Glossary, explanation of technical terms

• Malware
  General term for malicious software
  
  
• Data breach
  refers to a data breach/data theft and is a security incident in which unauthorized third parties gain access to confidential, sensitive, or personal data. This occurs through cyberattacks (hacking), accidental disclosure, or theft of data storage devices. Consequences often include identity theft, financial losses, and reputational damage. Data breaches involving personal data, as defined in Article 33 of the GDPR, must be reported to the Austrian Data Protection Authority https://dsb.gv.at/ .
  
  
• Adware
  programs that display unwanted advertisements. Popup blockers help against this; they are usually already integrated into the browser but need to be activated.
  
  
• Phishing
  is a cyber fraud method in which criminals attempt to obtain personal data such as passwords, credit card numbers, or bank details through fake emails, text messages (smishing), or websites. They impersonate trusted institutions, friends, or companies to manipulate victims into entering their data. The goal is usually identity theft or financial loss.
  
  
• Spear phishing
  is a highly targeted cyberattack in which attackers use personalized emails or messages to trick specific individuals or companies into revealing sensitive data. Unlike mass phishing, attackers use pre-researched information (social engineering), which makes the attacks extremely convincing.

• Virus/malicious
  code that embeds itself in or attaches to files and, when executed (usually requiring user action), spreads independently.
  
  
• Worms
  are independent malicious programs that spread autonomously across networks.
  
  
• Trojans (Trojan horses)
  disguise themselves as useful applications, but secretly perform harmful functions.
  
  
• Session tokens, session IDs, or session cookies
  are used in applications that constantly monitor data traffic to ensure it is authorized. To avoid requiring users to authenticate repeatedly, a session token is generated after the initial authentication. This token serves to identify the network communication. However, if someone manages to steal this session token, they can enter the network communication on behalf of the compromised user. Therefore, logging out of sessions that are no longer needed is a crucial security measure.
  
  
• Technical support fraud
  Manipulated websites (phishing websites) or infected advertising banners offer downloads containing malicious code. Often, simply visiting the website and viewing images without clicking is enough to display a fake warning that the computer is infected, including a phone number. See the section on phishing websites and widgets for more information.
  
  
• Ransomware (extortion Trojan)
  encrypts data or locks system access, and the hackers demand a ransom, usually in Bitcoin, or sell the data on the dark web. Unscrupulous hackers demand ransom and sell the data.
  
  
• Spyware
  spies on data, user behavior, or passwords.
  
  
• Keylogger
  A type of spyware that records keystrokes.
  
  
• Bot (or robot for short)
  is a computer program that performs automated tasks independently and repetitively on the internet. In principle, this is not a bad thing; it is often used to imitate human behavior, for example, on social media. They act much faster than humans and can be either useful or malicious.
  
  
• Botnet
  A network of remotely controlled, infected computers (bots, zombies) used for various attacks (DDoS, spam). This can result in your email address or IP address being blacklisted.
  
  
• Blacklists
  exist for email systems, IP addresses, entire network segments, and websites. Once on a blacklist, you usually have to prove you've taken action to get delisted.
  
  
• Rootkit / bootkit
  software that hides deep within the system (e.g., BIOS, boot loader, kernel) to gain administrator privileges, cover its tracks, and permanently embed itself undetected in the operating system. Therefore, it is crucial that Secure Boot is enabled and up-to-date on your system. LinkBootkit and rootkit differ in their point of attack. While rootkits target the kernel level within the operating system, bootkits operate at the Master Boot Record (MBR) or within the UEFI Boot Manager partition.
  
  
• Scareware
  deceives users with fake warning messages to trick them into buying useless software.
  
  
• Roguware
  is fake software or fake security software; it pretends to be, for example, an antivirus program, but is actually spying on your computer. (e.g., Super Antivirus) It often hides as a free app in app stores.
  
  
• Backdoor
  allows attackers unauthorized remote access to the system. Some manufacturers are suspected of having built in backdoors for themselves and intelligence agencies.
  
  
• Exploit
  is a small program/tool that takes advantage of unpatched security vulnerabilities to install malware, or a technical guide that shows how to exploit these vulnerabilities. This is why updates are so important to close security gaps, as known vulnerabilities are especially dangerous. Exploit kits are software toolkits that allow beginners to quickly build malware.
  
  
• Man-in-the-middle attack (MitM attack)
  is a cyber threat in which an attacker secretly positions themselves between two communicating parties—for example, a user and a website—to intercept, eavesdrop on, or modify data in real time. Attackers steal login credentials, financial data, or session tokens, often using public Wi-Fi networks or fake, malicious websites.
  
  
• Adversary-in-the-Middle (AiTM) attack
  An AiTM attack is a sophisticated cyberattack technique based on HTTP reverse proxy, in which the attacker inserts themselves undetected between two communicating parties – usually between a user and a legitimate website or application (such as Microsoft 365, banking portals, etc.). Link
  
  
• DDoS attack (Distributed Denial-of-Service)
  is a cyberattack that aims to render online services unusable by overloading them with massive amounts of data traffic. A target server is attacked simultaneously by thousands of infected computers (in botnets). The consequences include slowed-down websites, outages, financial losses, and reputational damage.
  
  
• Proxy server
  is an intermediary/representative in computer networks that acts between a client (e.g., your browser) and the internet. It forwards requests, thereby hiding the original IP address, increasing security (firewall functions), saving bandwidth through caching, or bypassing geoblocking – nothing inherently malicious.
  
  
• Reverse proxy
  is an intermediary server positioned in front of the backend web servers. It acts as their "public interface" and manages incoming client requests. It improves web performance through caching and load balancing, enhances security by masking server IP addresses, and simplifies SSL encryption. This makes it an important tool for scaling and traffic control. As with any proxy, this is generally a good thing, but it can be misused for highly sophisticated AITM attacks. Link

• Social engineering (attack)
  Deceives users with fake warning messages to trick them into buying useless software.
  
  
• Supply Chain Attack
  A supply chain attack occurs when cybercriminals infiltrate a company by exploiting vulnerabilities in trusted third-party vendors, suppliers, or software dependencies. Instead of directly attacking a well-protected target, attackers compromise a less secure partner to gain unauthorized access, steal data, or silently install malware (e.g., via GitHub) into a product. This often results in widespread damage that goes undetected for extended periods. These attacks are frequently carried out using social engineering and can last for years. Some countries are suspected of conducting supply chain attacks.
  
  
• Fileless malware
  attacks do not use files, but only network packets. This type of malware cannot be detected by traditional file-based antivirus software.
  
  
• SQL injection
  (SQLi) is a security vulnerability in web applications that allows attackers to intercept an application's database queries. This enables attackers to view data they would not normally have access to. One form of SQL injection is through insecure input fields in web forms.
  
  
• Cryptojacking
  With the increasing popularity of cryptocurrencies, mining coins has become a lucrative practice. Cryptojacking means that a device's computing power is stolen using a Trojan/bot to mine cryptocurrencies without the owner's knowledge, significantly slowing down the infected system.
  
  
• Servers
  provide services such as file and print services, databases, remote access (terminal servers), web servers, and much more. Servers are therefore popular targets for attacks.
  
  
• Backend
  On servers running in the backend, the user accesses services but has no direct, visible user interface. To cause as much damage as possible, criminals aim to infiltrate backend systems.
  

Positively connoted terms

• Ethnic hacking
  refers to certified hacking by "good" hackers who advise and hack on security issues on behalf of companies and government agencies to find security vulnerabilities. However, even "good" hacking is illegal without prior notification of the target company.
  
  
• Security awareness
  in the form of training courses, workshops, and phishing simulations for email reception to educate and train employees. Link
  
  
• Penetration tests
  are used to find security vulnerabilities through real cyber attacks and pen-test tools on infrastructures such as firewalls, web servers, and company servers by deliberately attacking and stressing the infrastructure.