Special | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | ALL
A digital asset, or currency. Strong encryption techniques are used to control how units of cryptocurrency are created and to verify transactions. Cryptocurrencies generally operate independently of a central bank, central authority or government. It can be exchanged for goods and services by those willing to accept it.
It's considered pseudo-anonymous. Every Bitcoin transaction is captured on the blockchain, which is a public ledger of transactions similar to what you would find in an accountant's office. It's an electronic record of every transaction, which includes details such as the amount sent and the addresses involved. But the owner's identity is never displayed. Many cyber criminals use cryptocurrency due to its pseudo-anonymity.
Refers to incorporating good cyber security habits or practices into your daily routine.
Adopt these habits to help you and your organization stay cyber safe:
Denial of service (DoS)
Denial of service (DoS):
These attacks occur when a threat actor attempts to overwhelm a system so that it no longer functions. Most networks have limited capacity (bandwidth). DoS attacks will send so much traffic to a network or website that it is overwhelmed. The target organization’s network and/or website may become incredibly slow or completely cease to function.
How to identify a DoS attack
DoS attacks are indicated by network services (including websites) becoming unexpectedly slower or unavailable. While there can be legitimate reasons for a web service to slow, there are some signs that the slowdown is due to a DoS attack:
What to do if you fall victim
If you think you have fallen victim of a DoS attack, follow the steps listed in section:
Malicious software, commonly referred to as malware, is software and/or program code/instructions inserted into a system, usually covertly, with the intention of compromising one or more of confidentiality, integrity, or availability associated with the system or the data it processes. A cyber criminal may use malware to steal information or carry out malicious activities. Malware is an overarching term that encompasses more traditional virus, worm, and trojan software, as well as modern ransomware, droppers/payloads, rootkits, and sniffer/logger threats.
How do you get malware?
The two most common ways for malware to be installed on your device are by accidentally downloading it while trying to download legitimate software, or through a phishing attack. In both instances, there are easy steps to take to protect yourself.
How to protect yourself
Multi-factor authentication (MFA):
Authentication using two or more authentication factors. In other words, two or more pieces of evidence – your credentials – are required when logging into an account.
These credentials (or factors) fall into three categories:
Two-factor authentication (2FA) is a form of multi-factor authentication. These terms are often used synonymously.
To be considered MFA, each authentication factor must be from a different category.
Why use multi-factor authentication
Multi-factor authentication is proven to help you, your office network and the enterprise stay safer.
Multi-factor authentication is just as helpful in your non-work life. Service providers, includes banking institutions and the Canada Revenue Agency, encourage you to set up MFA.
While it is not possible to stop all cybercrime, MFA does significantly reduce your chances of being a victim. Your information is safer because hackers would need all your authentication factors in order to log in as you. As some services offer a reset ability to regain access even to MFA-protected accounts, continue to exercise caution regarding unusual activity, unexpected changes to your account or the associated credentials, or access attempts.
Phishing is the most common form of social engineering attack.
Phishing occurs when a threat actor impersonates a trusted entity through email to try and fraudulently obtain personal information, financial information or access to systems. The email prompts the targeted individual to act. The action could be to click on a link, provide information, open an attachment, download a file, or provide remote access to a workstation. This action provides the threat actor with information or access to a system.
Phishing uses email to solicit your information by posing as a trustworthy person or entity. For example, the threat actor may send emails disguised as your boss or a financial institution requesting your account information.
The threat actor will use this information to gain access to your online accounts. Once the threat actor has access to your accounts, they may use this access to carry out a larger cyber attack.
How to spot a phishing attack
There are ways to detect these types of attack. Here are some common indicators:
You should always be vigilant and watch for these indicators. However just because a communication has one of these indicators doesn’t mean that it is an attack.
If you are suspicious, confirm the request with the sender prior to taking any action requested in the message. If you don’t recognize the sender or their email address doesn’t match their name, report the message.
What to do if you receive a suspected phishing email
Follow the steps for responding to a social engineering attack.
What to do if you fall victim to a phishing email
If you think that you may have been the victim of phishing, follow these steps in this section:
Ransomware is a type of malware that makes data inaccessible. When ransomware infects a device, it will either lock your screen or encrypt all your files. It may be contained to a single device but can also make the data of an entire organization inaccessible. Once the files are inaccessible the threat actor will send you a message indicating the ransom that must be paid in order to regain access to your files. This payment is typically requested in cryptocurrency as it is harder to track. The threat actor may also threaten to leak private information or threaten your clients directly if you do not pay right away.
How to protect yourself
A cyber criminal must be able to gain access to your system prior to initiating a ransomware attack. Follow these best practices to keep cyber criminals out of your systems and devices.
It is important to back up your data regularly. You can back up your data on an external hard drive or on the cloud. If your data is encrypted by a ransomware attack, you can recover your data by using your backup.
What to do if you fall victim
If you think that you may have been the victim of a ransomware attack, take these steps:
Double- and triple-extortion ransomware
Traditional ransomware attacks only demand payment to decrypt the files. Recent ransomware attacks are more complex. In double-extortion ransomware attacks, the threat actors demand a ransom and threaten to leak private information. In triple-extortion ransomware attacks, the threat actor demands a ransom payment, threatens to leak private information, and sends ransom demands to the users or customers of the impacted institution.
A system where an individual can use a single set of login credentials (e.g., username and password) to access multiple services. For example, you could use one set of login credentials to access both your email and another application such as a collaboration tool.
Social engineering is the use of deception to exploit human nature, our habits and our trust to gain information or access information systems. Threat actors attempt to drive desired behaviour through fear including fear of missing out, intimidation, coercion, urgency, opportunity or even befriending the user.
Information sought by threat actors for fraudulent purposes can include:
How is it successful?
Social engineering attacks are successful because they exploit human nature while skirting typical cyber security defences.
These attacks are particularly insidious because they are stealthy and are often well established before becoming apparent.
Threat actors do their homework. They target people who are less likely to check before taking the requested action. In other words, they target people who are easier to manipulate.
Are you an easy target? If you receive an email from a leader in your organization asking you to complete a task quickly, would you take the time to scan the message for signs of a social engineering attack? And would you feel comfortable following up to confirm the authenticity of the request before taking any other action?
The threat actor is looking to collect enough information to infiltrate an organization's network or your financial accounts.
To be successful, the cyber threat actor merely needs to get the individual to do what is requested of them. Unfortunately, because these attacks rely on our curiosity, insecurity or trust to gain access, they tend to be very successful.
Social engineering tactics
Knowing how threat actors can use you to gain access to information and systems is critical.
Tactics and techniques used in social engineering attacks include:
This is a term used to describe malicious actors who perpetrate cybercrime. Colloquially they are sometimes referred to as hackers or cyber criminals.
Threat Actors can include:
Many threat actors are well-organized groups who work together to perpetrate sophisticated cybercrime. Their work settings can be very similar to your own. Threat actors also work together with other groups to amplify their work.
While their specific motivations, tactics, and techniques may vary, their intention is the same: to exploit human and system vulnerabilities to achieve their goals.