Cutting through cyber security speak

During the Prime Minister and Defence Minister's media conference last week where they outlined the complex, persistent and malicious cyber attacks currently being undertaken on state and federal government, health, and corporate corporate entities they mentioned several terms that may be unfamiliar to some people.

To assist those who may now be more interested in cyber security, we thought we would go through some of these terms and provide common definitions:

Cybersecurity

The protection of information assets by addressing threats to information processed, stored, and transported by inter-networked information systems.

Cyberespionage

Activities conducted in the name of security, business, politics or technology to find information that ought to remain secret. It is not inherently military.

Cyberwarfare

Cyber-based activities supported by military organisations with the purpose to threaten the survival and well-being of society/foreign entities.

State Actor

State actors are governments or their agencies of foreign countries. They have sovereignty over their own territory and that sovereignty is recognised on the international stage by international organisations such as the United Nations.

Non-State Actor

Non-state actors include organisations and individuals that are not affiliated with, directed by, or funded directly by governments. These include corporations, private financial institutions, and NGOs, as well as paramilitary, terrorist and other armed groups.

Critical infrastructure

Systems whose incapacity or destruction would have a debilitating effect on the economic security of an enterprise, community or nation. Includes power stations, dams, sewerage and water, and main transport systems.

Malware

Short for malicious software. Designed to infiltrate, damage or obtain information from a computer system without the owner’s consent.

Social Engineering

An attack based on deceiving users or administrators at the target site into revealing confidential or sensitive information, or clicking on a malicious link.

Phishing Attack

This is a type of electronic mail (e-mail) attack that attempts to convince a user that the originator is genuine, but with the intention of obtaining information for use in social engineering.

Phishing attacks may take the form of masquerading as Australia Post or their bank; in either case, the intent is to obtain personal and sensitive information and data. Alternative attacks may seek to obtain apparently innocuous business information, which may be used in another form of active attack.

Spear Phishing Attack

An attack where social engineering techniques are used to masquerade as a trusted party to obtain important information such as passwords from a targeted victim.

Credential Harvesting

The use of compromised user credentials such as usernames and passwords to gain access to sensitive data.

Email Tracking Services

In this context, a service where attackers get a desktop notification the second a targeted user opens a phishing email and clicks a link inside.

We have also created a series of infographics regarding the current attacks. To view these and others in our protective security series, please click here