Other LanguagesThe language used to describe data privacy and data breaches is nearly as complicated as the issues themselves. The glossary of general definitions below can help Washingtonians quickly understand some of the most common terms in this field.
Note that the definitions provided here are for general informational purposes and should not be considered legal definitions. Legal definitions and terms used in statute may vary from the terms and definitions here.
Advanced Persistent Threat (APT)
A prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period.
Adware
Software that automatically displays or downloads advertising material when a user is online.
App
Authentication
The process for an individual, application, or service to provide the credentials required to access digital systems.
Backdoor
A method of bypassing normal authentication in a computer system, often used to secure remote access to a computer or obtain access to unencrypted information while attempting to remain undetected.
Botnet
A network of private computers infected with malicious software and controlled as a group without the owners' knowledge, for example, to send spam messages.
Brute Force Attack
A method used to gain access to encrypted data by cycling through every possible combination of letters, numbers, and symbols that could comprise a password until the correct one is found.
Code Injection
The insertion of code into an application, changing the way it executes. Cyberattacks often use code injection to compromise the security of websites, applications and user devices. For example, injecting malicious code into an application that allows the attacker access to sensitive information.
Command and Control (C2 or C&C) Server
A server used by attackers to maintain communications with compromised systems within a target network, often to issue commands to malicious software and receive exfiltrated data.
Cookies (Browser Cookies)
Text files with small pieces of data – like a username and password – that a web server sends to a user's browser while they are visiting a website. Cookies are intended to streamline a user’s web experience by remembering information about their last session – like their login information, items they intended to buy, and language preferences. Websites benefit as well by collecting information about user behavior, allowing for tracking of user trends and targeted advertising.
Credentials
A set of unique identifiers – such as a username and password, facial recognition, or security question – that enables a user to verify their identity in order to log in to a device, application, or online account.
Credential Harvesting
The act of collecting credentials from unsuspecting users, often through phishing or fake login pages.
Credential Stuffing
A type of cyberattack where stolen account credentials, typically consisting of lists of usernames and/or email addresses and their corresponding passwords, are used to gain unauthorized access to user accounts through large-scale, automated login requests.
Cross-Site Scripting (XSS)
A security vulnerability where an attacker attaches malicious code onto a legitimate website that will execute when the victim loads the website. For example, loading a comprised webpage that executes a hidden script to copy and transmit the user’s cookies to a cybercriminal. Cybercriminals can then later use this data to impersonate the user on that website.
Cyberattack
An unauthorized attempt to access secured data, such as information stored on a server, using cyber technology. Common methods of cyberattacks include skimmers, spyware, phishing emails, and ransomware.
Cyber Hygiene
The practices and steps that users of computers and other devices take to maintain system health and improve online security.
Cyber Insurance
A type of insurance designed to help organizations recover from cyberattacks, including ransomware attacks. This can include coverage for ransom payments, data recovery, and business interruption.
Cybersquatting
The practice of registering, trafficking in, or using an internet domain name, with a bad faith intent to profit from the goodwill of a trademark belonging to someone else. (Also known as domain squatting.)
Data Breach
An incident where confidential, sensitive, or protected data is accessed, disclosed, or used by an unauthorized person or entity.
Data Broker
A company or individual that aggregates information about people, and then licenses that information to other businesses and organizations for a profit.
Data Exfiltration
The unauthorized transfer of data from a computer. This data theft is usually done over the internet or via email.
Data Leak
An event where sensitive data is accidentally or unintentionally exposed.
Data Masking
A technique used to protect sensitive data by making it difficult for unauthorized users to access or understand it. It involves changing the original values of data with realistic, fake versions that are still usable by authorized personnel.
Decryption Key
A piece of information or tool used to convert encrypted data back into its original form. Ransomware attackers often demand payment in exchange for a decryption key.
Denial of Service (DoS) Attack
An attack meant to shut down a machine or network by overwhelming the target with traffic, making it inaccessible to its intended users.
Distributed Denial of Service (DDoS) Attack
A type of Denial of Service attack where multiple compromised systems are used to target a single system causing a denial of service.
Double Extortion
A ransomware tactic where attackers not only encrypt the victim's data but also exfiltrate it, threatening to release the data publicly if the ransom is not paid.
Drive-by Download
Unintentional download of malicious code to a computer or mobile device, often without any action from the user to prompt it. Common examples include visiting infected websites, clicking on deceptive links (See: “Scareware”), or installing an otherwise legitimate piece of software that includes unwanted secondary applications that have been infected (also known as “bundleware”).
Eavesdropping Attack
Unauthorized interception of private communication, such as a phone call, instant message, videoconference, or email.
Encryption
The process of converting data into a coded form that can only be read by using the correct information to decode the data, called the decryption key.
Endpoint
Physical devices —such as mobile devices, desktop computers, and servers— that connect to and exchange information with a computer network.
Endpoint Detection and Response (EDR)
Security solutions focused on detecting, investigating, and mitigating suspicious activities and issues on endpoints (computers, mobile devices, etc.) within an organization.
Exploit Kit
A toolkit used to exploit security holes primarily to spread malicious software.
Firewall
A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
Incident Response Plan
A predefined set of instructions or procedures to detect, respond to, and limit the consequences of a cyberattack or data breach.
Initial Access Broker (IAB)
Cybercriminals who specialize in gaining initial access to networks and then sell this access to other cybercriminals, including ransomware operators.
Intrusion Detection System (IDS)
A device or software application that monitors a network or systems for malicious activity or policy violations.
Intrusion Prevention System (IPS)
A network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits.
Keylogging
The action of recording (logging) the keys struck on a keyboard, typically in a covert manner, so that the person using the keyboard is unaware that their actions are being monitored.
Logic Bomb
Code inserted into a software system that will set off a malicious function when specified conditions are met.
Lockscreen Ransomware
A type of ransomware that locks the screen of the infected device, preventing access to the system until the ransom is paid.
Malware (Malicious Software)
Malicious software designed to disrupt, damage, or gain unauthorized access to computer systems. Types include viruses, trojan horses, ransomware, and spyware.
Man-in-the-Middle (MitM) Attack
An attack where the attacker secretly intercepts and relays messages between two parties who believe they are directly communicating with each other.
Network
A communication infrastructure comprised of various devices (See: "Endpoint") that can exchange data and share information with each other.
Patch
A software update comprised of code inserted or “patched” into the code of an executable program. Patches are often temporary fixes between full releases of a software package.
Payload
The component of malicious software that performs the malicious action, such as encrypting the victim's files.
Personally Identifiable Information (PII)
Information that can be used on its own or with other information to identify, contact, or locate a single person. Examples include names, social security numbers, and email addresses.
Phishing
A method of attempting to acquire sensitive information such as usernames, passwords, and credit card details by imitating a trustworthy entity in electronic communications, such as email or text message.
Personal Health Information (PHI)
Any information in a medical record that can be used to identify an individual that was created, used, or disclosed in the course of providing health care services.
Ransomware
A type of malicious software that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment.
Ransom Note
A message left by the attackers that informs the victim of the ransomware attack and provides instructions on how to pay the ransom to get the decryption key.
Ransomware-as-a-Service (RaaS)
A business model where cybercriminals sell or lease ransomware tools to other attackers, who then conduct the attacks. The creators of the ransomware typically take a cut of the profits.
Rogue Software
Malicious software that masquerades as legitimate and necessary security software.
Rootkit
Scareware
A type of malicious software designed to induce users into visiting an infected website or downloading infected software by instilling fear or panic. Common examples include pop-ups that claim your device is infected with a virus and providing a link to a compromised website or app to “fix” the problem.
Security Evasion
Techniques used by malicious software to avoid detection by antivirus and other security solutions.
Session Hijacking
Exploiting a valid computer session to gain unauthorized access to information or services in a computer system.
Skimmers
A card reader attached to payment terminals, such as those at an ATM or gas station, which collects data on cards inserted into the terminal. Often, cybercriminals will use the skimmer in conjunction with a device to record PIN information, such as a fake PIN pad or hidden camera.
Social Engineering
The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
Software (Application Software)
A computer program designed to carry out a specific task other than one relating to the operation of the computer itself, typically to be used by end users. Also known as an “App.”
Spoofing
A technique used to gain unauthorized access to computers by tricking the system to accept a false identity.
Spyware
Software that enables a user to obtain information about another user's computer activities by transmitting data from their hard drive without detection.
Structured Query Language (SQL)
SQL (pronounced “sequel”) is a standardized programming language that is used to manage relational databases —a type of database that organizes data into rows and columns, which collectively form a table— and perform various operations on the data in them.
SQL Injection (SQLi)
A type of code injection attack that uses Structured Query Language code to infect, extract, manipulate, or destroy the data inside of a database.
Tokenization
A form of encryption that converts sensitive data elements into non-sensitive, replacement values, called "tokens", that are the same length and format as the original data. This stands in contrast to other encryption methods that encode human-readable data into incomprehensible text that can only be decoded with the right decryption key.
Trojan Horse
A type of malicious software disguised as legitimate software.
Two-Factor Authentication (2FA)
An extra layer of security used to ensure that people trying to gain access to an online account are who they say they are. First, the user enters their username and a password. Then, they are required to provide another piece of information, such as a code sent to the phone number they provided when they created the account.
Typosquatting
A form of cybersquatting that relies on typographical errors made by users when inputting a website address into a web browser. Also called URL hijacking, a sting site, a cousin domain, or a fake URL.
Vulnerability
A weakness in a system or software that can be exploited by cyberattacks to gain unauthorized access to data or disrupt operations.
Watering Hole Attack
A security exploit in which a cybercriminal targets a specific individual or group of individuals by determining which websites they often use and infecting those sites with targeted malware. For example, a cybercriminal determines their target loves sports, and proceeds to install malware on several legitimate ticket re-sale websites in hopes of infecting their computer.
Whaling
A specific type of phishing attack that targets high-profile individuals such as senior executives or other high-ranking members of an organization.
Wiper Malware
Malicious software that aims to destroy or overwrite data on the victim's system, often disguised as ransomware but with no intention of providing a decryption key even if the ransom is paid.
Zero-Day Exploit
A cyberattack that occurs on the same day a weakness is discovered in software, before the software developer has a chance to fix it.