Executive Summary
- As the second part of our IT support glossary focused on cyber security, in this article we’ll share even more essentials terms and technical jargon – then give you the plain English explanation.
- In this edition of the glossary, you’ll learn about new cyber security terms including data mining, clickjacking, keylogging, and a lot more.
Introduction
If you’ve explored the Get Support blog in any depth – or you’re familiar with our company in general – you’ll know we like to put things in plain English.
When it comes to IT support, some of the terminology and technical jargon you encounter couldn’t be much further from plain English, which is why we created our IT support glossary.
In this, the second part of our glossary focused on essential cyber security terms, we’ll be defining even more cyber security jargon – including clickjacking, keylogging, and more.
So, without further ado, let’s begin.
Brute force attack
As unpleasant as it sounds, a brute force attack in the context of IT support and cyber security is almost exactly what it sounds like. Rather than using some sophisticated or advanced vector of attack, such as complex malware, a brute force attack instead relies on constant, repetitive, breach attempts by the attacker.
For example, if an attacker wanted to access an online account but only had the username or email address, they would simply keep trying different passwords until they hit upon the right one. Of course, doing this can take some serious hardware, especially now that keys are most commonly 128- or 256-bit – meaning they take much longer to guess.
In addition, most online systems now include a lockout of some sort when a certain number of login attempts have been made, making brute force attacks less common than a couple of decades ago.
Clickjacking
Have you ever been trying to download a file online when you’re confronted with multiple ‘download’ buttons? Or perhaps you clicked a link that you thought led to one site when in fact it led to another?
Both of these scenarios are examples of clickjacking.
Clickjacking occurs when an attacker either obfuscates a link, perhaps by placing a transparent overlay atop a genuine website, or simply presents a user with an entirely fake link – like ads with a flashing ‘download’ button.
Data mining
The concept of data mining is certainly not exclusive to the realm of cyber security. In fact, it’s used in industries across the globe as a tool for identifying trends and spotting either opportunities or threats.
In the context of cyber security, data mining isn’t something an average SME would do by themselves, but they could benefit from it at scale if they’re using a platform such as an Endpoint Detection and Response (EDR) system. In these systems, huge data sets are analysed using data mining techniques to assess the patterns which may hint at a potential cyber security breach. These patterns are then used as a marker which, when spotted early, could actually stop a cyber attack before it happens.
Drive-by downloading
The name may sound like something out of a gangland movie, but there’s nothing entertaining about drive-by download attacks.
As the name suggests, a drive-by download occurs when a user unwittingly accepts a file containing malicious code onto their device, where it may install a virus or other forms of malware as part of a cyber attack. Drive-by downloads can occur when visiting a website, opening an email attachment, or clicking a link of any kind (e.g. in a pop-up window).
There are two types of drive-by download attacks: authorized and unauthorized. The authorized attack is actually more common, because it relies on social engineering to trick a user into downloading something. For an unauthorized attack, whereby a file is forcibly downloaded, the mechanics are somewhat more complex, making these attacks more rare – but no less dangerous.
Keylogging
Keylogging, also known as keystroke logging, isn’t a form of cyber attack in itself, but rather a covert action used as part of an attack. Keyloggers are commonly used by cyber attackers to capture passwords, financial data, and other exploitable personal information.
Once a device with a keyboard (e.g. a laptop or a desktop computer) has been infected with malware which employs keylogging, every time that keyboard is used, the specific keys and sequence are logged and, in many cases, sent to the attacker. Most keyloggers are software-based, though some can be installed at the hardware level within the keyboard itself.
It’s worth noting here that not all keyloggers are a cyber security risk. Some can be used by organisations to track their user base, while others may be used to study human typing or the way people interact with computers – as in the case of Microsoft’s Windows 10.
Packet sniffing
What’s that smell?
Well, if you can get past the unusual imagery in the name, you’ll find that packet sniffing is actually a very common practice in the realm of IT support.
Packet sniffing refers to the practice of monitoring all of the data (referred to as ‘packets’ of data) flowing in and out of a network in order to sniff out and detect potential malicious breach attempts. So, similarly to data mining, packet sniffing isn’t a cyber security risk in itself, but rather a preventative measure which an IT support team may choose to put in place to ensure traffic flowing in (and out) of the organisation is all legitimate.
Need a reliable IT support partner for your SME?
There’s no question that cyber security attacks are on the rise, with over 5 billion records breached in 2021 alone.
If you don’t want your business to become part of the statistics, it’s essential that you partner with an IT support provider who can deliver reliable, consistent, cyber security protection across the board. That’s Get Support.
To learn more about our IT support agreements, and how we can boost your company’s cyber defence, just call us on 01865 594 000 or fill in the form at the bottom of this page.
