Typosquatting is a form of cybercrime based on social engineering. Typosquatting uses altered or misspelled domain names, the purpose of which is to lure users who make typos when searching for websites, to other malicious websites.
TTPs analyze how a malicious actor operates, they describe how cyber attackers orchestrate, execute and manage operational attacks. TTPs contextualize a threat.
They reveal the steps or actions taken by malicious actors when exfiltrating data, for example.
Malicious programs or malware dressed in a safe appearance to trick the user. They have the ability to read passwords, record keystrokes.
It is a subterfuge used to steal, delete, block, modify contents, spy, disrupt the performance of computer networks.
It is an area on a hard drive that allows the computer (the operating system to be more precise) to understand how to read and write on the medium.
If the MBR is corrupted, the computer will never be able to boot again and everything will have to be reinstalled and all data will be lost.
Social engineering is aimed at obtaining information by taking advantage of someone’s trust, ignorance of naivety through different channels (e-mail, instant messaging, telephone, social networks, company website…), without the said person realizing it.
CVSS is a standardized vulnerability scoring system established by FIRST (Forum of Incident Response and Security Teams).
The BEC fraud is a scam specifically targeting companies. The criminals pretend to be part of the structure or in partnership (as a team member, a subcontractor…) and target employees with access to financial data (CFO, accountant…). They encourage them to make transfers to apparently reliable accounts (they are not). The techniques vary: identity theft (or spoofing), spear phishing, malware…
A blockchain is a technology dedicated to the storage and the transmission of information. It can be viewed as a book that allows data to be directly shared, stored and exchanged on the Internet. The entire database is public and all exchanges made between users since its creation can be consulted. If someone tries to falsify information, the chain is broken.
Phishing is a scamming technique used by hackers to obtain personal or professional information by pretending to be a trusted third party.
Forensic data analysis consists in investigating an information system after a cyberattack. Analysts will collect all the raw data (deleted files, hard drives, backups, system logs…), study them to understand what happened and draw conclusions. This task, which is sometimes arduous, makes it possible to produce the evidence necessary for internal action or for legal proceedings, for example.