Cybersecurity news tends to translate into technical jargon, which is difficult for neophytes to understand. At Numerama, we are convinced that the issues related to the sector concern the greatest number of people, and that it is possible to understand them without dwelling on the technical nuances.
On the other hand, it is still necessary to have some concepts in mind. So to help you better follow cybersecurity, here is a quick tour of recurring terms in the industry.
Put on your best hoodie. // Source: Louise Audry for Numerama
Backdoor
A backdoor, or “backdoor” in French, is an alternative access to a computer network. In most cases, the backdoor is installed by cybercriminals without the knowledge of network officials, following a cyberattack. It allows them to install programs on the victim's network and extract certain files to their own servers. Important detail: some backdoors are installed by the company itself, especially in certain specific legal cases.
Botnet
A botnet is a collection of thousands of "zombie" machines infected with malware. These machines can be computers, but also much smaller connected devices such as lamps, speakers, or household appliances.
All of these internet-connected devices respond to a single computer, a command center controlled by cybercriminals. The latter will be able to use it to send instructions and thus coordinate massive operations, such as DDoS attacks, from devices that do not even belong to them.
Most often, botnet operators rent it out to other criminals for a certain duration or operation. Among the famous botnet examples are Emotet, TrickBot, or more recently Mēris.
brute force
The brute force attack consists in testing all the existing possibilities, one by one, to find a code or a password. Two criteria are then taken into account:
Most online authentication portals now have protections against this kind of attack: for example, they limit the number of password entries to a certain threshold.
There are several subgenres of the brute force attack, the best known being the “dictionary attack”, which is widely used in the discovery of passwords. Rather than testing all possible combinations of digits and characters, attackers will test the most commonly used passwords, and their close derivatives. Thus, they do not test the integrity of possible combinations - which quickly becomes unfeasible - but they focus on those with the highest probability of working.
bug bounty
A bug bounty mobilizes hackers outside the organization to test the security of its site or app, according to a predefined upstream framework. The company provides a financial reward grid (a bounty) depending on the type of problem (or bug) discovered.
When one of the researchers discovers a problem, he must provide a proof of concept, that is to say a verifiable example. Companies can manage their bug bounty programs themselves, but most go through dedicated platforms like HackerOne or YesWeHack. These companies help to define the rules of the bug bounty, then assume the role of mediator between the companies and the hackers, on the evaluation of the flaws reported.
encryption
To protect data, security teams have the ability to apply layers of encryption. Concretely, the data will appear in the form of a seemingly illogical sequence of characters if they are discovered by an outside person. To read them, you will need the key capable of lifting the encryption.
The question of encryption comes up very often in the debates. // Source: Melvyn Dadure for Numerama
It should be noted that encryption can also be applied by a criminal, for example in the context of a ransomware attack.
DDoS
The DDoS attack - "by denial of service", in French - consists in overloading the victim's server with traffic or requests, with the aim of forcing it to go offline or to stop.
This attack may be motivated by an attempt to extort money, a desire for reprisals or even militant action. DDoS launchers most often give themselves access to a botnet to achieve this.
Sometimes DDoS are so massive that there is no way to resist it. But most sites have automatic protections, like those offered by Cloudflare, and they can make adjustments while the attack takes place.
dark web
The "dark web" is a vague term, which encompasses all the part of the Internet that is not accessible from a classic Internet browser such as Firefox, Chrome, Edge or Safari.
Most often, the term refers to .onion sites, accessible only through the Tor network. This deregulated part of the Internet, whose infrastructure is maintained by volunteers, protects certain activists and whistleblowers, but also allows cybercriminals to organize themselves.
There are illegal markets for data, drugs or firearms; ransomware trading and extortion sites; or even forums where cybercriminals discuss. Often fantasized, these sites are mostly very rudimentary and unstable.
Data leak
From the moment a person obtains access to data that he should not have seen, we can speak of a data leak. A leak can come from a poorly secured database, a computer attack, or an internal source.
All kinds of criteria are taken into account to estimate the dangerousness of a data leak, and they must be assessed on a case-by-case basis. But generally, the more precise and numerous the data on the same individual, the more interesting the leak will be for criminals. The overall volume of data is only a secondary indicator of the severity of a leak.
In France, the management of a data leak is dictated by the General Data Protection Regulation, the famous European GDPR. Companies must notify the data authority, the Cnil, within 72 hours of the incident. Then, they will have the obligation to warn the people concerned by the leak within the following 72 hours, in the event that it represents a “high risk”.
hacker
The term "hacker" refers to people who divert the use of software, sometimes for malicious purposes. However, “hacker” is not synonymous with “cybercriminals”. For example, the term "ethical hacker" (which corresponds to a certification) more broadly refers to cybersecurity researchers who report their findings to the companies concerned, instead of using them for their benefit.
malware
Called “maliciels” in French, malware is software developed with the aim of performing malicious tasks. There are all kinds, suitable for all types of devices.
Often, the term "virus" is misused to refer to malware, when it is only a specific type of malware, capable of spreading and multiplying quickly on a system.
pentest
A pentest, or penetration test, is a type of security audit. It is led by a "red team", a team of professional "pentesters" who will take on the role of malicious hackers for the time to identify the weaknesses of the network or the client's tool. This team will then write a report and make recommendations to improve network security.
To obtain certain security certifications, companies agree to regularly carry out a pentest.
Phishing
Phishing is a misleading message with malicious intent. In the majority of cases, criminals will try to obtain your bank details or your identifiers. To achieve this, they will imitate personalities or companies such as Health Insurance, Fnac, the Post Office, the government or even the tax service.
Most often sent by email, phishing can also be sent by SMS (we will then speak of "smishing"), and they are even available on messaging apps like WhatsApp and Signal
To detect phishing, time is your friend. // Source: Claire Braikeh for Numerama
The majority of phishing campaigns target several thousand people with a rather vague and impersonal message. But other operations target only a handful of individuals, or even one person in particular. We will then speak of “spear phishing”, literally “phishing with a harpoon”. This type of phishing is more dangerous, because it is much more detailed: the criminal will be informed about his victim and will write a personalized message. The more details he provides, the more the victim is at risk of biting phishing and being tricked.
A sub-genre of phishing, the “president scam” comes up regularly in the news: criminals pretend to be a manager of a company, and ask employees lower in the hierarchy of this same company to make transfers or to give them identifiers.
Protecting yourself against phishing is both simple, because there is no need for technical skills, and difficult, because you always have to be on the lookout for suspicious details that would reveal a subterfuge.
Ransomware
Ransomware is devastating malware. They encrypt the victim's network, which has the effect of disabling the affected computers. In cases where the victims are companies, the malicious program also affects the operation of connected machines such as printers, security gates or even instruments used on the factory assembly line. Even work phone lines and email addresses can be crippled.
Immediately after encryption, ransomware deposits ransom notes on infected machines for their victims, to be paid in cryptocurrencies. The amount amounts to several hundred euros for ransomware that targets individuals, and can be counted in tens of millions of euros for those that target companies.
If the victim pays, the gang agrees to provide them with a tool to crack their systems and (in theory) return to normal. If she refuses to pay, he threatens to publish stolen confidential data on the network. For many reasons, cybersecurity professionals almost unanimously advise against paying.
The overwhelming majority of ransomware operates on a ransomware-as-a-service (or RaaS) model:
Sextortion
Sextortion is a recurring type of online scam. The thug will make his victim believe that he has compromising sexual content about her, and threaten to disclose it. For example, he will imply that he hacked into his computer's camera and got some masturbation videos.
The scammer will offer his victim not to post the alleged sexual images in exchange for paying a ransom.
supply chain attack
The supply chain attack is one of the most laborious cyberattacks to implement. It consists of infecting software at the root of its development, so as to corrupt all its versions. This manipulation allows cybercriminals to attack all users of the software at once.
The SolarWinds case, discovered at the end of 2020, is the most recent example. Russian hackers broke into the production engine of the Orion network management software, in order to deposit malicious code there. SolarWinds did not detect their manipulations, and it distributed an infected version of its own software to more than 18,000 customers. Orion had Sunburst on board, a backdoor that spies were able to use to infiltrate the networks of several branches of the US government and tech giants.
vpn
The VPN or Virtual private network, is a tool that allows you to pass your Internet connection through another server.
In the professional context, this server can be that of your company, which will allow it to detect suspicious actions on the network.
In the private context, VPNs make it possible to hide – in a superficial way – the IP address of your device, or even to access foreign services.
Vulnerability
Vulnerabilities, commonly referred to as flaws, are software design flaws. Most often, the term "cyberattack" refers to the exploitation of one or more vulnerabilities for malicious purposes.
Vulnerabilities receive an identifier (starting with CVE) and an assessment of their criticality. For example, RCE (remote code execution) vulnerabilities are among the most dangerous because they allow an attacker to install malicious programs on the victim's device, all remotely. Others can disfigure a site, or simply crash a program.
When new types of vulnerabilities are discovered, we speak of “zero days”. Then most of them end up receiving a patch, or "patch", which repairs the defect and prevents it from being exploited.
Most major vendors release one large security patch per month, patching dozens of vulnerabilities at a time. In other words, all software has them: publishers just have to discover them and fix them before criminals exploit them. Unfortunately, this confrontation is skewed in favor of cybercriminals.
Farewell Touch Bar, I won't regret...
Caddy, the only web server to use H...
Burkina Faso / Gabon (TV / Streamin...
What the future of work will not b...