Zero day this, APT that, no I don’t want to go Phishing! It seems like there’s a new buzzword thrown out everyday in the security world and it’s a lot to digest for those who don’t eat, sleep, and breathe information security. Luckily for you, O’Mard Consulting Services, LLC is here to help! We’ll define several common security related words that you may have heard about in this weeks post.
Let’s start with phishing first because EVERY security awareness course covers the topic in some capacity and it’s one of the tactics that we’re most likely to see no matter what industry you work in. Phishing in short is the act of trying:
“to obtain financial or other confidential information from Internet users, typically by sending an email that looks as if it is from a legitimate organization, usually a financial institution, but contains a link to a fake website that replicates the real one”.
How many of use have received an email from a prince or princes located in a country far far away claiming that they can make you a millionaire. All you need to do is send them your banking info, deposit bitcoin into their account, or some other task devised to gather your personal information or have you send them money? Smells like a phish to me!
The next buzzword you probably heard about is malware. Malware, short for malicious software, is just that. This software has a nefarious purpose; to compromise your system by allowing an attacker to remotely access it, steal your credentials (all your passwords are belong to us (bonus points if you get that reference)), delete your files, etc…
To close this post out, we’re going to define a buzzword that you may have heard of but probably have no idea what it is. An Advanced Persistent Threat or APT.
“An Advanced Persistent Threat is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals.”
You’ll typically here about state sponsored groups such as APT-28 (Fancy Bear – Russia), APT-29 (Cozy Bear – Russia), or APT-32 (Ocean Lotus – Vietnam) in the news.
Information overload is real so we’ll keep it to three terms this week and many more at a later date. As always, feel free to contact us if you have and cyber security or technical questions!