• Application Firewall
• Cache Poisoning
• Cloud Hopper
• Cyber Attack
• Data Loss / Leak Prevention (DLP)
• Denial-of-service attack (DoS)
• DoS Defense System
• Hacker Defender
• Intrusion Prevention Systems
• Macro Virus
• Malicious Code
• Mobile Remote Access Trojan (mRAT)
• Polymorphic Virus
• RIG Exploit Kit
• SQL Injection
• URL Filtering
• Zero Day
The McDonald’s India app, McDelivery, leaked the personal data of over 2.2 million customers, including name, email address, phone number, home address and social profiles. The leak is the result of an unsecured public API. Although McDelivery acknowledged the issue on February 13, as of March 17, the fix had not yet been completed and the app was still leaking customer data.
Antivirus, anti-virus, or AV software is computer software used to prevent, detect and remove malicious computer viruses. Most software described as antivirus also works against other types of malware, such as malicious Browser Helper Objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraudtools, adware and spyware.
An application firewall is a form of firewall which controls input, output, and/or access from, to, or by an application or service. It operates by monitoring and potentially blocking the input, output, or system service calls which do not meet the configured policy of the firewall. The application firewall is typically built to control all network traffic on any OSI layer up to the application layer. It is able to control applications or services specifically, unlike a stateful network firewall which is – without additional software – unable to control network traffic regarding a specific application.
Banker which steals financial information, using keylogging to record the victim’s credentials as they are entered on a targeted bank webpage. Bancos can also supplement or replace a legitimate bank login page with a fake webpage. The Trojan is active primarily in Latin America, particularly in Brazil, and is spread mostly via phishing.
Bash is a command processor, typically run in a text window, allowing the user to type commands which cause actions. Bash can also read commands from a file, called a script. Users direct the operation of the computer by entering commands as text for a command line interpreter to execute, or by creating text scripts of one or more such commands. Bash is a Unix shell that has been distributed widely as the shell for the GNU operating system and as a default shell on Linux and Mac OS X.
A botnet is a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack. Read more about Botnet.
A software bug is an error, flaw, failure, or fault in a computer program or system that causes it to produce an incorrect or unexpected result, or to behave in unintended ways. Some bugs have only a subtle effect on the program’s functionality, and may thus lie undetected for a long time. More serious bugs may cause the program to crash or freeze. Others qualify as security bugs and might for example enable a malicious user to bypass access controls in order to obtain unauthorized privileges.
Sophisticated Banking Trojan botnet which targets remote banking and payment systems. Carberp is designed to steal user credentials and monitor user browsing activities, and is based on modules, which can be downloaded separately to the victim machine. It is estimated that the botnet was coded by a group of highly skilled Russian actors. In 2013, the Carberp source code was leaked and made available for download on various forums.
An offline ransomware, meaning that it does not need to communicate with its C&C server before encrypting files on an infected machine. It is spread mostly via malvertising campaigns which leverage exploit kits, but also through spam campaigns. It is operated by its author as a ransomware as-a-service; the author recruits affiliates to spread the malware for a share of the ransom payment.
Malware campaign associated to a known Chinese APT group dubbed APT10 and aimed to gain network access and persistence for sensitive information gathering by targeting managed security service providers (MSSP), as an entry point to their customers networks. The malware is deployed based on remote access to the organization network, and the obtained access is leveraged by the attackers to collect sensitive data.
Downloader, used mainly to download ransomware to the victim machine. Cryptoload is usually sent within archive files as attachments in spam campaigns, and has been previously used to download Cryptowall ransomware, TeslaCrypt ransomware and Locky ransomware, as well as Fareit Info-stealer
Ransomware that started as a Cryptolocker doppelgänger, but eventually surpassed it. After the takedown of Cryptolocker, CryptoWall became one of the most prominent ransomwares to date. CryptoWall is known for its use of AES encryption and for conducting its Command & Control communications over the Tor anonymous network. It is widely distributed via exploit kits, malvertising and phishing campaigns.
A cyber attack is a strike against a computer system, network, or internet-enabled application or device. Hackers use a variety of tools to launch attacks, including malware, ransomware, exploit kits, and other methods. Read more about Cyber Attack.
Cybersecurity refers to the use of network architecture, software, and other technologies to protect organizations and individuals from cyber attacks. The objective of cybersecurity is to prevent or mitigate harm to – or destruction of – computer networks, applications, devices, and data. Read more about Cybersecurity.
Data Loss / Leak Prevention (DLP)
Data loss/leak prevention solution is a system that is designed to detect potential data breach / data ex-filtration transmissions and prevent them by monitoring, detecting and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage). In data leakage incidents, sensitive data is disclosed to unauthorized personnel either by malicious intent or inadvertent mistake. Such sensitive data can come in the form of private or company information, intellectual property (IP), financial or patient information, credit-card data, and other information depending on the business and the industry.
Denial-of-service attack (DoS)
An attempt to make a single machine, web server or network resource unavailable to its intended users. The attack results in interrupted or suspended services of a host connected to the Internet. The most common type of DoS attack is the distributed denial-of-service (DDoS), in which there is more than one attack source and often thousands of unique IP addresses. The use of such a massive attack resource usually depends on a botnet network. Even though a DoS attack does not usually result in the theft of information, it can cost the targeted enterprise or person a great deal of time and money.
IRC-based Worm designed to allow remote code execution by its operator, as well as download additional malware to the infected system, with the primary motivation being to steal sensitive information and launch denial-of-service attacks. It install a user-mode rootkit to prevent viewing or tampering with its files and modifies the registry to ensure that it executes each time the system starts. It will send messages to all of the infected user’s contacts, or hijack an existing thread, to contain a link to the worm’s copy.
Malware which targets Windows operating system users. Dorvku collects system information and sends it to a remote server. It also collects sensitive information from targeted web browsers, and accepts commands to perform malicious activities on the infected system.
DoS Defense System
More focused on the problem than IPS, a DoS Defense System (DDS) is able to block connection-based DoS attacks and those with legitimate content but bad intent. A DDS can also address both protocol attacks (such as Teardrop and Ping of death) and rate-based attacks (such as ICMP floods and SYN floods).
Banking malware that leverages macros in Microsoft Office to infect systems. Once a computer is infected, Dridex attackers steal banking credentials and other personal information to gain access to the user’s financial records. It is spread through malicious spam e-mail with a Microsoft Word document attachment. Dridex first steals banking credentials and then attempts to generate fraudulent financial transactions.
An exploit (from the English verb to exploit, meaning “using something to one’s own advantage”) is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of-service attack.
Browser-hijacker that can be turned into a full-functioning malware downloader. It is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware.
User-mode Rootkit for Windows, can be used to hide files, processes and registry keys, and also implements a backdoor and port redirector that operates through TCP ports opened by existing services. This means it is not possible to find the hidden backdoor through traditional means.
Derived from combining the words ‘Hack’ and ‘Activism’, hacktivism is the act of hacking, or breaking into a computer system, for politically or socially motivated purposes. The individual who performs an act of hacktivism is said to be a hacktivist. Read more about Hacktivism.
Android malware which repackages legitimate apps and then released them to a third-party store. Its main function is displaying ads, however it is also able to gain access to key security details built into the OS, allowing an attacker to obtain sensitive user data.
Android malware that establishes a persistent rootkit on the device, installs fraudulent applications, and with slight modifications could enable additional malicious activity such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises.
Intrusion Prevention Systems
Intrusion Prevention Systems (IPS), also known as Intrusion Detection and Prevention Systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. Read more about IPS.
Keylogger which is sold on various underground forums. iSpy captures passwords, collects passwords stored in web browsers and records webcams and Skype sessions. The malware is spread mainly via spam campaigns carrying malicious attachments.
Virus which targets the Windows platform. It modifies system files, collects private information from the infected host and redirects to compromised sites to spread additional malware. In addition, Jadtre provides backdoor access to infected hosts. Jadtre is usually spread by freeware or spam email campaigns and can propagate itself by infecting executable files accessible through network drives.
Ransomware which began being distributed by the Necrus botnet in May 2017, via spam emails containing a PDF attachment which contains an embedded DOCM file. As the malware first emerged, it was massively spread at an infection rate of approximately 10,000 emails sent per hour.
Dropper designed to install malware onto infected computer systems. Kazy can be used by criminals to install practically any kind of malware onto their victims’ machines including banking malware, info-stealers and spyware.
Also dubbed ZeusVM, KINS is a variant of the infamous Zeus Trojan. It is a banking Trojan that was offered for sale as a service on a closed Russian underground forums. The malware consists of a dropper and a variety of modules such as Remote Desktop Protocol module that allows bot managers to remotely access compromised machines. On 2015, the KINS builder and the source code of its management panel were leaked online.
Trojan that targets Windows users. The malware is designed to delete, block, modify, or copy data and disrupt computer or network performance. The malware masquerades as a legitimate file or software.
Ransomware which started its distribution in February 2016, and spreads mainly via spam emails containing a downloader disguised as an Word or Zip attachment, which then downloads and installs the malware that encrypts the user files.
A generic term for a number of different types of malicious code. Read more about Malware.
Mobile Remote Access Trojan (mRAT)
Mobile Remote Access Trojan is similar to Remote Access Trojan (RAT), malware that allows an attacker to remotely control an infected PC or “bot”. mRat attacks bypass two-step authentication and access SMS functions and the user’s contact list. mRat may be part of an APT-operated attack or a known virus attack. Known variants for this attack are OmniRAT and DroidJack.
Downloader, programmed to allow its operators to download and upload files to a victim’s computer in a way that is transparent to the victim. The malware can be delivered to users via spam campaigns or bundled with free program installers that are published on suspicious websites.
Multipurpose bot, also known as Bayrob, that is used to collect passwords, modify system settings and download additional malware. It is usually spread via spam emails with the recipient address encoded in the binary, thus making each file unique.
A virus that uses code that mutates the program while keeping the original algorithm intact. That is, the code changes itself each time it runs, but the function will not change. Encryption is the most common method to hide code.
Worm that spreads itself by sending instant messages to contacts on Skype. It extracts personal user information from the machine and communicates with remote servers by using a Domain Generation Algorithms (DGA).
A banking Trojan designed to steal banking credentials, FTP passwords, session cookies and personal data. Upon infection, Ramnit also allows remote control when the machine is connected to the internet.
Ransomware is a type of malicious software that prevents the victims from accessing their documents, pictures, databases and other files by encrypting them and demanding a ransom to decrypt them back. A deadline is assigned for the ransom payment, and if the deadline passes, the ransom demand doubles or files are permanently locked. Ransomware is an ever-increasing threat worldwide, claiming a new victim every 10 seconds. Read more about Ransomware.
Malware used in a campaigns which targeted users in the Healthcare, Energy, Critical Manufacturing and Information Security sectors worldwide. The malware consists of an executable, a loader and a Remote Access Tool (RAT) which collects various types of information from the victim system, such as system architecture and privileges, and sends it to its Command & Control server.
RIG Exploit Kit
A rootkit is a type of malware designed to burrow deep into your computer, avoiding detection by security programs and users. For example, a rootkit might load before most of Windows, burying itself deep into the system and modifying system functions so that security programs can’t detect it. A rootkit might hide itself completely, preventing itself from showing up in the Windows task manager.
Android malware which uses a customized open-source root tool called “Root Assistant” to gain root access to Android devices, and maintains persistence by installing several APK files. The malware can than download executable files from remote servers and execute them on the infected device for various purposes, and steal sensitive user information.
Large-scale malvertising used to deliver various malicious websites and payloads such as scams, adware, exploit kits and ransomware. It can be used to attack any type of platform and operating system, and utilizes ad-blocker bypassing and fingerprinting in order to make sure it delivers the most relevant attack.
Virus that allows remote operations and downloads of additional malware to infected systems by its operator. Its main goal is to persist in a system and provide means for remote control and installing further malware.
A common code injection technique used to attack data driven web applications. The attack is performed on web pages with data insertion fields, on which user inserted data is not properly filtered and sanitized from SQL language syntax. Such web applications allow an attacker to execute undesirable SQL queries on a remote database, which could lead to exposure of sensitive data stored on the database, data modification, loss or corruption. With a successful SQL injection, the attacker can modify highly sensitive data such as account balance and planned transactions, medical test results and other medical information, and such.
Information stealing Trojan which collects sensitive information and banking credentials from the infected host and sends this information to a remote server without user permission. Machines infected by Torpig also form a massive botnet
Ransomware that encrypts user documents, pictures and other type of files. Victims are requested to pay up to 4.1 Bitcoins (approximately US $1800) to the attackers to decrypt their files.
Modular Backdoor for Android which grants superuser privileges to downloaded malware, as helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.
A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program. Read more about Trojan.
Content-control software, content filtering software, secure web gateways, censorware, Content Security and Control, web filtering software, content-censoring software, and content-blocking software are terms describing software designed to restrict or control the content a reader is authorized to access, especially when utilized to restrict material delivered over the Internet via the Web, e-mail, or other means. Content-control software determines what content will be available or perhaps more often what content will be blocked.
A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting – i.e., inserting a copy of itself into and becoming part of – another program. A virus cannot run by itself; it requires that its host program be run to make the virus active. Read more about Virus.
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system’s information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface.
Backdoor that installs a rootkit on victim’s system, and hooks critical functions and system driver of the infected Windows system. It collects system information and sends the data to a remote server, from which it also receives further instruction. Winnti might inject malicious payload into various processes, and it has been reported that some variants of this Backdoor might be signed with a legitimate certificate.
A compromised version of the iOS developer platform, Xcode. This unofficial version of Xcode was altered so that it injects malicious code into any app that was developed and compiled using it. The injected code sends app information to a Command & Control server, allowing the infected app to read the device clipboard.
iOS malware which targets Chinese users, and therefore displays different behaviors according to the device’s location in the world. The malware was able to bypass Apple’s security. Once installed on a device in China, the app uses social engineering to install two configuration profiles, based on which applications that did not go through Apple’s review, and may contain malicious code, can be downloaded to the infected device.
The “Day Zero” or “Zero Day” is the day a new vulnerability is made known. In some cases, a “zero day” exploit is referred to an exploit for which no patch is available yet. (“Day One” – day at which the patch is made available).
A sophisticated family of Banking Trojan that uses man-in-the-browser keystroke logging and form grabbing in order to steal banking information and victim accounts. Zeus targets popular operating systems such as Windows and Android and is usually distributed to end-users through social engineering tactics such drive-by downloads and phishing emails.
A zombie computer (often shortened as zombie) is a computer connected to the Internet that has been compromised by a hacker, a computer virus, or a trojan horse. Generally, a compromised machine is only one of many in a botnet, and will be used to perform malicious tasks of one sort or another under remote direction. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to zombies.
Trojan that uses root privileges to download and install applications on the mobile phone without the user’s knowledge.