By Troy Ford | Last Upload on June 2nd 2022 | Home → Protection → The Complete List of Cybersecurity Terminology
If you are a cybersecurity professional, or just starting to get interested in the field, this cybersecurity acronym list is a perfect tool for everyone in the information security industry!
Cybersecurity acronyms can be confusing, especially with some acronyms having dual meanings – think IP address and IP for Intellectual Property – and some acronyms having very slight differences.
Here, we will look at some of the most used cybersecurity acronyms and what they mean.
Quick Overview
- Common Cybersecurity Attacks
- Malware
- Password Attacks
- Physical Attacks
- Adversarial Artificial Intelligence
Common Cybersecurity Attacks
Phishing: Phishing is a type of social engineering attack in which an attacker attempts to trick the victim into giving up sensitive information, such as login credentials via email.
Smishing: Smishing is a type of phishing attack that uses text messages instead of email.
Vishing: Vishing is a type of phishing attack that uses voice calls or VoIP instead of email.
Spam: Spam is unsolicited email, typically sent in bulk.
Spam over instant messaging (SPIM): SPIM is unsolicited instant messages, typically sent in bulk.
Spear phishing: Spear phishing is a type of email phishing attack that is targeted at a specific individual or organization.
Dumpster diving: Dumpster diving is the act of looking through trash for sensitive information that has been discarded.
Shoulder surfing: Shoulder surfing is the act of looking over someone’s shoulder to see what they are doing, such as watching them enter a password.
Social engineering: Social engineering is the act of manipulating people into performing actions or divulging confidential trade secrets.
Tailgating: Tailgating is the act of following someone into a secured area without proper authorization.
Eliciting information: Eliciting information is the act of trying to get someone to unknowingly reveal sensitive information.
Whaling: Whaling is a type of spear phishing attack that is targeted at high-profile individuals, such as executives or celebrities.
Prepending: Prepending is the act of adding fraudulent email addresses to a mailing list.
Identity fraud: Identity fraud is the act of using someone else’s personal information, such as their name or Social Security number, without their permission.
Invoice scams: Invoice scams are a type of business email compromise (BEC) in which attackers send invoices that appear to be from a legitimate vendor.
Credential harvesting: Credential harvesting is the act of stealing login credentials, such as username and password, by masquerading as a trusted entity.
Reconnaissance: Reconnaissance is the act of gathering information about a target in preparation for an attack.
Hoax: A hoax is a false claim or story that is spread for the purpose of causing confusion or panic.
Watering hole attack: A watering hole attack is a type of cyber-attack in which attackers compromise a website that is frequented by their target.
Typosquatting: Typo squatting is the act of registering a domain name that is like a popular website, in the hope of getting visitors who mistype the URL.
Impersonation: Impersonation is the act of pretending to be someone else, usually for malicious purposes.
Pretexting: Pretexting is the act of creating a false story or scenario in order to obtain someone’s personal information.
Influence campaigns: An influence campaign is a type of information warfare in which an attacker attempts to spread disinformation in order to sway public opinion.
Hybrid warfare: Hybrid warfare is a type of warfare that combines conventional warfare with cyber-attacks, economic sanction, and propaganda.
Principles (reasons for effectiveness)
- Authority
- Intimidation
- Consensus
- Scarcity
- Familiarity
- Trust
- Urgency
Malware
Ransomware is a type of malware that encrypts a victim’s files and demands a ransom be paid in order to decrypt them.
Trojans are a type of malware that are disguised as legitimate programs but are actually malicious.
Viruses are a type of malware that insert themselves into programs and files in order to replicate and spread.
Worms are a type of malware that are designed to spread themselves by exploiting vulnerabilities.
Spyware is a type of malware that collects information about a victim without their knowledge or consent.
– Adware is a type of malware that displays advertisements without the user’s consent.
Potentially unwanted programs (PUPs) are programs that may be unwanted or dangerous.
Keyloggers are a type of malware that record everything the victim types, including passwords and sensitive information.
Fileless virus: A fileless virus is a type of malware that exists only in memory and does not write itself to disk.
Polymorphic virus: A polymorphic virus is a type of malware that can change its appearance to avoid detection.
Metamorphic virus: A metamorphic virus is a type of malware that can completely change its code to avoid detection.
Crypto malware is a type of malware that uses encryption to hide its malicious payload.
Logic bombs are a type of malware that is triggered by a specific event, such as a certain date or time.
Spyware is a type of malware that collects information about a victim without their knowledge or consent.
Keyloggers are a type of malware that record everything the victim types, including passwords and credit card numbers.
Remote access Trojan (RAT) are a type of malware that gives an attacker the ability to control a victim’s computer remotely.
Rootkits are a type of malware that are designed to hide the presence of other malware.
Botnets are a network of infected computers that are under the control of an attacker.
Backdoor is a type of malware that gives an attacker unauthorized access to a computer.
Zero-day exploit is an attack that takes advantage of a previously unknown vulnerability.
Heuristic is a method of detection that looks for signs or patterns that are associated with malware.
Password Attacks
Spraying : Password spraying is a type of attack in which an attacker tries a large number of common passwords against a list of user accounts.
Dictionary attack: A dictionary attack is a type of password attack that uses a list of words as passwords.
Brute force attack: A brute force attack is a type of password attack that tries every possible combination of characters.
Credential stuffing: Credential stuffing is a type of attack in which an attacker tries a large number of stolen username and password combinations to gain access to accounts.
Rainbow table is a list of pre-computed hashes that can be used to crack passwords.
Physical Attacks
Malicious Universal Serial Bus (USB) cable attack: A malicious USB cable attack is a type of physical attack in which an attacker plugs a USB device into a victim’s computer to gain access to their data.
Portable media attack: A portable media attack is a type of physical attack in which an attacker uses a USB drive or other removable media to gain access to a victim’s data.
Malicious flash drive: A malicious flash drive is a type of USB device that contains malware.
Eavesdropping: Eavesdropping is a type of attack in which an attacker listens to a victim’s conversation in order to gain information.
Card cloning: Card cloning is a type of attack in which an attacker copies the information from a victim’s credit card.
Dumpster diving: Dumpster diving is a type of attack in which an attacker looks through a victim’s trash in order to find information.
Shoulder surfing: Shoulder surfing is a type of attack
Skimming: Skimming is a type of attack in which an attacker copies the information from a victim’s credit card.
Tailgating: Tailgating is a type of physical attack in which an attacker follows a victim into a secure area.
Adversarial Artificial Intelligence
(AI) : Adversarial artificial intelligence is a type of AI that is used to create and detect attacks.
Machine learning (ML) models : Tainted training data is a type of data that is used to train machine learning models that contains inaccuracies or errors.
Security of machine learning algorithms: The security of machine learning algorithms is the study of attacks and defenses against machine learning models.
Supply-chain attacks: Supply-chain attacks are a type of attack in which an attacker targets a company’s suppliers in order to gain access to their data.
Cloud-based vs. on-premises attacks: Cloud-based attacks are a type of attack that targets cloud-based systems, while on-premises attacks are a type of attack that targets on-premises systems.
Insider threats: Insider threats are a type of attack that is carried out by someone who has legitimate access to a system.
Cryptographic attacks: Cryptographic attacks are a type of attack that targets cryptographic algorithms or systems.
Birthday is a type of attack that uses the birthday paradox to find collisions in cryptographic hash functions.
Collision is a type of attack that uses two different inputs that produce the same output.
Downgrade attack is a type of attack in which an attacker forces a victim to use an older, less secure version of a protocol.
Preimage is a type of attack that uses a known input to find a corresponding output.
The second preimage is a type of attack that uses a known output to find a corresponding input.
Privilege escalation attacks: Privilege escalation attacks are a type of attack in which an attacker gains access to a system with more privileges than they should have.
Cross-site scripting (XSS) attacks: Cross-site scripting attacks are a type of attack that injects malicious code into a web page.
Malicious Injections: Injections are a type of attack in which an attacker injects malicious code into a system.
SQL injections: SQL injections are a type of attack in which an attacker injects malicious code into a database.
Structured query language (SQL): SQL is a type of programming language that is used to interact with databases.
Dynamic-link library (DLL) injections: DLL injections are a type of attack in which an attacker injects malicious code into a DLL.
Lightweight Directory Access Protocol (LDAP) injections: LDAP injections are a type of attack in which an attacker injects malicious code into an LDAP server.
Extensible Markup Language (XML)- based injections: XML-based injections are a type of attack in which an attacker injects malicious code into an XML file.
Pointer/object dereference is a type of attack in which an attacker gains access to a system by dereferencing a pointer or object like an array index.
Directory traversal is a type of attack in which an attacker gains access to a system by traversing the directory structure.
Buffer overflows is a type of attack in which an attacker sends more data to a system than it can handle, causing the system to crash.
Hello Robot
Sign up for the mailing list to get the latest updates on Hacker Songs and Focus Playlists!