It all sounds like a load of malicious exfiltration to me!
The science of digital security testing is complex and full of baffling jargon. So here is a very simple guide to some of the terms we use on our website. Please note, this is a novice-level glossary; it greatly simplifies the concepts behind each term. If you want to talk shop at a rather higher level, feel free to call us.
The term Advanced Persistent Threat (APT) refers to a potential attacker that has the capability and the intent to carry out advanced attacks against specific high profile targets in order to compromise their systems and maintain permanent control over them in a stealthy manner. APT attacks often rely on new malware, which is not yet known to and recognized by traditional anti-virus products. APTs require significant resources and expertise and are often politically motivated (espionage). Than are run, overseen or bankrolled by a controlling authority or client, rather than being the work of an individual malicious actor.
A secret method of bypassing security controls in a computer system. A backdoor may have been built into a system for legitimate reasons, such as to allow authorised access, but it nevertheless creates an exploitable vulnerability in a system.
Crypto-ransomware is a piece of malicious software which will encrypt documents, photos and other key files on a victim computer, and demand a ransom to be paid. Once the victim pays the ransom, the malware authors provide a key to the victim which can be used to decrypt the encrypted files.
Simply put, data theft. The unauthorised copying, transfer or retrieval of data from a computer. It can be achieved manually, but is more often performed by cybercriminals operating over a network or the internet, via malicious programmes. Data exfiltration usually occurs as a deliberate and targeted attack when a hacker targets a specific piece or set of data.
A type of Trojan that is usually smuggled into a PC via an email or attachments or download, and launches malware by “dropping” it. Droppers often go undetected because they are hidden, not being associated with files like much other malware. They impede the functioning of targeted computers, and can install themselves onto a disc or hard drive. They launch their payload whilst disguising themselves within computer systems. Generally the most effective protection against droppers is anti-spyware.
Historically, efficacy testing has been one of Effitas’ core services but it is by no means our only service. Efficacy testing is the science of assessing the effectiveness of so-called Anti-Virus software (and similar, related products) to do their job and protect a computer (or other endpoint) against malicious software attacks (or similar).
Any piece of hardware used to access the internet. If a piece of hardware is able to access the internet it is thus potentially exposed to attacks by malware. Typical endpoints are PCs, laptops, macs and smart phones.
Interestingly, thanks to the evolution of the Internet of Things, there increasingly exists the possibility of new kinds of malware attacking new kinds of hardware, such as autonomous vehicles.
An attack on a computer system, particularly if it takes advantage of an existing vulnerability in the operating system, applications, plug-ins or software.
A computer virus is considered to be “in the wild” if it is spreading via, or because of, normal, run of the mill operations on and between the computers of victims who are unaware of the virus – that is, the standard operating conditions of viruses and other malware.
The increasing degree to which hardware is becoming connected to the internet so that we can control it more remotely, more intelligently, and do more with it. For example, computer apps now allow us to control our central heating and home lighting remotely through an app. Entire city infrastructures are becoming more connected so that we can for example, control traffic lights using Artificial Intelligence that changes how traffic lights “behave” to reflect levels of traffic density, thus exerting a degree of intelligent control over traffic calming measures as and when needed. Meanwhile, “hardware” like cars is increasingly connected to the internet as cars become more computerised, especially with the rise of autonomous vehicles.
Any individual or group who sets out to create or spread a digital virus, hack, phishing attack or any other harmful form of computer or internet-based attack, regardless of their motivation. If it has a victim, then it is perpetrated by a malicious actor.
Malware analysis sandboxes are used to run malicious samples in a controlled environment. By inspecting the sample behaviour, the sandbox can decide whether the sample is malicious or not. Attackers commonly try to detect and avoid malware analysis sandboxes.
The practise of making existing malicious code look like a new piece of code (a new virus) in order to test a piece of anti-virus’s ability to protect against what it perceives as new code.
A packer is a software tool that compresses code but in such a way that it can still be executed (i.e. run – known as runtime compression). It is used usually to reduce the size of software for storage and also to deter reverse engineering. Packers usually have their own unique way of operating and leave their unique signature on code they have compressed.
Some packers are almost exclusively used for creating malware, so security apps look for code that has the signature associated with these packers and gives them extra scrutiny. Packers obfuscate code so if one wanted to disguise code that has already been flagged as malicious by security apps, using a new packer to pack it could allow the code to go undetected by the apps – but if a standard off the shelf packer is used, it will receive extra scrutiny as detailed above.
For zero day attacks, malicious actors must either create new code or attacks that never existed before, or obfuscate existing code by using a new packer. (Effitas is able to create our own packing tools with signatures never seen before – we use these to replicate zero day attacks and for APT testing).
A quick “repair job” that resolves issues in IT protection software and/or improves security. A patch can also add new features to the software.
An activity whereby a cyber-criminal attempts to acquire private or sensitive information – often username/password combinations or credit card details – directly from an unsuspecting victim. Typically the main weapon in a phishing attack is a spoof website or email message that takes the victim to a fake login page that closely imitates an authentic one (such as a login page on a banking login website) in order to extract the relevant information from the victim.
While detection and the prevention of infection is one aspect of testing, the other is remediation: how well a secure solution can remove an infection from an endpoint. Remediation, in its simplest terms, refers to protection software’s ability to “clean up” or kill an infection.
A security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untrusted programs or code without risking harm to the host machine or operating system. A sandbox provides a tightly controlled set of resources for guest programs to run in.
A common security measure used to protect web applications against exploits, vulnerabilities and attacks. WAFs are a type of firewall that monitors and blocks data as it travels to and from a web application. WAFs are especially important for businesses who use the internet for their day-to-day business with customers and can be network, host or cloud-based.
A zero-day vulnerability is a vulnerability in a computer protection software that is unknown to its vendors (or users). Until the vulnerability is fixed (usually via a patch) it can be exploited by hackers for malicious purposes. Zero-day attacks that exploit the vulnerability therefore have a very high chance of success. The day that the vendor discovers the vulnerability is known as “day zero”. Vendors then rush to create a patch that will protect their software, and provide that patch to all users of it. The longer this takes, the more likely affected systems are to be attacked by hackers aware of the vulnerability.