Glossary

Activity whereby someone acquires or otherwise assumes the online identity of another entity for the purposes of acquiring that person's or business's brand equity.

UTM is a software or hardware that combines several network security functions such as IDS/IPS, VPN, Firewall, Gateway Anti-Virus and others under one platform, making it easier to manage and monitor through a single interface.

A vulnerability in the system that the developer does not know about. These vulnerabilities are difficult to detect as they do not have a signature which anti malware or intrusion prevention systems depend on to find vulnerabilities. The vulnerability is called Zero-Day because it takes zero days for the first attack to occur since the vulnerability has been made public.

Web Referral Log Analyzer: This is a simple tool, used for the early detection of Phish attacks. This tool extracts Suspicious URLs from the web server's referral logs, compares it with white list & sends the rest of the URL' to a specified email.

An exercise in which a system's security is tested by security experts. Red team is in charge of attacking and gaining access/control of an objective while the blue team is responsible for defending it. This exercise is meant to test the system and reveal vulnerabilities and measure the readiness of the security team responsible for defending it.

Tactics (or Tools), Techniques, and Procedures is the behavior of attackers or adversaries in the cyber space. TTPs are usually deeply analyzed to understand how the adversary works and how to expect and prepare for future attacks.

It is a technique used to hide the existence of a message, files, or any other information. For example, hiding a text message inside an image file to avoid being discovered (Data hidden within data).

Sender Policy Framework (SPF) helps prevent spoofing emails of the host by granting specified servers or IP addresses authorization to send emails from the host.

Start of Authority record containing administrative information about the resided zone and zone transfers.

An attack which takes advantage of speech recognition systems' errors. Example: A person with bad intent can create a malicious mobile application called Ramazon. When a user tries to install Amazon application on their phone using voice commands, the voice recognition system might hear Ramazon instead of Amazon and end up downloading the malicious application.

A form of social engineering where victims are tricked into thinking that their device is infected with a virus, encouraging them to download an anti virus software, which in fact is malicious.

The process of affecting the visibility of a website or a web page in a search engine's unpaid results.

Root Zone refers to the highest level of the Domain Name System (DNS) structure. It contains the names and the numeric IP addresses for all the top level domain names such as the gTLDs (.com, .net, .org, .jobs), and all the country code top level domains (ccTLDs), for example (.us, .uk .ph), including the entire list of all the root servers.

If you click on a link and find yourself at an unexpected website, you may have been ‘pagejacked’. This happens when someone steals part of a real website and uses it in a fake site. If they use enough of the real site, Internet search engines can be tricked into listing the fake site and people will visit it accidentally. The fake site could contain unwanted or offensive material. As an online merchant trading via a website, you need to know that your site isn’t being stolen in this way. Unfortunately you can’t prevent pagejacking; you can only deal with it after you know it’s a problem.

An inference attack is a data mining technique used to illegally access information about a subject or database by analyzing data. This is an example of breached information security. Such an attack occurs when a user is able to deduce key or critical information of a database from trivial information without directly accessing it.

Domain has been reserved via the dropcatcher service. In case the user decides not to renew the domain, another person can take it.

An attack in which the user will attempt to exploit bugs in the system allowing them to reach and use resources which should not be accessed by them.

PUP is a program that piggybacks software downloaded by the user. It is an unwanted program that downloads with the user's consent such as spyware, adware, or toolbars for browsers.

Phishing kits are kits provided by hackers for people with basic computer skills to launch phishing attacks. The kit includes several items which make launching a wide scale phishing attack easy such as spamming software, source code, and script to launch the attack.

DNS poisoning to redirect legitimate internet traffic of your websites to a fraudulent page.

An internet advertising model used to direct traffic to websites, in which advertisers pay the publishers.

Hijacking nested browsing context, effectively embedding another HTML page into the current page.

Fast flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies.

An attack in which the victim is negotiated into using older and more vulnerable security protocols, making it easier for the attacker to launch the attack.

A doppelganger domain is similar to typosquatting domain. It is a domain which is missing "." (dot) in a domain name. For example, an instance of Doppelganger domain for mail.google.com is mailgoogle.com (notice the missing dot). When the content on these domain matches branding and content of the original website, users are not able to tell the difference and are more likely to be tricked by an attacker (e.g., for credential harvesting or financial fraud).

An attack where hackers use ultrasonic frequencies to launch a voice command to phones to unlock them and steal information.

Domain-based Message Authentication, Reporting and Conformance (DMARC) is a mechanism used to aid validating emails, prevent spoofing, and provide reporting.

Attacker has partial knowledge/access, and can focus on specific weaknesses and discover more as he moves along.

The use of computer networks to gain illicit access to confidential information, typically that held by a government or other organization.

DomainKeys Identified Mail (DKIM) allows senders to associate a hidden signature with their emails, allowing receiving mailservers to verify their authenticity.

Border Gateway Protocol used to exchange information about routing between AS Numbers.

The use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of communication systems by another state or organization.

Common Vulnerabilities and Exposures is a database that contains all known vulnerabilities. These vulnerabilities have been tagged by a specific code such as: CVE-2019-5736.

Command and control refers to the main server used by a DDoS attacker to control the botnets used in a DDoS attack.

Canonical Name record used to specify a hostname that is an alias for another hostname.

Bulletproof hosting (sometimes known as bulk-friendly hosting) is a service provided by some domain hosting or web hosting firms that allows their customer considerable leniency in the kinds of material they may upload and distribute.

Botnet comprises of multiple Internet-connected devices, each of which is running one or more bots. Botnets may be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allows the attacker to access the device and its connection.

Attacker has full knowledge and access to the source code and infrastructure. A more thorough test can be performed in this type of pen testing.\n

The hacker does not know the in/outs of the IT infrastructure. Usually launches a full scale brute force attack to reveal vulnerabilities. Can be very time consuming.\n

In search engine optimization (SEO) terminology, Black Hat SEO refers to the use of aggressive SEO strategies, techniques and tactics that focus only on search engines and not a human audience, and usually does not obey search engines guidelines.

When BGP runs between two peers in the same autonomous system (AS), it is referred to as Internal BGP (iBGP or Interior Border Gateway Protocol). When it runs between different autonomous systems, it is called External BGP (EBGP or Exterior Border Gateway Protocol).

When BGP runs between two peers in the same autonomous system (AS), it is referred to as Internal BGP (iBGP or Interior Border Gateway Protocol). When it runs between different autonomous systems, it is called External BGP (EBGP or Exterior Border Gateway Protocol).

A host with very few services/applications running on it, usually put between the internal network and the internet. This point acts as a proxy and is the only entry point to the internal network.

Having a critical computer or machine in a physically isolated location as well as disconnecting it from the internet.

Web skimming is when a malicious code is inserted into a payment page. Whenever the customer attempts to pay online, the malicious code will steal the payment information (card number, expiry date, holder name, security code...) and send it to the attacker.

A Domain Name System (DNS) zone file is a text file that describes a DNS zone. A DNS zone is a subset, often a single domain, of the hierarchical domain name structure of the DNS. The zone file contains mappings between domain names and IP addresses and other resources, organized in the form of text representations of resource records (RR).

Service provider of domain names.

Is a technique on the World Wide Web in which a Uniform Resource Locator (URL) may be made substantially shorter and still direct to the required page.

A URL Redirection Attack is a kind of vulnerability that redirects you to another page freely out of the original website when accessed, usually integrated with a phishing attack.

Twishing refers to phishing scams that are carried over Twitter. The attacker might tweet a post interesting or strange enough to trick users into visiting a fraudulent website and logging in with their credentials.

Binary Trading (commonly also known as Binary Options Trading or Binary Options) is a type of option where the trader takes a yes or no position on the price of a stock or other assets, with the resulting payoff being all or nothing. Questionable activities such as brand infringement, unregistered establishments, identity theft, misrepresentation of potential gains and back-end manipulation of software to cheat users is common in the name of BOT. As there does not appear to be an explicit legal framework to govern binary trading, online companies continue to operate and trap victims. This type of scam is known as TRAP10.

Any word, name, symbol, or design, or any combination thereof, used in commerce to identify and distinguish the goods of one manufacturer or seller.

Top-level domain (TLD) refers to the last segment of a domain name, or the part that follows immediately after the "dot" symbol.

Removal of content (full website or profile) that affects a brand or individual including cybersquatting.

Socialbots are software programmed to behave like humans on social media by posting pictures, retweeting, and even chatting with people. Socialbots can be used for malicious purposes such as distorting public opinion during political campaigns, marketing, and spreading scams.

A method of acquiring spam for analysis, via planting of bogus email addresses which are rigged to forward emails to a specific mailbox.

Shutting down of Content and Websites related to Phishing Activities. Asking host to takedown certain content.

Defensive Registration refers to registering domain names, often across multiple TLDs and in varied grammatical formats, for the primary purpose of protecting intellectual property or trademark from abuse, such as cybersquatting.

Real-time Blackhole List (RBL) is a service where users can check whether an IP address/domain is on a known blacklist.

A process to regain control over a hijacked account.

A polymorphic virus is a malicious program that modifies itself when it replicates. This technique enables it to evade detection by security software.

Phish tagging allows banks to understand how attackers use the phished data. Banks can create fake customer accounts and share the credentials with CTM360. CTM360 uses these credentials on phishing sites targeting that bank and then the bank can observe what the attacker does with the phished data.

It is an advanced brute-force technique that attempts to attack multiple user accounts with commonly used passwords.

States which nameservers handle queries about the location of a domain name.

Attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

A proxy Trojan horse that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host web application.

Providing security vendors fraudulent IP and Domains to be blocked in real-time through browsers, email firewalls, ISPs, proxies and any other relevant security products.

Malware designed to record sensitive information that the targeted user provides in forms on the Internet. These malware particularly target the victim’s financial information.

An Extended Validation Certificate (EV) is a certificate used for HTTPS websites and software that proves the legal entity controlling the website or software package.

Is an X.509 digital certificate typically used for Transport Layer Security (TLS) where the identity of the applicant has been validated by proving some control over a DNS domain.

Reporting a fraudulent domain to a domain authority and requesting its suspension.

DNS spoofing (or DNS cache poisoning) is an attack whereby data is introduced into a Domain Name System (DNS) name server's cache database, causing the name server to return an incorrect IP address, diverting traffic to another computer.

The Digital Millennium Copyright Act is a 1998 United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization. It criminalizes production and dissemination of technology, devices, or services intended to circumvent measures that control access to copyrighted works.

False data is submitted to phish sites to dilute the quality of information collected by the phisher.

Removing links/emails from Blackhole list.

The process of rewriting the URL into a form that cannot be clicked.

Removing fraudulent sites from search engine rankings.

Country Code Top Level Domain. It is a top level domain that is reserved for a country/territory.

A document sent to an individual or business to halt purportedly unlawful activity ("cease") and not take it up again later ("desist").

Promoting a brand, product or service by streaming video of events, product demonstrations and other offline experiences through online media channels.

A cyber attack that comprises multiple attack vectors and malware is known as a blended attack. Such attacks usually cause severe damage to targeted systems.

Bank Identification Number. Which is the starting digits of a credit card, most commonly 6 or 8 digits.

Refers to the registration of a domain names one bit different than a popular domain. The name comes from typo-squatting: the act of registering domain names one key press different than a popular domain.

Astroturfing is abusing the power of customer reviews on sites like Yelp, Facebook, Amazon and others. Either a place of business will post rave reviews from fake customers about their product, or a business will post bad reviews about a competitor.

Advanced Persistent Threats are attacks in which the attacker stays inside the system to spy and steal information rather than penetrate the network to cause damage.

An app asking the user to grant permission to be able to execute tasks on their device without consent or without informing the user.

An attack in which the fraudster will masquerade as a customer support representative on social media to send phishing links to customers in order to get their information such as username and password as well as other personal information.

Registrars that are officially recognized by a Registry to provide domain-related services.

Suspension of fraudulent emails or social media accounts.

A Whois record contains all of the contact information associated with the person, group, or company that registers a particular domain name. Typically, each Whois record will contain information such as the name and contact information of the Registrant, the name and contact information of the registrar, the registration dates, the name servers, the most recent update, and the expiration date.

Whaling is a type of fraud that targets high-profile end users such as C-level corporate executives, politicians and celebrities.

Vishing (voice phishing) is a form of attack that attempts to trick victims into giving up sensitive personal information over the phone.

An attack strategy targeting a large group of individuals by observing the websites most visited and infecting them with malware.

Mobile App published on the internet claiming to be published by client's organization.

Posting a job declaring affiliation to a company or individual without consent.

Declaring affiliation to a company or individual without consent.

Websites that provide online storage of text, similar to an online Notepad. Often, a source for copyright infringement.

The lower the preference, the higher the priority a mail server has to receive mail.

Suspicious Profiles on any social media websites that have association with the client.

Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.