Cybersecurity Glossary

Account takeover (ATO) is when a hacker successfully takes ownership of one or multiple online accounts.

An advanced persistent threat, or APT, is a type of cyberattack in which one or multiple threat actors gain unauthorized access to your systems or network for an extended period of time without being detected. Typical targets of APTs are large businesses and government organizations, since the scope of their systems is so large that detecting a seemingly small threat goes under their radar. Once an APT occurs, individuals can deepen their access to your systems and cause serious damage. Consequences of a successful APT include loss of sensitive information, intellectual property theft, malware viruses, and total site takeovers.

Also referred to as “double-barreled” phishing, barrel phishing is a more sophisticated form of phishing that involves two emails. The first email—often referred to as the “bait email”—attempts to establish a relationship with the recipient or trick them into believing the sender is a trusted source. Once the recipient’s guard is lowered, they’re sent a follow-up email where the actual phishing occurs, usually in the form of malicious links.

Brand impersonation is a type of email phishing attack where cybercriminals pose as a trusted brand to dupe victims and steal their data. Also known as brand spoofing, this cyberattack uses an email that looks like it’s from a recognizable brand to trick recipients into clicking a link or downloading an attachment containing malware. Some of the most impersonated brands include Facebook, Microsoft, Google, and PayPal.

A browser exploit refers to malicious code that is executed without a user’s knowledge to gain access to a computer system. It often targets vulnerabilities within web browsers or plugins.

Browser isolation is a security control that isolates web activity from other applications and processes running on the same device. This helps limit the potential damage caused by malicious websites and drive-by downloads.

Browser security refers to measures taken to secure web browsers from attack or intrusion by cybercriminals, including phishing, spear-phishing, and malware attacks. It includes installing anti-malware software as well as configuring browser settings such as disabling plug-ins, enabling pop-up blockers, etc.

Brute force refers to an attack that aims to gain unauthorized access to an account or encryption key. The attack method uses a trial-and-error approach in which hackers attempt to guess password combinations. Brute force attacks can be used to launch a host of malicious activities, such as harvesting data, spreading malware and ransomware, diverting website traffic, and more. While brute force attacks have existed for many years, they’ve grown more sophisticated with the aid of software that enhances the speed and accuracy of this kind of attack. Common protections against brute force attacks include anti-virus software, anti-phishing solutions, anti-malware and ransomware solutions, good cyber hygiene, and user awareness training.