accounts to gain access. Adversaries might install their own remote access tools to accomplish lateral movement or use legitimate credentials with native network and operating system tools, which may be stealthier.
Loader
Malicious software designed to download and/or drop malicious payload code onto an infected computer system. Also referred to as a "dropper."
Malspam
Malicious spam is a popular method for delivering emails in bulk that contain infected documents or links, redirecting users to websites that contain other malware.
Malvertising
Malware as-a-Service
Mobile Malware
Money Mules
A person who transfers money acquired illegally (e.g., stolen) in person, through a courier service, or electronically, on behalf of others. Typically, the mule is paid for services with a small part of the money transferred.
Multi-factor Authentication
Network Sniffing
Password Spraying
A type of brute-force attack in which a malicious actor uses a single password against targeted user accounts before moving to attempt a second password, and so on.
Pay-Per-Install (PPI) Scam
A scam when botnets are used to generate money for their operators. A compromised computer is instructed to install a software package via the bot's command and control system. The bot operator then receives payment and, after a short period of time, uninstalls the software package and installs a new one.
Penetration Testing
An authorized, simulated cyberattack on a computer system, performed to evaluate the security of the system.
Persistence
PHI
Protected health information (PHI) is the term given to health data created, received, stored, or transmitted by HIPAA-covered entities and their business associates in relation to the provision of healthcare, healthcare operations and payment for healthcare services.
Phishing
PII
Stands for personally identifiable information. Information that when used (alone or with other relevant data) can identify an individual. PII may contain direct information (e.g., passport information) that can identify a person uniquely, or quasi-identifiers (e.g., race) that can be combined with other quasi-identifiers (e.g., date of birth) to successfully recognize an individual.
Point-of-Sale Malware
Malicious software designed to steal information related to financial transactions such as payment card data from compromised PoS (point of sale) devices.
Privilege Escalation
Techniques adversaries use to gain higher-level permissions on a system or network. Adversaries often can enter and explore a network with unprivileged access, but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations and vulnerabilities. These techniques often overlap with persistence techniques, as OS features that let an adversary persist can execute in an elevated context.
Proof-of-Concept (PoC)
A demonstration that in principle shows how a system may be protected or compromised, without the necessity of building a complete working vehicle for that purpose.
Proxy Malware
Malicious software, specifically a type of trojan, used to turn an infected computer system into a proxy server from which an attacker can stage nefarious activities anonymously.
Ransomware
Malicious software used to perpetually block access to a computer system or specific data until a ransom is paid or indefinitely. Attackers often use ransomware to lock systems and then threaten to publish the victim’s data.
Ransomware-as-a-Service (RaaS)
Services typically sold or leased as an affiliate program to other cybercriminals for launching ransomware attacks and sharing profits.
Reconnaissance
The process of identifying critical technical, personnel and organizational elements of intelligence in order to learn how to best attack an network (in the case of a bad actor) or set up defense for a network (in the case of a defensive security team).
Red Team
Remote Access Trojan (RAT)
Remote Desktop Protocol (RDP)
A network communications protocol developed by Microsoft, which allows users to remotely connect to another computer. Often a target for adversaries, used as a primary way to enter a network system.
Resilience
The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.
Risk Management
The detection, assessment, and prioritization of risks through the implementation of choices to track, control, and minimize the possibility or effect of unfortunate events.
Rogue Certificate
Security Operations
Skimming
A form of payment card fraud whereby a payment page on a website is compromised using a malicious script.
Smishing
Spear Phishing
SSH
Secure Shell Protocol is a cryptographic network protocol for operating network services securely over an unsecured network.
Stalkerware
A class of monitoring software or spyware that is used to stalk a victim.
Subscriber Identity Module (SIM) Swapping
Telnet
A network protocol that allows a user on one computer to log into another computer that is part of the same network.
Third-Party Breaches
A third-party breach occurs when an attacker targets an organization through its connections with third-party suppliers, vendors, contractors, or partners.
Third-Party Compromised Credentials
Credentials in terms of cyber threat intelligence (CTI) refer to methods used to verify a users identity, commonly these are a username and password. These credentials are classified as compromised credentials when an unauthorized user gains possession of them.
Third-Party Risk
Third-Party Vulnerabilities
The leveraged vulnerability that enables a devastating data breach or launches an expensive ransomware attack may not even be within your own organization.
Threat Hunting
Traffic Redistribution System
Vishing
VNC
Virtual network computing (VNC) is a graphical desktop-sharing application that uses a remote frame buffer protocol to remotely control another computer. This form of desktop sharing transmits keyboard and mouse events from one system to another over the network based on screen updates.
Vulnerability
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat actor.
Web Injects
Wiper
A class of malware which wipes the hard drive of the computer it infects.
Social Engineering