The terminology of cyber warfare and cyber security can be hard to understand. So here is a walk through of some of the most commonly used terms.
The list will be updated throughout the progress of this blog.
- Threat Actors
Since it is very hard to determine who is behind cyber attacks, or in general any cyber acts, the people carrying out these acts are referred to as ‘threat actors’.
Different kinds of attacks
- Disruption
Disruption is a kind of attack where a service is disrupted, e.g. a website, meaning that you will not be able to access it or to use whatever service it provides – let’s say booking a hotel room for example. This can be among others be carried out through DDoS attacks – you can read more about those further down the side.
- Penetration
Penetration is – as the name implies – when a system is penetrated. Or in other words, when someone gains access to the system through hacking. The purpose does not have to be destructive per se, but can for example be to spy on whatever is taking place within the system – or to get access to certain data.
- Exfiltration
Here you can argue that penetration is taken to the next level. This is used not only to spy on or get access to certain data, but to also steal it.
- Vandalism
Vandalism is – funnily enough – when someone actually causes harm to the system or service that they have hacked. It can be through defacement or through actually damaging information or data on the side by e.g. deleting it.
Tools
- Zero Day
A Zero Day is a vulnerability in a system, that can be used to take advantage of, penetrate or in other ways meddle with the system. It is unknown to the creators of the system, therefore, the name ‘zero day’ refers to the fact that the vulnerability has been known for zero days when it is discovered.
Zero days can be worth a lot of money, so some threat actors spend their time looking for zero days and then sells them on the black market. The buyers are, among others, states trying to secure their systems.
Imagine it as a small hole in a mosquito net, that you have not noticed, even though you thoroughly looked through the net before hanging it up. The mosquito (threat actors) will spend all night trying to find that one small hole and when it does, you won’t know, but it will make the mosquito – and every other mosquito that finds it – able to wreck complete havoc on your body.
- Bug
Bugs are mistakes in the system that can be known, but has not been fixed yet. If there is a bug it can allow for hackers to manipulate something in the system, which can eventually lead to a shut down.
- Malware
Malware is an encompassing term, that has many under categories. But overall, it is a kind of software that is, as the name suggests, evil in its core. It has been specifically developed with the goal of gaining access or damaging a unit (computer, phone, tablet etc.) In theory, malware will only be able to exist on the actual unit where it was installed, however, the different types of Malware that has been developed has allowed it to spread from one unit to another. One example of this is a worm.
Read more about Malware here.
- Worms
Worms are a type of malware that are not limited to the unit they were installed on, instead they can jump from unit to unit through the network.
Imagine it as a small worm, using the network as a trail to wiggle its long body around all the different units connected to the network (e.g. laptops), and poking its evil head out into them, leaving behind malicious traces of itself in each of the units.
- Trojan
Trojans are also a type of malware. But as the name implies, it is disguised as a legitimate software. It is a way for threat actors to gain access into a system. In other words: It is the Trojan horse of cyber attacks. It can be used for spying, stealing sensitive information or gaining backdoor access into the system. Read more about it here.
- Ransomware
Ransomware is in many ways a simpler form of Malware. Here the idea is to simply lock and encrypt the victims unit – or in even simpler terms, hold it hostage. Often the threat actor will set a ransom that the victim has to pay to have their unit and all of the information and files on it unlocked, though paying is no guarantee that the unit will be unlocked. This can both be carried out against individuals, but can also be a way to attack e.g. hospitals. Read more about ransomware and what to do about it here.
- Social Engineering
Social Engineering is a way to trick someone into letting a threat actor gain access to the system. The threat actor can for example try to figure out how to physically get into a building e.g. by posing as an employee or as maintenance and through this gain access to the system. This is why a lot of offices will ask their employees to never leave their computers without first logging out, ensuring that if anyone should try, the system would be password protected. Read more about social engineering here.
- Botnets
A Botnet is referring to when a lot of different hosts are used (laptops, phones etc.) to carry out a task. A botnet can be both bad and good. But for cyber attacks, it can be made by installing a malware on a lot of different units, without the owner of the unit being aware of it. The threat actors can then activate the malware and create a botnet, and for example carry out a DDoS attack (see description in next paragraph).
Read more about Botnets here.
- DDoS Attacks (Distributed Denial of Service)
DDoS describes an attack, where the aim is to make some kind of online service unavailable. This is done by simply sending so much traffic from so many different sources (through botnets) that the system behind the online service becomes overwhelmed. The online service can be everything from banks to informational websites. Read more about it here. This can also happen without it being a deliberate attack, for example when a certain festival’s tickets come online.
- Phishing
We probably all now those emails that end up in our spam filter. The ones about Viagra, or promising you that some prominent and very very VERY rich figure has died and that you are the sole heir to their enormous amount of money. The idea is to get you to reveal personal information such as your password or credit card information. It can also be to get you to click certain links and thereby spread malware to your computer. Luckily, by now most of us know not to believe a word they say – at least when it comes to the wacky ones.
However, the people behind these emails have gotten smarter and smarter along side us, and are therefore not as easy to spot anymore. They can now pose as your boss sending you a very believable email – and it is a real problem, that many people actually do believe these.
Other definitions
- Critical Infrastructure
Critical Infrastructure refers to sectors of a state’s infrastructure that are considered vital to the state, and if they were to be attacked or disabled in any way, it would create chaos and wreck a lot of havoc. Not just for the state but also for its citizens.
The term encompasses things such as: Banking and finance, telecommunications, transport, government systems, and emergency services. But it also focuses on things that we often take for granted in everyday life, things that might not automatically come to mind when we talk about cyber warfare such as: Electrical, gas and oil power and water supply.
If it seems hard to grasp the severity of this, try to imagine two days in a row where the internet simply did not work. It would cause all kinds of havoc in our modern internet dependent society, and most workplaces would not be able to function, whether it be a law office or a newspaper. Everything is online today. So all of society would be on pause. And as if that would not be enough, then imagine that they also cut off the telephones. What do we do then? Now we can’t communicate. If they then start attacking our banks, it won’t take long before none of us have any money left. What do we do then?
So this could potentially end up day by day destroying our society from the inside.
That’s not really a nice thought. Is it?
Explained 