5. Warfare with a physical element such as shooting people, dropping bombs, and other physical attacks.
9. "Good” hackers who use their tools for the public good – this can include identifying security holes.
11. Executable programs, or programs that cause a computer to perform a task, that is bad. What it does can vary, but usually it will try to remain hidden and perform a malicious action. It will also usually attempt to replicate itself and infect other systems.
12. The most common type of Industrial Control System.
13. Tiny computers that allow us to digitize processes
14. A person or company selling something
15. A person who uses computers to gain unauthorized access to data.
16. A network of private computers infected with malware and controlled as a group without the owners' knowledge. The word comes from the combination of “robot” and “network.”
17. Usually means the use of ICT to aid in development projects.
20. The process that decides whether a vulnerability will be stockpiled or given to the vendor responsible for the product.
22. A security hole in software that the vendor does not know about.
24. Can do all kinds of things. For example, give someone the ability to spy on you, steal your data, gain a backdoor into your system. Unlike computer viruses and worms, Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves
26. Code attackers use to exploit a software problem.
27. Something that uses a combo of tactics (also can include social engineering).
29. Getting someone to give up confidential or personal information by tricking them into telling you freely.
30. Software that can do a number of things, such as disrupt the normal operations of computers, steal information, gain access to a system, sabotage the system.
32. A security hole in software
33. Malware that installs covertly on a victim's device usually encrypting everything and refusing to decrypt it unless a ransom is paid.
35. An email that are designed to appear to be from someone the recipient knows and trusts and can include a subject line or content that is specifically tailored to the victim’s known interests or industry.
37. Hackers who use multiple phases to break into a network, avoid detection, and harvest valuable information over the long term.
38. A team of experts who manage computer emergencies. Usually government based initiatives. Often used as a baseline for understanding a country’s cybersecurity readiness.
1. Hackers with malicious intentions working to steal, exploit, and sell data. They are usually motivated by personal gain.
2. A program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it.
3. Electronic wallet services that allow users to store, send, and receive money using mobile phones. It is often used in places without banking infrastructure and is a common tool for remittances.
4. Can either work for the public good or for their own gain.
6. Used in industrial production - a way to automate the process of receiving data from remote stations and then issue supervisory commands.
7. Generally anything that stores, retrieves, manipulates, transmits, information electronically in a digital form. Computers, smart phones, software, etc.
8. Under DHS, created in 2015, meant to fill the gaps where ISACs don’t exist
10. Independent actors working to accomplish political or social change through the use of hacking or other related techniques such as DDOS. Hacker + activist.
18. 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.
19. An attempt to make a machine or other resource unavailable to valid users. An actor will flood the targeted resource with requests to overload the system and make it crash.
21. Sector specific organizations meant to collect, analyze, and disseminate threat information to their members.
23. First known case of a cyberweapon impacting physical infrastructure. It was created by the US and Israeli governments to target the Iranian nuclear facility Natanz.
25. Where the requests come from a variety of sources. Activists and cybercriminals use this technique. Activists argue it is the equivalent of an online “sit-in.”
28. It’s phishing, but with a high level target such as an executive or, John Podesta.
31. Separation of your network from others, particularly the public Internet.
34. Basically something that is there logging what you are doing and sending it back to the person who initiated the attack.
36. The practice of sending emails meant to get people to reveal personal information, such as passwords and credit card numbers.