EaaS is a business model used by malicious groups based on the location of zero-day exploits (a flaw or vulnerability in software). This model allows to malicious groups to generate even more revenue by renting their exploits.
SaaS is a software distribution or licensing business model used by malicious groups in which a service provider hosts applications and makes them available to customers over the Internet; thus, avoiding software infrastructure maintenance, data management and installations
RaaS is a subscription business model used by malicious groups- that allows malicious users (affiliates) to use ransomware tools to execute attacks.
It is a ready-to-use kit for subscribers who pay to be affiliated with the program. This kit allows easy access to ransomware for those with little or no programming expertise.
The “Distributed Denial of Service” attack consists of sending many requests to a host, a server or a web application with the aim of hindering the capacity of the site or even causing a total stop of the service. The site thus becomes unavailable.
Typosquatting is a form of cybercrime based on social engineering. Typosquatting uses altered or misspelled domain names, the purpose of which is to lure users who make typos when searching for websites, to other malicious websites.
TTPs analyze how a malicious actor operates, they describe how cyber attackers orchestrate, execute and manage operational attacks. TTPs contextualize a threat.
They reveal the steps or actions taken by malicious actors when exfiltrating data, for example.
Malicious programs or malware dressed in a safe appearance to trick the user. They have the ability to read passwords, record keystrokes.
It is a subterfuge used to steal, delete, block, modify contents, spy, disrupt the performance of computer networks.
It is an area on a hard drive that allows the computer (the operating system to be more precise) to understand how to read and write on the medium.
If the MBR is corrupted, the computer will never be able to boot again and everything will have to be reinstalled and all data will be lost.
Social engineering is aimed at obtaining information by taking advantage of someone’s trust, ignorance of naivety through different channels (e-mail, instant messaging, telephone, social networks, company website…), without the said person realizing it.
CVSS is a standardized vulnerability scoring system established by FIRST (Forum of Incident Response and Security Teams).