Show:
Threats
Threat Actors
Social Engineering
Malware
Intel
100

Theft and release of personal, private, or identifying information 

doxing 

100

A hacker who usually operates outside the law 

black-hat hacker 

100

Act of digging through trash for useful or valuable information 

dumpster diving 

100

Malware that encrypts data so the user cannot access it unless a fee, or ransom, is paid to the hacker 

ransomware 

100

Data collected from public sources as well as government sites 

open-source intelligence (OSINT) 

200

Serious flaw that exists in software and remains unknown until exploited by hackers 

 

zero-day vulnerability 

200

Threat actor who has infiltrated an organization with the intent of committing cybercrime against the employer 

insider 

200

Social engineering attack in which an attacker attempts to obtain a user’s personal information, through fake e-mails that appear to be real

phishing 

200

Software or a hardware device that tracks a user’s keystrokes on a keyboard 

keylogger 

200

Part of the Internet that is not easily accessible to the average user

Dark web, also called the darknet

300

Malware attack that programs the infected machine to signal the attacker’s server for instruction 

command and control (C&C) attack 

300

Hacker who is motivated to hack based on ideals or personal beliefs 

hacktivist 

300

Social engineering attack in which a hacker uses stolen information to obtain additional data or access to a secure account of a victim 

identity fraud 

300

Type of malware that creates a secret or unknown access point into a system 

backdoor 

300

Commercial products that require an account and payment to access its resources to extract information, also known as a proprietary intelligence source 

closed threat intelligence source 

400

Cyberattack that prevents rightful users from accessing systems in which many hosts are contributing to attacking the victim 

distributed denial of service (DDoS) attack 

400

Stealth network attack, typically state-sponsored, that gains unauthorized access to a computer system or network and intentionally remains undetected for extended periods of time. 

advanced persistent threat (APT) 

400

Technique designed to obtain a user’s login name and password for systems

credential harvesting 

400

Malicious software that deploys when conditions exist that the malware is seeking; the time and date are irrelevant 

logic bomb 

400

Initiative that offers rewards to those who identify flaws and vulnerabilities found in their program 

bug-bounty program 

500

Use of information systems, devices, hardware, applications, or services without explicit approval of a central IT staff 

shadow IT 

500

Group of criminals in local, national, or international enterprises who engage in illegal activity for profit 

criminal syndicate 

500

Attack that occurs when a user visits an infected web page from which ransomware is automatically downloaded to a computer without a user’s knowledge 

drive-by download 

500

Virus that changes its characteristics in an attempt to avoid detection from antivirus programs 

polymorphic virus 

500

Act of eliciting information from or about a target 

reconnaissance