Phishing, Whaling, Zero Days – What does it mean?

27.07.2017

As new security issues are revealed they have new names and sometimes keeping up and understanding this is a challenge!

Here is SCC’s high level Jargon Buster to help you navigate the waters (plenty more fish references below).  If you need specific help, contact [email protected].

Jargon Buster

  • Cybercrime:
    • Definition: “criminal activities carried out by means of computers or the Internet”
    • The generic term for internet based criminal activity and generally is a collective term for the elements used below
  • Ransomware:
    • Definition: “a type of malicious software designed to block access to a computer system until a sum of money is paid”
    • This is typically where a vulnerability in existing software is exploited which denies organisations access to devices, systems and data and a ransom is demanded
    • Typically the ransom is paid in cryptocurrencies such as BitCoin and doesn’t guarantee the release of the infected devices
  • Phishing:
    • Definition: “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers”
    • This is effectively a confidence trick, that utilises an existing relationship between an end user and an organisation to extract information that the user thinks is bona fide
  • Spear-phishing:
    • Definition: “the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information”
    • This is a more recent approach that has yielded success which focusses on a subset of individuals that are more trusting. It is usually undertaken in phases where willing ‘clickers’ are syphoned out for the full attack
  • Whaling:
    • Definition: “the fraudulent practice of sending emails ostensibly from a known or trusted internal manager in order to induce targeted individuals to reveal confidential information or transfer money”
    • As a derivation of a big phish (sic), whaling is a practice where internal emails are sent from addresses purporting to be the CFO, CEO etc. to encourage employees to engage in schemes of sharing data or investing in company schemes
  • Zero Days
    • Definition: “malicious or vulnerable code included in a commercial off the shelf software application that can be exploited at a future date”
    • Typically this is where ‘unknown unknowns’ are exploited to drive other cybercrime within an organisation using the affected software application
  • Sandbox:
    • Definition: “a virtual space in which new or untested software or coding can be run securely”
    • The challenges with sandbox testing are often that under production systems the results of the test are quite different and can result in infections not picked up in a sandbox environment

How Can SCC Help?

SCC has a set of security based services to ensure you can prepare, plan and react to any security or cyber challenges that may be a risk to your business:

  • Accredited and experienced advisory services across a number of security vendors such as Cisco and Fortinet as well as Symantec, Mimecast, McAfee and CheckPoint
  • Multi-layered design approach considering security a whole for our customers taking into newer technologies such as Sandboxing
  • Security solution based on business need considering both on premise and cloud subscription services to build Advanced Threat Protection and defence in depth into the security fabric

Contact SCC today [email protected]

CONTACT US
Scroll to Top