A cybersecurity glossary made in the framework of project ESVEI
APT
The acronym APT stands for "advanced persistent threat", groups that make particularly sophisticated cyber attacks and that are believed to be state or otherwise act on behalf of a state.
These groups last long and, although obviously secret, often become recognisable over time due to their style or other elements.
They are assigned – obviously unofficial – names, usually by cybersecurity companies . The best known include Fancy Bear (Russia), Lazarus Group (North Korea), Equation Group (USA), etc.. In some cases it is known which subject they correspond to, for example Comment Panda (APT1) is Unit 61398 of the Chinese People's Liberation Army.
Attribution
"Attribution" in international law is the process of identifying the perpetrator of an attack or operation carried out against a state. It is not a new concept, but cyber attacks pose some new problems. Sometimes we cannot even realise there was an attack. It is necessary to find out, carry out an investigation using – but not only – technological tools, and correctly communicate the findings.
See: Did the State do it? The attribution of cyber attacks
Backdoor
A backdoor is a system that allows you to access a device or software bypassing normal protection systems.
A backdoor can be inserted during an attack to facilitate further incursions, or it can be present, secretly or publicly, since the creation of the device or software, sometimes as required by law.
The problem is that – just like the TSA lock in the photo – a backdoor, even if perhaps designed to be used by security agencies within specific legal frameworks, can then also be exploited by those who do not have the right to. For this reason, doubts have been expressed regarding some countries' requests to grant, for example, backdoors to access the messages exchanged by users.
Exploit
An exploit is software that exploits a vulnerability to make an attack.
Among the many it is worth mentioning EternalBlue, developed by the National Security Agency (NSA) on the basis of an otherwise unknown Windows vulnerability. The exploit was stolen from the NSA and used to create the WannaCry ransomware, which has done enormous damage since May 2017. The NSA has been criticised for both the poor performance in guarding this exploit and for hiding the vulnerability on which it was based instead of reporting it to Microsoft and allowing to correct it in time.
Phishing
The word "phishing" is pronounced in the same way as "fishing". However, here the catch is personal data, credit card numbers, etc.
Usually it works like this: you receive an email that apparently comes from a bank, a social network, etc. This email contains a link, apparently to an official site, which contains a form in which you need to enter your data. Except that this is actually a site run by cyber criminals, who in this way get the necessary data to then steal money or personal data.
According to Citizen Lab and NortonLifeLock , spearphishing (phishing targeting a specific person) was the favorite weapon of Dark Basin/ Mercenary.Amanda, a group of "Hackers for Hire" probably linked to Indian company BellTroX.
The collective Security Without Borders has created a gallery of images reproducing real phishing sites: would you have been fooled?
Ransomware
Ransomware are viruses capable of encrypting the contents of a computer so that it is impossible to decipher them without a specific key, which will be provided to the user in exchange for a ransom. The purpose is economic, and payment is made through cryptocurrencies. The attacker would then have every interest to allow the victim to decrypt their content, to appear "reliable" and encourage other victims to pay, but things do not always go smoothly. The most famous ransomware include CryptoLocker (which would have earned its authors over 3 million dollars) and WannaCry.
In the United States, some companies were forced to shut down due to ransomware attacks. In Italy, ransomware targets include for example multiservice company IREN, the hospital in Erba, Cantine Ferrari, and the municipality of Spoleto. According to Kaspersky, in 2019 174 municipal institutions were targeted worldwide. Sometimes, however, victims do not report such attacks for fear of losing investors.
Spyware
Spyware "is malicious software that, once installed, spies on some or almost all user activities, to steal data and monitor communications" (Carola Frediani, Guerre di rete ).
A spyware can be installed remotely, through a trojan, or even for example by someone who has physical access to a device without the need for a trojan (e.g. a parent with a child's mobile phone).
Among the most notorious spyware there is Pegasus, created by the Israeli NSO Group using some exploits that also allowed it to be installed remotely and sold to governments to spy on criminals and, at other times, human rights activists.
When the aim is "to have control over an individual's daily life... in order to terrorise, control, and manipulate" (Cyber Security 360 ), the software is called stalkerware. Eva Galperin, director of Cybersecurity at the Electronic Frontier Foundation, spoke on the topic in a Ted Talk .
Trojan
A trojan is a programme that, like the Greeks with the Trojan horse, uses another one – seemingly harmless – to secretly enter a computer.
It can be used to install backdoors, spyware, etc.
Electronic voting
Electronic voting, remotely via the Internet or at a polling station via voting machine, aims to replace the traditional voting systems with paper and pencil, with the advantage of obtaining results immediately.
Electronic voting was also experimented in Italy, for example for the consultative referendum on the autonomy of Lombardy, and the 2019 financial package funded new experiments. However, as explained by Stefano Zanero , professor of cybersecurity at the Politecnico di Milano, electronic voting systems cannot currently ensure the correctness of elections and the confidence of voters.
See: Electronic voting, cybersecurity, and Russian hackers
Cyber vulnerability
A vulnerability is a weak point in the security of a computer system, which can be used to create an exploit.
The leaks are inevitable, the problem is how serious they are and who discovers them. Many companies reward those who discover and report vulnerabilities in their sites or software, but malicious actors may be willing to pay more on the black market .
Zero-day
A zero-day vulnerability (also written as 0-day) is not yet known to software and antivirus creators, who therefore had zero days to correct it. In turn, an attack based on a zero-day vulnerability is called a zero-day exploit. They are exceptionally dangerous because in some cases they can put an updated device at risk, without the user having an effective way to protect themselves.
The fact that a vulnerability has been discovered for some time does not guarantee that it is no longer dangerous: even after Microsoft had released the patches for EternalBlue, exploited by WannaCry, many Windows systems remained at risk simply because they were not updated.
This publication has been produced within the project ESVEI, supported in part by a grant from the Foundation Open Society Institute in cooperation with the OSIFE of the Open Society Foundations. The contents of this publication are the sole responsibility of Osservatorio Balcani e Caucaso Transeuropa.