From honeypots and logic bombs to vishing and social engineering, the cyber world is filled with often puzzling jargon. In this article, we demystify a few key cyber terms that should be on every business’s radar.
A botnet is a network of computers that have been hijacked by cyber-attackers without the knowledge of the original user.
In 2016, a group of university students created a botnet that went on to infect more than 600,000 devices and disrupt internet access for almost the entire US east coast.[1]
Endpoint detection and response (EDR) platforms are a type of cyber protection that continuously analyses your company’s endpoints (physical devices like mobile phones, desktop computers, etc, that connect to a network) for cyber threats before responding. They’re an important element in any company’s cybersecurity strategy.
A first party loss is an insurance term that refers to any loss incurred by the victim of a cyber-attack, e.g. lost revenue, fines, disrupted business continuity. Cyber-attacks can and do result in devastating losses to business, not just in terms of direct monetary value, but also in the way of loss of customer trust and reputational damage.
In the cyber world, a honeypot is a virtual trap used to lure in cyber-attackers who believe they are targeting a real company or individual. Honeypots are highly useful tools for cyber-defence strategists to learn about the methods threat actors are using to further their agenda so they can adapt their cyber defence strategies.
A logic bomb is a malicious programme typically transmitted in an email that only ‘detonates’ once certain conditions have been met, e.g., once a certain time or date has been reached.
In 2006, a disgruntled systems administrator used a logic bomb against his own company. Unhappy with his bonus, Roger Duronio planned to tank the company’s stock value by disrupting company servers and leaving traders unable to trade. While the logic bomb detonated on the date Duronio had set, it failed to have the intended effect and Duronio was sentenced to eight years in prison and ordered to pay over $3million USD.[2]
A newer social engineering tactic involving QR code manipulation, or a false QR code, to direct a person to a malicious or false site, generally set up to capture personal information, card payment details or log on credentials or to force download of a malware program or virus.
Email filters can miss Quishing attempts as when sent within an email, a QR code is a plain image file with no attached URL for automatic scanning.
This is more often seen in the real world, in places such as car parks, where it is normal for a QR code to be advertised to take users to a payment site.
A rootkit is a kind of malware that a threat actor uses to gain control over a computer system. Their flexibility means that they’re used by amateur cyber-attackers as well as far more experienced criminals.
In 2012, a highly sophisticated rootkit called Flame was discovered by Kaspersky Labs. The rootkit was being used against many Middle Eastern countries to not only covertly steal data but also take screenshots, record audio, and amend the host’s antivirus software to prevent the rootkit from being detected.[3]
Social engineering is a broad term that describes any cyber activity that deceives someone into divulging sensitive information. Phishing and vishing are both forms of social engineering.
While some people think that social engineering attacks only impact those who are less tech-savvy, the truth is that anyone can be a victim. In fact, the biggest social engineering attack of all time was carried out on Google and Facebook, after a team of Lithuanian criminals set up a fake company and fake bank accounts. In two years, they scammed the corporate giants out of over $100million USD.[4]
You’ll have heard of cases of telephone calls where victims were scammed by someone pretending to be from a legitimate source. This is called vishing, or ‘voice phishing’, and while these incidents are typically associated with the less tech-savvy, no individual or company is completely invulnerable.
In 2021, a vishing scam targeting a large tech company successfully managed to defraud the company out of £80,000 in cryptocurrency,[5] showing that anyone – even the supposed experts – can be a victim.
A zero-day vulnerability is a flaw or weakness in a computer’s system that the vendors are aware of but haven’t yet rectified; the vendor has therefore had ‘zero days’ to prepare a response. Companies rely on a number of tech packages to do business and keep their processes running smoothly, and rarely spare a thought for the vulnerable position they’d be in if these platforms suffered a fault, particularly if the fault compromised their security.
The truth is that there’s no such thing as being completely invulnerable to a cyber-attack. In the modern world, the cyber threat landscape is always changing, and that means that there are always new threats and strategies that your business needs to stay ahead of.
That’s where cyber protection comes in. In the event of a cyber-attack, cyber protection can help your organisation to rebound and recover so that you can get back to business as usual, as quickly as possible.
If you have any questions about protecting your business against a cyber-attack, please contact the cyber liability insurance team who will be happy to help.
[1] White Ops | 9 of History's Notable Botnet Attacks (humansecurity.com)
[2] What is a Logic Bomb? Examples & Prevention | Avast
[3] 6 Types of Rootkit Threats & How to Detect Them (+ Examples) (esecurityplanet.com)
[4] 15 Examples of Real Social Engineering Attacks - Updated 2023 (tessian.com)
Date: March 20, 2024
Category: Small Business