Before getting into the very in-depth of every concept, it is recommended to clear the concepts and terminologies related to cybersecurity and cybercrime. It is because each of the terms has a particular meaning and is used in different scenarios in this field of security. In this chapter, you will learn about the different terminologies used in the field of computer and information security.
This is a case when an external agent tries to take legitimate access to any system, computer, network, server, website, server-room, sensitive data, or someone else's account. Cybercriminals gain unauthorized access by cracking passwords by different means, stealing sensitive personal data, or by social engineering and other approaches.
Access Control is a mechanism of controlling who has the proper access to any system or computer or server or online services where the information is stored. It is a fundamental concept that regulates and then minimizes the risk of any business or organization.
A threat can be defined as the possible danger that might cause the exploitation of any bug or vulnerability for breaching security, which then causes possible harm to any institute, organization, or firm. These threats are found by cybercriminals to steal, annoy, or harm the resources.
Backdoor is used by cybercriminals to gain illegal access to the target system. It is used to secretly bypass standard authentication or encryption in a system's security mechanism. Hackers covertly embed these backdoor programs with legitimate files or keep these backdoors after they came out of the system, which they have hacked for gaining access in the future. Backdoors are also known as trapdoors.
The vulnerability can be defined as the flaw or weakness in the design or development of any system. It is an error in any component of cyberspace that can lead to an unexpected or unwanted breach in security systems.
Zero-day Attack is a type that is not known to the creator, developer, or vendor of the system, and cybercriminals exploit the vulnerability to gain illegitimate access to any system, network, or server. There are no known security patches or fixes in such types of attacks because the developers are unaware of this vulnerability.
Social Engineering is a technique of stealing sensitive data from a target victim in different ways, such as physical accessing of data or psychologically manipulate in combination with social scenarios. Examples of social engineering are shoulder surfing, phishing, tailgating, dumpster diving, etc.
Command and Control Servers
Command, and Control Servers are also termed as C&C servers, which are machines used by attackers for communicating with a botnet where they can control and compromise systems within the network.
Content Spoofing is another popular technique used by cybercriminals to perform attacks by tricking the target victim(s) with interest to visit any fraudulent or malicious site which looks like a legitimate one.
Identity Theft is the scenario when the attacker gains every personal detail about the target user and uses that personal information to impersonate the target user. Data attackers take credit card information, bank account details, transaction details, ID and passwords, victim's address, and phone number.