150 Malware & Cybersecurity Terms and Their Definitions
Understanding the concept of cybersecurity is a challenging task, not just because of the potential malicious threats, but also because of the sophisticated terms we use to describe them. From basic cybersecurity words to cybersecurity key terms used by experts, knowing the right vocabulary can be essential. Whether you're a cybersecurity professional, an enthusiast, or someone who just wants to stay safe online, understanding the cybersecurity terminology can feel overwhelming.
It's not just about knowing what does "virus" or "malware" mean anymore. It's important to know the difference between the terms like "worm" and "Trojan," or understanding the impact of a "zero-day attack" versus a "phishing scam." To help with this, we've put together a comprehensive list of over 150 common cybersecurity terms in a dictionary-like article for you to use as a cheat sheet.
This easy-to-understand guide is perfect for anyone looking to learn about cybersecurity, whether you're experienced or just getting started to understand to being safe out there. Use this article as your go-to resource to familiarize yourself with the vocabulary of cybersecurity and keep being informed about the potential malware threats you may encounter. By learning these terms, you'll be better at protecting yourself and others.
Add this article to your bookmarks so you can always use it as a cheat sheet!
Access Control
The selective restriction of access to data. It involves authentication and authorization to ensure that only the right people have access to certain resources.
Advanced Encryption Standard (AES)
A symmetric encryption algorithm widely used across the globe to secure data.
Adware
Software designed to display advertisements on your computer or mobile device.
Anomaly-Based Detection
A method of detecting malware that looks for unusual behavior or patterns rather than matching against a database of known signatures.
Antivirus
Software designed to detect, prevent, and remove malware.
APT (Advanced Persistent Threat)
A prolonged, aimed attack on a specific target with the intent to compromise their system and gain information from or about that target.
Backdoor
A method of bypassing normal authentication procedures to gain unauthorized access to a computer system.
Behavioral Analysis
Analyzing the behavior of a program to identify malicious actions.
Blacklisting
The practice of identifying certain entities that are denied access or privileges for various reasons.
Blue Team
A group of security professionals responsible for defending an organization's information systems against cyberattacks.
Bot
A computer infected by malware that is controlled remotely by a hacker, often as part of a botnet.
Botnet
A network of bots controlled by attackers, usually used for malicious purposes like DDoS attacks or spamming.
Bricking
Rendering a device or system completely unusable, often through malicious intent or a severe software error.
Brute Force Attack
An attempt to crack passwords or encryption by trying every possible combination of characters until the correct one is found.
Buffer Overflow
An anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory.
Business Email Compromise (BEC)
A type of scam targeting companies who conduct wire transfers and have suppliers abroad.
C&C (Command and Control)
Servers with which infected computers (bots) communicate to receive commands.
Certificate Authority (CA)
An entity that issues digital certificates certifying the ownership of a public key by the named subject of the certificate.
Certificate Spoofing
The act of forging a digital certificate to masquerade as a trusted entity.
Chain of Custody
In digital forensics, the chronological documentation showing the seizure, custody, control, transfer, analysis, and disposition of evidence, physical or electronic.
Clickjacking
A technique used by attackers to trick users into clicking on something different from what the user perceives, potentially revealing confidential information.
Cloud Security
The set of policies, controls, procedures, and technologies that work together to protect cloud-based systems, data, and infrastructure.
Code Injection
The exploitation of a computer bug that is caused by processing invalid data. Injection is used by an attacker to introduce (or "inject") code into a vulnerable computer program and change the course of execution.
Code Signing
The process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted.
Credential Stuffing
A cyberattack method in which attackers use lists of compromised user credentials to breach into a system.
Cross-Site Scripting (XSS)
A security breach that allows attackers to inject malicious scripts into content from otherwise trusted websites.
Cryptographic Hash Function
A hash function that is designed to be a one-way function, meaning it cannot be reversed. It is used in various security applications and for integrity verification.
Cryptography
The practice and study of techniques for secure communication in the presence of third parties.
Cryptojacking
The unauthorized use of someone else’s computer to mine cryptocurrency.
CSIRT (Computer Security Incident Response Team)
A group of experts that responds to security breaches or incidents.
CVE (Common Vulnerabilities and Exposures)
A list of publicly disclosed cybersecurity vulnerabilities and exposures.
Cyber Espionage
The act or practice of obtaining secrets without the permission of the holder of the information (personal, sensitive, proprietary, or classified), for personal, economic, political, or military advantage through illicit means.
Cybersecurity Framework
A structured set of guidelines and best practices to manage and reduce cybersecurity risk.
Data Breach
An incident in which information is accessed without authorization.
Data Encryption Standard (DES)
A previously predominant symmetric-key algorithm for the encryption of electronic data, now considered to be insecure for many applications.
Data Exfiltration
The unauthorized transfer of data from a computer or other device.
Data Loss Prevention (DLP)
A strategy for making sure that end users do not send sensitive or critical information outside the corporate network.
DDoS (Distributed Denial of Service)
An attack that floods a website or network with so much traffic that it becomes inaccessible.
Deauthentication Attack
A type of attack that removes users from a wireless network without them or the network admin realizing it.
Decompiling
Converting executable code back into a higher-level code that can be analyzed by humans.
Deep Packet Inspection
A form of computer network packet filtering that examines the data part (and possibly also the header) of a packet as it passes an inspection point.
Denial of Service (DoS)
An attack meant to shut down a machine or network, making it inaccessible to its intended users.
Digital Forensics
The process of uncovering and interpreting electronic data for use in a court of law.
Docker
A set of platform-as-a-service products that use OS-level virtualization to deliver software in packages called containers.
Domain Generation Algorithm (DGA)
An algorithm seen in various families of malware that generates a large number of domain names that can be used as rendezvous points with their command and control servers.
Drive-by Download
The unintentional download of malicious code to your computer or mobile device, leaving it infected.
Dynamic Analysis
Analyzing malware by executing it in a controlled environment to observe its behavior.
Eavesdropping Attack
The unauthorized real-time interception of a private communication, such as phone calls, instant messaging, videoconferencing, or fax transmission.
Encryption
The process of converting information or data into a code, especially to prevent unauthorized access.
Endpoint Detection and Response (EDR)
A cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats.
Endpoint Security
The approach to protecting computers and mobile devices on a network from cybersecurity threats.
Ethical Hacking
The practice of employing the same tools and techniques as attackers in order to discover and repair vulnerabilities before they can be exploited.
Evading Antivirus Software
Techniques that malware uses to avoid detection and analysis by antivirus software.
Exploit
A piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software or hardware.
Exploit Kit
A toolkit used by hackers to exploit security holes in software for the purpose of spreading malware.
False Positive
An error in malware detection in which a clean file is incorrectly identified as malicious.
Fileless Malware
Malware that operates without placing malicious files on the system it infects, instead utilizing scripts or other in-memory forms of execution.
Firewall
A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
Firmware
Permanent software programmed into a read-only memory.
Forensic Analysis
The detailed investigation of how and when a breach occurred, with attempts to recover data and secure the system.
Fuzzing
A software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program.
General Data Protection Regulation (GDPR)
A regulation in EU law on data protection and privacy in the European Union and the European Economic Area.
Grey Hat Hacker
A security hacker or cybersecurity professional who may sometimes violate laws or typical ethical standards, but does not have the malicious intent typical of a black hat hacker.
Hash Value
A unique string of characters generated by a hash function, used to verify the integrity of files.
Heuristic Analysis
A technique used for detecting malware based on rules or algorithms to identify suspicious behavior.
Honeypot
A decoy system or network set up to attract and trap individuals attempting to penetrate other people's systems.
Identity Theft
A type of fraud that involves using someone else's identity to steal money or gain other benefits.
Incident Management
The process by which an organization handles a data breach or cyber-attack, including the way the organization attempts to manage the consequences of the attack or breach.
Incident Response
The methodology an organization uses to respond to and manage a cyberattack.
Internet of Things (IoT)
The network of physical objects—devices, vehicles, buildings, and other items—embedded with electronics, software, sensors, and network connectivity that enables these objects to collect and exchange data.
Intrusion Detection System (IDS)
A device or software application that monitors a network or systems for malicious activity or policy violations.
IOC (Indicator of Compromise)
Artifacts observed on a network or in an operating system that with high confidence indicate a computer intrusion.
IP Spoofing
A technique used to gain unauthorized access to computers, wherein the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.
IPS (Intrusion Prevention System)
A network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits.
Kerberos
A network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography.
Keylogger
Malware that records every keystroke made by a computer user, especially in order to gain fraudulent access to passwords and other confidential information.
Lateral Movement
The techniques that a cyber attacker uses after gaining access to a network to move deeper into the system to find and gain access to valuable data.
Logic Bomb
A piece of code intentionally inserted into software to execute a malicious function when certain conditions are met.
Malvertising
The use of online advertising to spread malware.
Malware
Malicious software designed to disrupt, damage, or gain unauthorized access to a computer system.
Malware Analysis
The process of studying malware to understand how it works, how to identify it, and how to defend against it.
Malware-as-a-Service (MaaS)
The practice of leasing out malware on a subscription basis, often used by attackers who don't have the expertise to create their own.
Memory Corruption
An unexpected behavior in a computer program due to errors in reading, writing, or deleting data in memory.
MITM (Man-In-The-Middle Attack)
An attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
Mobile Code
Software modules obtained from remote systems, transferred across a network, and then downloaded and executed on a local system without explicit installation or execution by the recipient.
Multi-Factor Authentication (MFA)
A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
Network Forensics
The process of capturing, recording, and analyzing network events in order to discover the source of security attacks or other problem incidents.
Network Sniffing
The use of a software tool to capture and analyze the packets sent and received over a network.
OAuth
An open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.
Obfuscation
The deliberate act of creating source or machine code that is difficult for humans to understand.
Open Web Application Security Project (OWASP)
An online community that produces freely available articles, methodologies, documentation, tools, and technologies in the field of web application security.
Packer
A tool that compresses, encrypts, or modifies a malware's binary to evade detection.
Password Cracking
The process of attempting to gain unauthorized access to restricted systems using common passwords or algorithms that guess passwords.
Patch
A piece of software designed to update a computer program or its supporting data, to fix or improve it.
Patch Management
The process of distributing and applying updates to software. These patches are often necessary to correct errors (known as vulnerabilities or bugs) in the software.
Patch Tuesday
The day on which Microsoft regularly releases security patches for its software products.
Payload
The part of the malware that performs a malicious action.
Penetration Tester
A cybersecurity professional who performs attacks on computer systems to check for vulnerabilities without the intention of causing harm.
Penetration Testing
The practice of testing a computer system, network, or web application to find vulnerabilities that an attacker could exploit.
Pharming
A cyber attack intended to redirect a website's traffic to another, fake site.
Pharming Attack
A cyberattack intended to redirect a website's traffic to another, fraudulent site.
Phishing
The attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity in an electronic communication.
Phishing Kit
A toolkit used by cybercriminals to set up phishing websites without much effort or programming knowledge.
Polymorphic Code
Code that uses a polymorphic engine to change itself every time it is executed, to avoid detection by antivirus software.
Public Key Infrastructure (PKI)
A set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption.
Ransomware
Malware that encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.
Red Team
A group that plays the role of an enemy to test the effectiveness of a cybersecurity system.
Reverse Engineering
The process of analyzing software to identify its components and their interrelationships, often used to understand how the software operates.
Risk Assessment
The process of identifying, analyzing, and evaluating risk. It helps to ensure that the cyber risks to the organization's information and information assets are identified and understood in a comprehensive manner, allowing the organization to make informed decisions about how to treat those risks.
Risk Management
The process of identifying, assessing, and controlling threats to an organization's capital and earnings.
Rooting
The process of obtaining root access to a device, often used in the context of gaining control over mobile devices.
Rootkit
A set of software tools that enable an unauthorized user to gain control of a computer system without being detected.
Sandbox
A security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading.
Secure Shell (SSH)
A cryptographic network protocol for operating network services securely over an unsecured network.
Security Audit
A comprehensive evaluation of an organization's information system by measuring how well it conforms to a set of established criteria.
Security Information and Event Management (SIEM)
A set of tools and services offering a holistic view of an organization’s information security.
Security Policy
A defined set of guidelines and practices that regulate how an organization manages, protects, and distributes sensitive information.
Session Hijacking
The exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system.
Signature-Based Detection
Detecting malware based on specific patterns or signatures that are unique to each piece of malware.
Social Engineering
The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
Social Engineering Attack
An attack that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.
Software as a Service (SaaS)
A software distribution model in which a third-party provider hosts applications and makes them available to customers over the Internet.
Software Vulnerability Scanning
The automated process of scanning a system for known software vulnerabilities.
Spear Phishing
A more targeted form of phishing, where the attacker chooses specific individuals or enterprises.
Spoofing
The act of disguising a communication from an unknown source as being from a known, trusted source.
Spyware
Software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.
SQL Injection
A code injection technique used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution.
SQL Slammer
A fast-spreading worm that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic.
SSL Stripping
A technique used by attackers to downgrade a secure HTTPS connection to an insecure HTTP connection.
Static Analysis
The examination of code without executing it, to find vulnerabilities or malicious behavior.
Steganography
The practice of concealing messages or information within other non-secret text or data.
Supply Chain Attack
A cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply network.
Threat Hunting
The proactive search for malware or attackers that are hiding in a network.
Threat Intelligence
Evidence-based knowledge, including context, mechanisms, indicators, implications, and actionable advice, about an existing or emerging menace or hazard to assets.
Threat Vector
A path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome.
Trojan Horse
Any malware that misleads users of its true intent.
Two-Factor Authentication (2FA)
A security process in which users provide two different authentication factors to verify themselves. This process is done to protect both the user's credentials and the resources the user can access.
URL Redirection
The technique of making a web page available under more than one URL address.
Virtual Private Network (VPN)
A network that is constructed using public wires — usually the Internet — to connect to a private network, such as a company's internal network.
Virus
A type of malware that replicates by inserting copies of itself into other computer programs, data files, or the boot sector of the hard drive.
Vishing
The fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers.
Vulnerability
A weakness in a system that can be exploited by threats to gain unauthorized access to or perform unauthorized actions on a computer system.
Vulnerability Scanner
A tool that automates the process of identifying and evaluating potential vulnerabilities within network devices or software.
Whitelisting
A security process that allows only specified software to run on a computer system.
Wiper
Malware designed to erase data from the hard drive of the computer it infects.
Worm
A malware computer program that replicates itself in order to spread to other computers.
Zero Trust Security Model
A security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access.
Zero-Day Attack
An attack that exploits a previously unknown vulnerability in a computer application or operating system before the software developer has released a patch to fix it.
Zero-Day Vulnerability
A software vulnerability that is unknown to, or unaddressed by, those who should be interested in mitigating the vulnerability.
Zombie
A computer connected to the Internet that has been compromised by a hacker, computer virus, or Trojan horse and can be used to perform malicious tasks under remote direction.
Understanding these words and terms commonly used in the field is crucial. Knowing these terms isn't just smart; it helps you to stay safe and be able to take precautions.
It is a cheat sheet designed for you to use as a guide to help you learn the basic terms related to cybersecurity and malware. You'll be more aware to recognize and be better prepared to protect yourself from potential cyber threats by learning about these words and their meanings.
Whoever you are, if you are active online; this is your guide to be safe out there. Think of it like a dictionary for cybersecurity - something you can look at when you're not sure what a cybersecurity term means.
Don't forget to add this article to your bookmark to use it as a cheat sheet when needed!