A botnet is created when a series of internet-connected devices such as computers, smartphones, and Internet of Things (IoT) devices are running one or more bots. These botnets are controlled by a third party, usually without the knowledge of the owner of the device. Botnets can be used to perform cyberattacks such as Distributed Denial-of-Service (DDoS) and they can steal data, send spam, by allowing the attacker to access the device and its connection. The attacker usually controls the botnet using command and control (C&C) software. It is common for owners of botnets to rent them out to other cybercriminals for nefarious purposes.
A data breach happens when cyber criminals attack a network that holds sensitive data in order to disclose that data or use it for a criminal act. It usually involves obtaining sensitive, confidential, or otherwise protected data such as personal health information (PHI), personally identifiable information (PII), trade secrets, or other confidential information.
Clickjacking happens when an attacker tricks a user into clicking on something different than what they see, which can potentially reveal confidential information or allow others to take control of their computer. The user thinks they are clicking on seemingly harmless objects, such as web pages or memes.
A computer virus is a type of computer program that works similarly to a biological virus. Once it is introduced to the computer, it replicates itself by modifying other computer programs and inserting its own code. If this replication succeeds, the affected areas are then said to be infected with a virus. Computer viruses require a host program where the virus can write its own code. When the program runs, the virus program is executed first which causes more “infection” and damage to the computer. Also known as Malware, computer viruses cost billions of dollars in lost productivity, hardware, software, and lawsuits every year.
A computer worm is a standalone computer virus that replicates itself in order to spread to other computers on a network. It relies on security failures on the target computer to access it. It will use this machine as a host to scan and infect other computers. When these new worm-invaded computers are used, the worm will continue to scan and infect other computers using these other computers as hosts, and so on. Computer worms use recursive methods to copy themselves without relying on host programs and get distributed exponentially. The difference between computer worms and computer viruses is that worms almost always cause at least some harm to the network, even if only by consuming bandwidth, but viruses almost always corrupt or modify files on a targeted computer.
DDoS stands for Distributed Denial of Service attacks. This happens when a botnet–thousands of infected internet devices such as computers and smartphones–targets a set of services or websites. These bots request the service thousands of times a second without waiting for a response and overwhelm the server hosting the service. Legitimate traffic can’t reach the service similar to having a bunch of fake customers blocking the entrance to a shop.
A man-in-the-middle attack is where a third party is able to capture data that is not meant to be shared. This can be done by using a pineapple device–a portable device that allows cybercriminals to steal data shared on public Wi-Fi networks–to capture wireless packets, network taps that see all traffic, or an email compromise where the hacker watches or forwards the email to an external address.
Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a user into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware. Phishing schemes usually use email and disguise themselves as someone the user may know or a service they use.
Ransomware is a piece of malware that locks down computer files by encrypting–digitally shredding them into billions of little pieces–and the user cannot access them without a digital key to unencrypt the files. The hacker holds this key in exchange for a ransom. The attacker will threaten the victim to pay the ransom or lose all the files forever. They also usually comb through your files for private information and post it online in a hacker network known as the dark web where hackers worldwide can exploit your personal information. Most often, even if the user pays the ransom, the files end up getting posted on the dark web anyway.
A rootkit is a collection of malicious computer software that is designed to enable access to a computer or specific software that is usually password protected. Rootkits often mask its existence or the existence of other software in order to remain undetected.
When passwords started showing up on the dark web a user’s password to a certain site would be included to prove that the hacker had compromised the account. It gave credibility to the person sending the email since it was a password that was used for that site (hopefully it was changed). With the added credibility it caused more scare but in actuality, it wasn’t true. This is also the reason you shouldn’t use the same password at multiple sites.
Spyware is a way to collect data without a user knowing about it. This could be a physical keystroke logger or piece of software that captures everything going to and from your clipboard. When you do a copy and paste of that password/username/website it gets logged and may be getting sent to a remote server where attackers can use the information to gather personal data, steal banking information, or anything else you do.
A Trojan Horse is a type of malware that infects a computer disguised as a legitimate program. It is called a Trojan horse due to its delivery method. An attacker uses social engineering to hide malicious code within legitimate software. However, unlike computer viruses or worms, a Trojan does not self-replicate, so it needs to be installed by a valid user.