Theft and release of personal, private, or identifying information
doxing
A hacker who usually operates outside the law
black-hat hacker
Act of digging through trash for useful or valuable information
dumpster diving
Malware that encrypts data so the user cannot access it unless a fee, or ransom, is paid to the hacker
ransomware
Data collected from public sources as well as government sites
open-source intelligence (OSINT)
Serious flaw that exists in software and remains unknown until exploited by hackers
zero-day vulnerability
Threat actor who has infiltrated an organization with the intent of committing cybercrime against the employer
insider
Social engineering attack in which an attacker attempts to obtain a user’s personal information, through fake e-mails that appear to be real
phishing
Software or a hardware device that tracks a user’s keystrokes on a keyboard
keylogger
Part of the Internet that is not easily accessible to the average user
Dark web, also called the darknet
Malware attack that programs the infected machine to signal the attacker’s server for instruction
command and control (C&C) attack
Hacker who is motivated to hack based on ideals or personal beliefs
hacktivist
Social engineering attack in which a hacker uses stolen information to obtain additional data or access to a secure account of a victim
identity fraud
Type of malware that creates a secret or unknown access point into a system
backdoor
Commercial products that require an account and payment to access its resources to extract information, also known as a proprietary intelligence source
closed threat intelligence source
Cyberattack that prevents rightful users from accessing systems in which many hosts are contributing to attacking the victim
distributed denial of service (DDoS) attack
Stealth network attack, typically state-sponsored, that gains unauthorized access to a computer system or network and intentionally remains undetected for extended periods of time.
advanced persistent threat (APT)
Technique designed to obtain a user’s login name and password for systems
credential harvesting
Malicious software that deploys when conditions exist that the malware is seeking; the time and date are irrelevant
logic bomb
Initiative that offers rewards to those who identify flaws and vulnerabilities found in their program
bug-bounty program
Use of information systems, devices, hardware, applications, or services without explicit approval of a central IT staff
shadow IT
Group of criminals in local, national, or international enterprises who engage in illegal activity for profit
criminal syndicate
Attack that occurs when a user visits an infected web page from which ransomware is automatically downloaded to a computer without a user’s knowledge
drive-by download
Virus that changes its characteristics in an attempt to avoid detection from antivirus programs
polymorphic virus
Act of eliciting information from or about a target
reconnaissance