This section covers attack and malware vocabulary in a defensive, educational way.
Use it when the term helps readers understand how threats are described, detected, categorized, or contained without turning the page into an offensive guide. It is especially useful for responders, detection engineers, and security leaders explaining threat behavior.
- Botnet Networks
Network of compromised devices coordinated remotely to carry out malicious activity at scale.
- Brute Force Attack Attempts
A brute force attack is an attempt to gain access by trying many possible passwords or keys until one works.
- Business Email Compromise (BEC)
Fraud that abuses trusted business communication to trigger payments, data disclosure, or risky approvals.
- Command and Control Infrastructure
Communication channels and infrastructure that let attackers direct compromised systems remotely.
- Credential Stuffing Attacks
Attack pattern that reuses stolen login pairs at scale, creating account takeover risk on other services.
- Credential Theft Risk
Credential theft is the unauthorized capture or misuse of passwords, tokens, keys, or other authentication material.
- Data Exfiltration Risk
Data exfiltration is the unauthorized movement of data out of a system, environment, or organization to a destination not approved for that information.
- Denial-of-Service Attacks
Attack that aims to make a system or service unavailable or unreliable for legitimate users.
- Fileless Malware Behavior
Fileless malware is malicious activity that relies heavily on in-memory execution, built-in tools, or transient artifacts rather than depending only on obvious malicious files written to disk.
- Insider Threat Risks
Risk that a trusted insider misuses access or exposes the organization to harm.
- Lateral Movement Spread
Lateral movement is the spread of unauthorized access from one compromised system, identity, or foothold to other parts of the environment.
- Malvertising Campaigns
Malvertising is the use of malicious or deceptive online advertising to deliver harmful content, redirect users, or support fraud.
- Password Spraying Attacks
Password spraying is an attack that tries a small set of common passwords across many accounts instead of trying many passwords against one account.
- Phishing Attacks
Social-engineering attacks that trick people into revealing data, granting access, or taking unsafe actions.
- Ransomware Attacks
Extortion-driven malware or activity that blocks access to systems or data to force payment or compliance.
- Ransomware-as-a-Service (RaaS)
Criminal service model where ransomware tooling and infrastructure are provided to affiliates who carry out attacks.
- Sandbox Evasion Behavior
Sandbox evasion is behavior intended to avoid, confuse, or outlast analysis environments so suspicious code or activity is less likely to be understood or flagged during automated inspection.
- Spear Phishing Attacks
Targeted phishing that uses personal or business context to trick a specific person or team.
- Supply Chain Attacks
Attack that compromises a trusted supplier or dependency so downstream targets are affected indirectly.
- Threat Actors and Motivations
The person, group, or organization behind malicious activity, defined by intent and capability.
- Threat Persistence
Persistence is the ability of unauthorized access or malicious code to remain active or regain access over time instead of disappearing after the first interruption.
- Trojan Malware
A trojan is malicious software that disguises itself as something legitimate or useful in order to trick a user or system into allowing it.
- Watering Hole Attacks
Attack strategy that compromises a trusted site or service to reach a specific target group indirectly.
- Worm Malware
Malware that can spread between systems on its own without user action each time.