Cyber Threat Landscape
Jargon Buster
A useful guide to the key threats
Cyber Threat Landscape Jargon Buster
Your business faces many cyber security threats and the multitude of technical terms used to describe them can be bewildering.
Here is a useful guide to the key threats you should be aware of:
A threat actor is either a person or a group of people that take part in an action that is intended to cause harm to computers, devices, systems, or networks.
A guide to the key threats you should be aware of:
The central credential database within a Microsoft network. The active directory controls the access permissions within an environment using rules stored in the form of ‘Policies’. The active directory is stored on domain controllers and/or in Azure portal.
Application Programable Interface. Connects data stores together for autonomous or programmatic access. Most mobile phone applications connect to data stores via an API. Theft and misconfiguration through APIs has increased significantly leading to mass data theft.
The process of stealing sensitive data from within a network and passing it to an outside resource. Typical data stolen includes finance, human resource, client or medical. Data is often posted on threat actor websites or hacking forums and can be sold on or mined for new target selection.
ExploitAn exploit is malicious code that targets a vulnerability in software or an appliance. A successful exploit can provide system access to a threat actor to conduct attacks on a network or infrastructure. Some exploits lead to data access or data destruction. It is critical to patch systems to prevent exploits.
Endpoint Detection and Response. A class of defence software which is usually backed by active monitoring and cyber threat intelligence feeds. EDR is like an anti-virus, with sophisticated machine learning techniques to identify malicious code and suspicious and abnormal events. These are fed to platforms and teams of researchers can investigate the threats remotely.
Infostealer malware is spread via phishing download links, fake software downloads or malicious websites. The malware infects a device and steals usernames and passwords either stored by systems or saved in browsers. The data is syphoned off and sold in online forums.
The process a threat actor carries out once inside a network to move from system to system. Lateral movement is often conducted to facilitate data access or to increase access ability. The two main targets for lateral movement are domain controllers and file storage systems.
Privilege Access Management tools allow the safe use of privilege accounts in a network environment. PAM tools have many features but typically include not exposing the user to the raw credential, checking in and checking out of credentials, enhanced logging, session recording, credential rotation after use and account isolation capabilities. PAM tools themselves are accessed through robust multi-factor authentication (MFA) procedures.
Remote Access Trojan. Pieces of malicious code which permit complete control over a device. Some typical features of a RAT are file and folder access, keylogging, webcam control and running of commands. RAT can be detected by running current anti-virus software or having EDR deployed on the device. RAT is typically delivered via phishing emails or social engineering techniques to get the target to install the software.
Remote Code Execution. Amongst the most severe category of vulnerability access. A successful exploit of a RCE vulnerability allows the threat actor to execute code directly on the system being attacked. This could lead to further tool deployment, data extraction or data destruction. RCE vulnerabilities should be patched immediately.
A common attack method used to access a network from the internet. Webshell attacks are deployed on vulnerable internet facing servers to execute code directly on the server to access data or the systems they are connected to. Webshell attacks are typically tiny in size and can often go undetected. Targets include websites, mail servers such as Microsoft Exchange and application servers.
Local Administrator Password Solution. An active directory plugin to manage all local administrator accounts. LAPS is like a password vault for local admin passwords and creates unique complex passwords for all systems. This prevents a threat actor from accessing systems that are using the same local admin credentials across multiple systems. LAPS is free and highly effective.
A non-human account that is created so that applications have the context and ability to run autonomously on a network. Applications that use service accounts include anti-virus, backup solutions and databases.
The process of scanning assets in an environment and checking the software versions and configurations against known vulnerabilities and exploits. Vulnerability scanning can be used to prioritise patching and target the most susceptible systems to prevent attacks.
Tokio Marine Kiln is a leading international insurer with a reputation for specialist underwriting excellence, great people and innovative products. As part of one of the largest insurance groups in the world, our underwriters are empowered to assess each individual risk, to make on-the-spot decisions and to find the right solutions for our clients’ needs.
The ability to settle valid claims quickly and fairly in a human way is central to our business philosophy, and our adjusters are empowered to exercise their professional judgement to deliver an exceptional customer service.
Tokio Marine KilnAuthorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority under Firm Reference Number: 204909. Registered office is located at 20 Fenchurch Street, London EC3M 3BY Registered Number: 729671. Tokio Marine Kiln is a trading name.
