Phishing, Whaling, Zero Days – What does it mean?
As new security issues are revealed they have new names and sometimes keeping up and understanding this is a challenge!
Here is SCC’s high level Jargon Buster to help you navigate the waters (plenty more fish references below). If you need specific help, contact [email protected].
- Definition: “criminal activities carried out by means of computers or the Internet”
- The generic term for internet based criminal activity and generally is a collective term for the elements used below
- Definition: “a type of malicious software designed to block access to a computer system until a sum of money is paid”
- This is typically where a vulnerability in existing software is exploited which denies organisations access to devices, systems and data and a ransom is demanded
- Typically the ransom is paid in cryptocurrencies such as BitCoin and doesn’t guarantee the release of the infected devices
- Definition: “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers”
- This is effectively a confidence trick, that utilises an existing relationship between an end user and an organisation to extract information that the user thinks is bona fide
- Definition: “the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information”
- This is a more recent approach that has yielded success which focusses on a subset of individuals that are more trusting. It is usually undertaken in phases where willing ‘clickers’ are syphoned out for the full attack
- Definition: “the fraudulent practice of sending emails ostensibly from a known or trusted internal manager in order to induce targeted individuals to reveal confidential information or transfer money”
- As a derivation of a big phish (sic), whaling is a practice where internal emails are sent from addresses purporting to be the CFO, CEO etc. to encourage employees to engage in schemes of sharing data or investing in company schemes
- Zero Days
- Definition: “malicious or vulnerable code included in a commercial off the shelf software application that can be exploited at a future date”
- Typically this is where ‘unknown unknowns’ are exploited to drive other cybercrime within an organisation using the affected software application
- Definition: “a virtual space in which new or untested software or coding can be run securely”
- The challenges with sandbox testing are often that under production systems the results of the test are quite different and can result in infections not picked up in a sandbox environment
How Can SCC Help?
SCC has a set of security based services to ensure you can prepare, plan and react to any security or cyber challenges that may be a risk to your business:
- Accredited and experienced advisory services across a number of security vendors such as Cisco and Fortinet as well as Symantec, Mimecast, McAfee and CheckPoint
- Multi-layered design approach considering security a whole for our customers taking into newer technologies such as Sandboxing
- Security solution based on business need considering both on premise and cloud subscription services to build Advanced Threat Protection and defence in depth into the security fabric
Contact SCC today [email protected]