From ‘hacker’ to ‘ransomware’, see digital security glossary

Cases of cyber attacks have grown with the digitalization forced by the pandemic. Check below terms that are increasingly present in the daily lives of companies and internet users.

THE

APT: the acronym stands for Advanced Persistent Threat. They are virtual attacks with a high level of complexity that usually target more secure networks, such as corporate networks.

DDoS Attack: Also known as a denial of service attack, it attempts to saturate the server’s processing capacity by reducing or dropping the connection and taking a page or application down. Often used to extort — the system works again upon payment

B

Blockchain: used in cryptocurrency transactions, it is like a virtual and public ledger. It is translated as “block chain”. Transactions are recorded in blocks that are appended to the chain. Through the blockchain network, all users have access to transaction records

Bot: diminutive of robot (robot, in Portuguese). Program that performs automated and repetitive tasks. They can be useful and harmless or used illegally, being related, for example, to movements that influence elections

Ç

Trojan Horse: malware that disguises itself as secure software to infiltrate a device. It arrives on a system after installing files that seem harmless. It is capable of interrupting computer operation and stealing personal information

Cybercriminal: person who uses technology to commit crimes. Cybercrimes encompass offenses that include hacking into systems, spreading malware and stealing information. Victims range from ordinary users to large companies, which can be targets of millionaire scams

Cookies: file that is saved in the system after accessing a page. Cookies help the site to identify who the users are and to save preferences. By allowing cookies, the user agrees to share some of their personal data, including search history

Cryptography: technique that seeks to ensure security in communication made by electronic devices

Cryptocurrency: is a cryptocurrency-protected digital currency. There are thousands of types, the most famous being bitcoin. It can be decentralized, when using blockchain technology, or centralized, when there is regulation by a Central Bank.

Cryptojacking: occurs when users download malware-infected files and allow criminals access to the computer. Attackers make unauthorized use of machine power to mine cryptocurrencies and generate profit

D

Dark web: is a network of websites and content accessible only via specific software, such as Tor. Form a part of the deep web

Deepfake: use of AI (Artificial Intelligence) to produce false and hyper-realistic images, videos or audios of human beings. The applications range from entertainment to the dissemination of false information, which increases the danger of this technology.

Deep web: is any part of the World Wide Web not indexed by search engines. It is hidden from the general public

Doxxing: use of the internet to search and expose victims’ private information, such as address, cell phone and CPF, without prior authorization. Uses range from prank calls, death threats mentioning addresses, and even bombings.

F

Firewall: security system that monitors device network traffic and prevents unauthorized access, including viruses and hackers

H

Hacker: people with high level of technology skills. In digital security, it refers to programmers who break through system defense barriers. They are sometimes associated with illegal activities, but they can also do security tests to find vulnerabilities.

I

IoT (Internet of Things): iInternet of Things, in Portuguese translation. Universe of everyday devices connected to the internet that have a certain autonomy. The most common use of IoT is in the automation of smart home devices, such as thermostats, which automatically regulate the temperature of an environment.

L

GDPR: General Data Protection Law, in force since 2020, which places the citizen as the holder of their data. The standard imposes rules on the public and private sectors, which become responsible for the entire cycle of personal data in the organization: collection, treatment, storage and deletion. The law applies to online and offline media

M

Machine Learning: Machine learning, in Portuguese, is a method of artificial intelligence that allows software to learn and improve a practice independently. It is used in virtual assistants such as Siri (from iPhone) and Alexa (from Amazon), which are able to recognize voices and find information relevant to the user.

Malware: An umbrella term for software that has a malicious purpose, such as viruses, that threatens the security of a network or device. Malware can be used to steal information, damage equipment and apply financial scams

No

NFT: are illustrations, GIFs, animations, videos and music associated with blockchain technology and sold with a digital certificate of authenticity, the NFT. They make digital objects unique and are attracting attention for generating million-dollar deals

P

Pentests: also known as penetration testing, is a method that assesses the security of a computer system or a network. In the corporate environment, companies may be hired that try to invade their customers’ systems to identify possible vulnerabilities

Phishing: method that attempts to “fish” victims to click on links or download files with the aim of stealing sensitive data. Fake emails, with malicious links or files used in the action, are increasingly personalized. It is common for the hacker to study the characteristics of the company and the victim before acting

R

RaaS (Ransomware as a Service): selling or renting ransomware to criminals who want to apply financial scams but are not tech experts

Ransomware: attack in which criminals break into machines and encrypt files to hijack systems, which can disrupt the activities of a company or establishment. Hackers charge ransom to restore access. Payment is often required in cryptocurrencies

s

SIEM: acronym stands for Security Information and Event Management. It is the technology that analyzes the security of a system to improve its defense, which facilitates the early detection of threats and the solution of attacks.

Spam: unsolicited digital communication by the user, common in promotional emails. Does not necessarily contain malware

spear Phishing: variation of phishing, is a technique that tricks the user into sending fake messages that appear to be real. Spear phishing messages bring victim-specific information, which may include personal and financial data, to convince them to download malware-infected files

Spyware: spy file that gets installed on computer or mobile phone without user consent. The program monitors online activities, history and personal data to pass the information on to third parties.

T

Tor: acronym for The Onion Router. It refers both to software that accesses the dark web and to the method: a network of computers and routers around the world that is used as a path to access the network, which makes it difficult to unravel the user’s identity.

V

VPN: the acronym stands for Virtual Private Network, a private network created on top of a public network. It is an encrypted and more secure connection, in which the user’s location and online activities are hidden from potential intruders on the public network.

W

Worms: malicious software that does not need a third party program to propagate itself on a device. It is activated at computer startup

Z

Zero Day: security flaw that has not yet been discovered by the system’s developers. Occurs when hackers take advantage of the vulnerability to break into a device

Sources: Erick Formaggio, information security leader at Digital Business and director of Abradi-RS (Brazilian Association of Digital Agents) and Marcos Simplicio Jr, cybersecurity specialist at Escola Politécnica da USP (University of São Paulo).