Malware-and-Threats

Ransomware is malicious software or related extortion activity that aims to block access to data or systems and pressure an organization into paying or complying.

A trojan is malicious software that disguises itself as something legitimate or useful in order to trick a user or system into allowing it.

A worm is malware that can spread between systems on its own without always relying on a user to manually run it each time.

A botnet is a group of compromised devices or systems that can be remotely coordinated to perform unwanted activity.

Command and control refers to the communication path or infrastructure used to direct compromised systems or malicious activity remotely.

Phishing is a social-engineering tactic that tries to trick people into revealing information, granting access, or taking unsafe actions.

Spear phishing is a targeted form of phishing aimed at a specific person, role, team, or organization.

A threat actor is the person, group, or organization behind malicious or harmful activity.

Business email compromise is fraud that abuses trusted business communication, especially email, to trick people into making payments, sharing data, or approving risky actions.

Insider threat is the risk that a trusted person inside an organization misuses access or exposes the organization to harm.

Credential stuffing is an attack in which stolen username and password pairs are tried against other login systems in the hope that users reused the same credentials.

Denial of service is an attack or disruptive condition that aims to make a system or service unavailable or unreliable for legitimate use.

A brute force attack is an attempt to gain access by trying many possible passwords or keys until one works.

A supply chain attack compromises a trusted supplier, dependency, update path, or related upstream relationship so downstream targets are affected indirectly.

Password spraying is an attack that tries a small set of common passwords across many accounts instead of trying many passwords against one account.

Lateral movement is the spread of unauthorized access from one compromised system, identity, or foothold to other parts of the environment.

Persistence is the ability of unauthorized access or malicious code to remain active or regain access over time instead of disappearing after the first interruption.

Credential theft is the unauthorized capture or misuse of passwords, tokens, keys, or other authentication material.

Malvertising is the use of malicious or deceptive online advertising to deliver harmful content, redirect users, or support fraud.

A watering hole attack is a strategy that targets a website or online service commonly used by a specific group in order to reach that group indirectly.

Data exfiltration is the unauthorized movement of data out of a system, environment, or organization to a destination not approved for that information.

Ransomware as a service is an organized criminal business model in which ransomware tooling and supporting infrastructure are offered to affiliates who carry out attacks.

Sandbox evasion is behavior intended to avoid, confuse, or outlast analysis environments so suspicious code or activity is less likely to be understood or flagged during automated inspection.

Fileless malware is malicious activity that relies heavily on in-memory execution, built-in tools, or transient artifacts rather than depending only on obvious malicious files written to disk.