Glossary

In general, the account takeover definition is the success of a malicious third-party attacker gaining access to a user’s account via stolen credentials for the purpose of fraud. This happens when a bad actor acquires another person’s login credentials, most often by leveraging reused or similar passwords from previously breached sites, and gains access to existing accounts.

A botnet attack leverages a network of infected devices, also known as bots, that are used to perform malicious activity. A botnet attack is typically carried out by a lone attacker controlling the computers (bots), often up to millions of bots.

A credential stuffing attack occurs when a threat actor uses stolen credentials (username and password) from one website to gain access to other sites to attempt an account takeover. These attacks often occur long after a data breach, when older stolen credentials have been packaged for sale and traded on the dark web.

Cyber threat intelligence, sometimes referred to as CTI, is used to enhance an organization's security posture by informing decision-makers about emerging threats and vulnerabilities.

The dark web is a hidden section of the web that is only accessible using specialized software like Tor or I2P, which allows users to browse anonymously, hiding their IP addresses and other identifying information. The dark web is known for hosting illegal trade, though it also serves as a platform for privacy-focused individuals and groups.

A DDoS attack is a malicious attempt to disrupt the normal functioning of a targeted server, network, or service by overwhelming it with a flood of internet traffic from multiple sources.

A deepfake is a synthetic media, typically a video or audio recording, in which a person's likeness or voice is replaced with someone else's through the use of artificial intelligence (AI) or deep learning which is a type of machine learning.

Infostealers are a type of malware designed to infiltrate computer systems to steal information. They exfiltrate various data, including login credentials, session cookies, financial info, and personally identifiable information, sending it to a remote server controlled by cybercriminals.

An insider threat is a security risk that originates from within an organization. It typically involves employees, contractors, business partners, or other individuals who have inside information concerning the organization's security practices, data, and computer systems. These threats can be malicious or unintentional.

Leaked credentials refer to the unauthorized dissemination and exposure of personal or organizational login information, including usernames, passwords, and other authentication details. These credentials can come from various accounts, such as email, social media, banking, or corporate networks.

When it comes to a malware definition, these days malware isn’t just one thing. Broadly, speaking, malware is malicious software that can steal information, damage files and networks, or gain unauthorized access to organizations.

MTTR stands for Mean Time to Remediate. It is an incident metric that quantifies the average time required to repair a failed component (system, product, service, or application). MTTR can also stand for Mean Time to Respond, Mean Time to Recover, or Mean Time to Resolution.

OSINT is the collection and analysis of publicly available information from various sources like websites, social media, public records, and more. It is used to gather intelligence for security assessments, threat analysis, and other purposes without the need for intrusive methods. OSINT is typically gathered to answer a specific intelligence question.

Passkeys are a passwordless authentication method designed to solve issues with current methods like passwords. A passkey is a digital credential that is uniquely tied to a website or application, enabling authentication without the need for a username, password, or even additional authentication factor.

Passwordless authentication is a security method that allows users to log in to systems, applications, or data without entering a traditional password. It enhances user experience and security by utilizing alternative means of verification, such as biometrics, tokens, or passkeys, eliminating the need for users to remember and enter a password.

Phishing is a social engineering attack where cybercriminals pose as trustworthy individuals or entities to deceive victims into providing sensitive information, like usernames, passwords, credit card numbers, or other personal details.

Ransomware is malicious software designed to block access to a computer system or files until a sum of money is paid. It encrypts the victim's files, making them inaccessible, and threat actors can then demand a ransom for the decryption keys.

Session hijacking is a cyberattack where an unauthorized user leverages stolen session cookies to take control over an established user session, gaining unauthorized access to a protected system or web application. This allows the attacker to impersonate the victim and perform actions on their behalf, potentially leading to data theft, fraudulent transactions, or unauthorized access to sensitive information.

A threat actor is an individual or group that exploits vulnerabilities or uses deceptive tactics to harm digital devices, systems, or networks. Threat actors execute cyberattacks, such as phishing, malware attacks, and ransomware.