Phishing and pharming and bots, oh my! Here’s an overview of 9 popular cybersecurity terms to help you cut through the IT jargon.
The term botnet is derived from the words robot and network. A bot in this case is a device infected by malware, which then becomes part of a network, or net, of infected devices controlled by a single attacker or attack group.
The botnet malware typically looks for vulnerable devices across the internet, rather than targeting specific individuals, companies or industries. Vulnerable devices can include servers, pcs, mobile devices and other internet-connected devices. The objective for creating a botnet is to infect as many connected devices as possible, and to use the computing power and resources of those devices for automated tasks that users generally can’t see.
Distributed Denial of Service (DDoS)
A DDoS attack, usually carried out by botnets, overwhelms the targeted network with a massive number of requests from multiple devices. The attack results in a slow response time or no response at all. When the network is unable to respond to legitimate requests, the denial of service attack has succeeded. A DDoS attack can shut down business, government, and other networks.
Encryption is the process of converting data to an unrecognizable or "encrypted" form. It is commonly used to protect sensitive information so that only authorized parties can view it. This includes files and storage devices, as well as data transferred over wireless networks and the internet.
Internet of Things (IoT)
The Internet of Things, commonly abbreviated "IoT," is an umbrella term that refers to anything connected to the internet. It includes a growing list of “smart” devices that have recently become Internet-enabled, including home appliances, automobiles, wearable electronics, security cameras, and many others. Connected devices can represent a risk to your network if you don’t take security precautions (for example, creating new passwords rather than using factory settings).
Pharming is another way hackers attempt to manipulate users on the internet. While phishing (see below) attempts to capture personal information by getting users to visit a fake website, pharming redirects users to false websites without them even knowing it.
While pharming is not as common as phishing scams, it can affect many more people at once. This is especially true if a large DNS server is modified. So, if you visit a certain website and it appears to be significantly different than what you expected, you may be the victim of pharming.
Phishing is a con game that email scammers use to collect personal information from unsuspecting users. The false e-mails often look surprisingly legitimate, and even the Web pages where you are asked to enter your information may look real. The goal is to get you to click on something or enter the requested information, which gives the bad guys your “permission” to access your computer and network.
Ransomware is malware that takes hold of your system and encrypts it, sometimes attacking individual files. Ransomware locks your system and displays a screen demanding payment to unlock your files. Payment is often required in Bitcoin, an internet currency. Most IT professionals discourage paying the ransom. Having a reliable backup and being careful when you click are the best defenses against ransomware.
Social engineering, in the context of computer security, refers to tricking people into divulging personal information or other confidential data by deceptive emails, websites, and even texts. It is an umbrella term that includes phishing, pharming, and other types of manipulation. While "social engineering" may sound innocuous (since it is similar to social networking), it refers specifically to malicious acts that rely more on trickery and psychological manipulation than straight technical knowledge (like hacking).
Two Factor Authentication (2FA)
A credential that usually requires something you “know” and something you “have” before access is allowed. For example, you know your password, but with 2FA you would have an additional device (such as a phone app or key fob), that provides an additional piece of information that changes every few seconds. So even if a hacker has your password, they don’t have the additional information from your phone app. This provides another layer of protection.
These are only a few of the cybersecurity terms commonly used by IT professionals. In most situations, the user at the keyboard is the last defense to protect your network. Pay attention to emails you receive, avoid unknown websites, and in general, resist the click!
If you’d like to know more about how CRU Solutions can help with your business IT needs, including cybersecurity, contact us.