Top 25 Cyber & Hacking  Terms Summarised

Top 25 Cyber & Hacking Terms Summarised

Cyber Security Starts With You!

Hello there🤗, we shall be learning the most common cyber terms that have you might have come across or used before without understanding them.

In this blog, I will try to explain them in layman's with an example where possible. We live in a digital and information age where 75 records are stolen every second by hackers!😮.

Let me give you some quick facts before I begin:
📌 There is a hacker attack every 39 seconds.
📌 Russian hackers are the fastest.
📌 300,000 new malware is created every day.
📌 Multi-factor authentication and encryption are the biggest hacker obstacles.

So let's get the ball rolling 🛫:

0 Phishing 🛠
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.

AdobeStock_204077439-1000x500-removebg-preview.png I think it is influenced by the word fishing. Analogous to fishing, phishing is also a technique to “fish” for usernames, passwords, and other sensitive information, from a “sea” of users.

00 Social engineering 🛠
It is a term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.

SocialEngineering-700x395.png Social engineering is the act of exploiting human weaknesses to gain access to personal information and protected systems.

000 Malware 🛠
Malware (short for “malicious software”) is a file or code, typically delivered over a network, that infects, explores, steals or conducts virtually any behavior an attacker wants. And because malware comes in so many variants, there are numerous methods to infect computer systems.

image.png Malware is the collective name for a number of malicious software variants, including viruses, ransomware and spyware. It is a catch-all term for any type of malicious software designed to harm or exploit any programmable device or network.

📌 Spyware - Spying malware
📌 Adware - Advertising malware
📌 Bots - Auto malware

Almost all the terms we are going to look at are either related to social engineering, malware or phishing since we(human beings) are the weakest in the cyber security chain

1 . Bluejacking 🛠

Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for bluedating or bluechat) to another Bluetooth-enabled device via the OBEX protocol.

Bluejacking-removebg-preview.png
Think of it as a high-tech version of ding-dong-ditch, where savvy pranksters push unsolicited messages to engage or annoy other nearby Bluetooth users

2 .Bluebugging 🛠
Bluebugging is a hacking technique that allows individuals to access a device with a discoverable Bluetooth connection.

Blue-bugging-D-BLUE-JACKING-Blue-jacking-is-a-sending-of-unwanted-message-from-Bluetooth-removebg-preview.png
Bluebugging is a form of Bluetooth attack often caused by a lack of awareness. It was developed after the onset of bluejacking and bluesnarfing.

3 .Bluesnarfing 🛠
Bluesnarfing is a type of network attack in which an attacker gains unauthorized access to a wireless device via a Bluetooth connection. New-Project-42-2-1280x720-removebg-preview.png Once the hacker has access to the device, they can steal sensitive user information, including personal photos, contact lists, emails, and passwords.

4 .Eavesdropping 🛠
Eavesdropping is the act of secretly or stealthily listening to the private conversation or communications of others without their consent in order to gather information. Sniffing

0000-Eavesdropping-Attack-Network-Projects-removebg-preview.png
In the IT security sense, eavesdropping refers to the unauthorised and unseen intervention of a private, live conversation.

EVEES.jfif
Eavesdroppers can intercept a phone call, video call, instant message and even fax transmissions to acquire sensitive or desirable information and data.

5 . Vishing 🛠
Vishing is short for "voice phishing," which involves defrauding people over the phone, enticing them to divulge sensitive information.

VISHING.jpg Vishing has evolved to be one of the major threats that many people have been facing irrespective of their location, background, and other demographic

6 . Pharming 🛠
Pharming, a portmanteau of the words "phishing" and "farming", is an online scam similar to phishing, where a website's traffic is manipulated, and confidential information is stolen.

hacker-stealing-information-removebg-preview.png An example of pharming would be if a user would open their browser and enter the web address of their bank in order to complete a transaction in online banking. However, the user is redirected to a fraudulent site that looks like the bank's website.

7 . Smishing 🛠
The fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers. What-Is-A-Smishing-Attack-And-How-To-Prevent-Them-removebg-preview.png Smishing attack is a type of scam in which criminals send an SMS to the victim pretending to be some institution, such as a bank or a company etc.

8 . Spear phishing 🛠
It is a phishing method that targets specific individuals or groups within an organization.

Spear-Phishing-Don_t-Become-Lunch-for-Hackers-1200x628-removebg-preview.png Spear phishing is an ultra-targeted phishing method whereby cybercriminals — or spear phishers — pose as a trusted source to convince

9 . Whaling 🛠
Whaling is a type of phishing attack specifically aimed at a high-profile target, like a senior executive or a high-ranking government official.

whale-removebg-preview.png Note the difference between this one and spear-phising;

Since these types of targets are more likely to have access to confidential information, the stakes can be much higher than a generic phishing attempt.

10 . Denial-of-service attack 🛠
In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting the services of a host connected to a network. attack-removebg-preview.png

11 . Distributed denial of service attack 🛠
In a distributed denial-of-service (DDoS) attack, multiple compromised computer systems attack a target and cause a denial of service for users.

image.png
These overload a targeted resource by consuming available bandwidth with packet floods.

An example of this type of attack is a domain name system amplification attack, which makes requests to a DNS server using the target's Internet Protocol (IP) address. The server then overwhelms the target with responses.

12 . Man-in-the-middle attack 🛠
A man-in-the-middle attack is a type of cyber threat where a cybercriminal intercepts communication between two individuals in order to steal data.

man-in-the-middle-attack (1).png For example, on an insecure WiFi network, an attacker could intercept data being passed from the victim’s device and the network.

13 . SQL injection 🛠
An SQL (structured language query) injection is a type of cyber-attack used to take control of and steal data from a database.

sQL--removebg-preview.png Cybercriminals exploit vulnerabilities in data-driven applications to insert malicious code into a databased via a malicious SQL statement. This gives them access to the sensitive information contained in the database.

14 . Virus 🛠
A self-replicating program that attaches itself to clean file and spreads throughout a computer system, infecting files with malicious code.

IT-Malware-Alert-CryptoLocker-Copycat-Wreaks-Havoc-1024x336-removebg-preview.png A computer virus is a malicious application or authored code used to perform destructive activity on a device or local network.

15 . Broken Access Control 🛠
Broken access control allows attackers to bypass authorization safeguards and perform tasks as if they were privileged users.

bac.jpg Complex access control policies with different hierarchies, groups, and roles, and an unclear separation between administrative and regular users should be put in place to safeguard this.

16 .Cross-Site Scripting (XSS) 🛠
Cross-site scripting is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users.

xss.png A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

17 . Cross-Site Request Forgery 🛠
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website where unauthorized commands are submitted from a user that the web application trusts. csrf-removebg-preview.png CSRF occurs when a hacker is able to send a well-crafted, yet malicious, request to an authenticated user that includes the necessary parameters (variables) to complete a valid application request without the victim (user) ever realizing it.

18 . Server-side request forgery (SSRF) 🛠
Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing.

image.png A successful SSRF attack can often result in unauthorized actions or access to data within the organization, either in the vulnerable application itself or on other back-end systems that the application can communicate with.

19 . Path (or Directory) Traversal 🛠
It aims to access files and directories that are stored outside the web-root folder. This attack is also known as “dot-dot-slash”, “directory traversal”, “directory climbing” and “backtracking”

directory-path-traversal-attack-removebg-preview.png This web security vulnerability that allows an attacker to read arbitrary files on the server

20 . Clickjacking 🛠
Clickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element.

This can cause users to unwittingly download malware, visit malicious web pages, provide credentials or sensitive information, transfer money, or purchase products online.

21 . Trojan Horse or Trojan 🛠
It is a type of malicious code or software that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general inflict some other harmful action on your data or network.

image.png A Trojan acts like a bona fide application or file to trick you. If you describe a person or thing as a Trojan horse, you mean that they are being used to hide someone's true purpose or intentions.

22 . Brute Force Attack 🛠
A brute force attack can manifest itself in many different ways but primarily consists of an attacker configuring predetermined values, making requests to a server using those values, and then analyzing the response. image.png A brute force attack uses trial-and-error to guess login info, encryption keys, or find a hidden web page.

Conclusion

Obviously, there are more terms that I have not discussed here like worms, botnets, dictionary attacks, tailgating etc which are also common because Cyber Security is huge and we can't discuss everything in just a small blog post like this!

Remember: Cyber Security Starts With You!

Read more and on how to prevent yourself from such attacks here:
Kaspersky
Port Swigger
Green Roots
Owasp

That's It! If you enjoyed reading, consider subscribing and reacting to this with love by sharing, commenting and any criticism is much welcome.

📢Follow me on Twitter :

Ronnie Atuhaire