hp-security-research-cyber-risk-report-pdf-2-w-1408

HP Security Research | Cyber Risk Report 2015Glossary29AA notorious virus writing group established in the mid-1990s that published an e-zine on viruswriting of the same name. “29A” is the hexadecimal representation of the number 666.AES (Advanced Encryption Standard)A cryptographic standard , based on the Rijndael cipher, specified by the National Institute ofStandards and Technology (NIST) in the United States for the encryption of electronic data.AES is a symmetric key algorithm and replaced the previous standard, DES (Data EncryptionStandard).ASLR (Address Space Layout Randomization)A security mechanism where the locations of important elements of a program in memory arerandomized in order to make them harder for an attacker to find and utilize. This increases thedifficulty for the attacker to perform particular types of exploit that rely on jumping to particularaddress areas of memory.AnonymousA loosely associated and informal group of hacktivists that participate cooperatively invarious forms of protest online. Types of protest have included Denial of Service (DoS) attacksand website defacements against various entities, including government and commercialorganizations, and protesting against a broad range of different political and social issues fromdigital rights management and anti-piracy to revenge porn.API (application programming interface)A set of tools and resources that provide various functions developers can utilize when creatingsoftware.APT1 (Advanced Persistent Threat 1)A reportedly government-sponsored Chinese cyber espionage group tracked and reported onby Mandiant. Mandiant reports that this group has been in operation at least since 2006 and hasbeen involved in a number of operations to steal terabytes of sensitive and confidential data,including valuable intellectual property from dozens of organizations in various industries.Blackshades RATA remote access Trojan (RAT) that allows unauthorized access and control of computers on theWindows platform. This particular RAT came to be quite notorious and was the subject of raidsby the FBI on over 100 people in 2014 that led to dozens of arrests.BrowserLockA type of malware known as ransomware. Ransomware is malicious software that locks auser’s computer in some way and then demands a ransom in order for service to be restored. Asthe name suggests, this malware locks the affected user’s Web browser and holds it to ransom.Buffer overrun/overflowA buffer overflow is a type of vulnerability that arises when a program writes an excessiveamount of data to the buffer, exceeding the capacity of the buffer and then overwriting adjacentmemory. This type of vulnerability may be exploited to crash programs or, with the correctmanipulation by a skilled attacker, used to execute arbitrary code on a targeted computer.Buffer vulnerabilities can be avoided by the use of bounds checking, which checks the capacityfor inputs before they are written.BytecodeA form of instruction set designed for efficient execution by a software interpreter. Bytecodesare compact numeric codes, constants, and references (such as numeric addresses), whichencode the result of parsing and semantic analysis of things like type, scope, and nestingdepths of program objects.69