The vocabulary of cyber-crime

targetWith Internet security receiving attention at the highest levels these days, being aware of exactly cyberthieves may attack is a first step in understanding the problem. IOSCO’s recent research report, “Cyber-crime, securities markets and systemic risk,” included a glossary of cyber-crime.
 
Here’s a quick guide to an electronic criminal’s MO, based on the report:
 
 
Botnet attack

A hacker gains access to a group of computers and then uses them to carry out a variety of attacks on other computers

Cracking

Gaining access to a system by cracking a password

CSRF or XSRF attack Cross-site request forgery (or “sea-surf”) attack. Malware from someone who appears to be a trusted user of a site
DDoS attack Distributed denial of service attack. Flooding a network or website or network with requests, making it impossible for legitimate users to access the site
Electronic funds transfer fraud Crime related to the transfer of funds over the Internet, by diverting funds, stealing financial information, etc.
Hoax email Phony email, usually an alert about a non-existent threat, that is passed throughout a system by a large number of individuals who believe it to be true – and that overwhelms the system as a result
Key logging Recording the keystrokes made by an authorized user
Malware Computer code with malicious intentions. Malware includes Trojan horses, ransomware, rootkits, scareware, spyware, viruses and worms
Misinformation spread Using the Internet to circulate incorrect information and cause panic
Pharming Redirecting users from a legitimate site to a bogus one; information entered on the phony site is captured for fraudulent purposes
Phishing Directing users to a bogus site through an email that appears legitimate; information entered on the phony site is captured for fraudulent purposes
Trojan horse A program that appears to be harmless but actually provides backdoor entrance to a target computer
Ransomware

Restricts access to a computer; owner must pay ransom to have it removed

Rootkit Creates access points in a computer for a cybercriminal, so that they can enter undetected
Salami (slicing) attack Making small, undetectable changes over an extended period of time; “penny shaving” is a type of salami attack

Scareware

Scam software that appears to be legitimate, to encourage download
Smishing Phishing using text messages rather than emails
Spoofing Accessing a secure network by changing the remote computer’s IP address to that of a computer with special privileges; often used in DDoS attacks
Spyware Spies on activity in a computer, sending information to a third party without the owner’s consent
Virus A program that replicates rapidly within a computer causing damage to the host computer
Vishing Tricking a user (through an email or phone call) into entering credit card information into a bogus voice response system; information entered into the phony system is captured for fraudulent purposes
Website defacement Changing the appearance of a website and/or reducing its usability, usually by replacing the legitimate website with a phony one
Worm A program that spreads rapidly across computers, usually through a network
XXS attack Cross-site scripting attack. Malware injected into a trusted site, presented through a hyperlink

 

How many of these cyber-crimes are you familiar with? Are there any you would add to this list?



NICSA: 8400 Westpark Drive, 2nd Floor McLean, VA 22102 • Tel: 508.485.1500 • Fax: 508.485.1560