The Massive Hacking Techniques Names Using in 2022
Cybersecurity news is using more and more technical terms to talk about this sector of activity. However, they are often obscure for neophytes. To facilitate understanding of this universe and better understand its challenges, it is essential to understand the jargon used. Here is a non-exhaustive list of terms commonly used when talking about hacking and cybersecurity.
A backdoor, which literally translates to a hidden door, is secret access to a computer network. It requires a master key. It should be noted that it can perfectly be used in a legal framework. Some backdoors are put in place by the owners of the network themselves and are used as an emergency exit. However, they can also be used without the knowledge of legitimate users. Cybercriminals use it to launch a cyberattack, hackers use it to install malicious programs on the victim’s network and steal certain files.
A botnet is a network of computer bots, that is to say, a set of programs connected to the web, infected with malware. They communicate with each other to perform malicious tasks. A botnet acts on computers and connected devices such as speakers, lamps, and household appliances. Once infected, internet-connected devices respond to a command center run by cybercriminals from a computer. Hackers can then use these devices to send instructions and coordinate massive operations, such as DDoS attacks, among others.
Brute force, or brute force attack (in French), is a method used in cryptanalysis. It consists in testing all the existing possibilities one by one, to discover a password or a code. The success of this attack depends on two parameters. First, the simplicity of the combination (a 4-digit code, for example) increases the number of possibilities. Then, the power of the computer that the hacker uses makes it possible to quickly calculate the probable codes. You should know that the brute force attack has a major drawback. The complexity of the password or the code can cause this method to fail because the calculation time required to test the probabilities becomes too great.
Bug bounty refers to the monetary reward given to ethical hackers who have successfully discovered and reported a vulnerability or bug. Concretely, the concept consists in delegating the security test of its site or its application to hackers outside the organization, but within a framework defined beforehand. To get their due, they are required to provide proof of the bug or a verifiable example.
Good to know: some companies manage their bug bounty programs themselves, while others go through dedicated platforms. These contribute to the definition of the rules governing the test and play the role of mediator between the hackers and the companies.
Encryption is a data protection operation based on the use of a security key. Once encrypted, the data will appear as a series of characters without logic in the eyes of a third party. To be able to read the message, you must enter a key to lifting the encryption. Be aware that security teams can apply multiple layers of encryption. For their part, hackers can also use this method as part of a ransomware attack to prevent the rightful owner of the data from accessing it.
DDoS, or denial of service attack, is a type of hack that renders a service unavailable or prevents a user from operating a service. The attack consists in overloading the server of the victim, either in traffic or in requests. The hacker’s goal is to trick the user into going offline or shutting down. You should know that the DDoS attack can be motivated by militant action, by an attempt to extort money, or even by a desire for reprisals. To achieve this, hackers use a botnet.
The dark web is the part of the Internet not accessible via standard browsers like Edge, Chrome, Firefox, or Safari. In principle, it designates sites with a “. onion” which are only accessible with the Tor network, an infrastructure maintained by volunteers. The dark web helps protect some activists and whistleblowers. On the other hand, the anonymity it offers also benefits cybercriminals. This includes illegal data marketplaces, ransomware trading and extortion sites, and discussion forums run by cybercriminals.
A data leak is defined as an incident of intentional rejection of information, personal or professional data, from a secure environment. The leak may come from a poorly secured database, an internal source, or a computer attack. The more specific and high-volume the information about an individual, the more cybercriminals are interested in it. You should know that this type of incident is managed by the General Data Protection Regulation or GDPR, on French territory.
A hacker designates an individual who diverts the use of software or programs, for malicious purposes in most cases. On the other hand, a hacker is not systematically a cybercriminal. Indeed, there are ethical hackers who are cybersecurity researchers. Their purpose is to report the vulnerabilities they find and allow the companies involved to put their findings to use.
Malware, or malicious software, refers to malicious software or programs developed to harm a computer system. There are different kinds to adapt to all types of devices.
The pentest, or penetration test, is a method of evaluating the security of a network or an information system. This type of audit is carried out by a red team or team of professional pen-testers. They will play the role of hackers until the flaws are identified. Once weaknesses in the network or client tool are detected, the team writes a report on their findings and recommendations to improve network security.
Also called phishing, phishing refers to a message intended to deceive a recipient and catch him in his net. In the majority of cases, the message is sent by e-mail or SMS. It tricks the recipient into disclosing personal information like bank details or credentials, to allow cybercriminals to use them for malicious purposes. To achieve this, the hacker imitates important personalities or companies, such as insurance, banks, and tax services. Typically, phishing campaigns target thousands of people with vague and impersonal messages. However, some operations may target a handful of individuals or high personalities.
Ransomware, or ransomware, is malware that encrypts victims’ networks to disable their computers. Perpetrated against companies, this type of computer attack can affect all other machines connected to computers, including security gates, printers, telephone lines, as well as e-mail addresses. After encryption, this ransomware drops a ransom note on infected machines. For individuals, the amount often amounts to a few hundred euros. For companies, the ransom can amount to tens of millions of euros. The hacker provides a tool to decrypt the system after the victim pays the demanded amount.
Sextortion is a form of recurring online blackmail. The hacker will make his victim believe that he has compromising sexual content on her. The hacker then threatens to leak these alleged contents on the internet unless the victim pays a ransom.
supply chain attack
The supply chain attack or supply chain attack is a cyberattack that seeks to damage an organization. It targets the least secure parts of the supply chain. In practice, hackers seek to infect software at the root of its development and corrupt all versions. This operation allows cybercriminals to attack all users of the program.
VPN or Virtual Private Network is a secure tunnel inside a network. It is used to pass information from an internet connection to another server, without risk. It helps to protect data. Suspicious actions on the network will be detected immediately. It should be noted that in a private setting, the VPN makes it possible to hide the IP address of a device.
In cybersecurity, the term ” vulnerability ” refers to all design flaws in software. Cyber attackers exploit these vulnerabilities for malicious purposes. Indeed, the vulnerabilities allow hackers to remotely install malicious programs on the victim’s device. Some of them even give the possibility of disfiguring a site or destroying a program. It should be noted that all software has one or more vulnerabilities until vendors discover and fix them.