Full Report
This glossary includes the most common terms and expressions TechCrunch uses in our security reporting, and explanations of how — and why — we use them.
Analysis Summary
# Main Topic
Glossary of Common Security Terminology Used in TechCrunch Reporting
## Key Points
- This document serves as a developing compendium explaining the specific terms and expressions TechCrunch uses in its security reporting, detailing how and why they are applied.
- The glossary provides definitions for various cybersecurity concepts critical to understanding threat intelligence reports.
- Definitions cover concepts ranging from actor classification (APT) to specific attack methodologies (AitM, RCE) and investigative processes (Attribution).
## Threat Actors
- **Advanced Persistent Threat (APT):** Categorized as a well-resourced hacker or group maintaining unauthorized, long-term access for espionage, data theft, or sabotage. Traditionally associated with nation-states (China, Iran, North Korea, Russia).
- **Financially-Motivated Cybercriminal Groups:** Groups increasingly exhibiting persistence and capabilities similar to traditional nation-state APTs.
## TTPs
- **Adversary-in-the-Middle (AitM) Attack:** Intercepting network traffic to eavesdrop or modify data during transit (traditionally known as Man-in-the-Middle).
- **Arbitrary Code Execution (ACE):** The ability to run commands or malicious code on a system, often due to a software vulnerability. If remote, it is typically termed Remote Code Execution (RCE). Often used to plant backdoors.
- **Remote Code Execution (RCE):** The ability to run commands or malware over a network (often the internet) without human interaction on the target system.
- **Backdoor:** Used to maintain long-term, persistent access to a system.
## Affected Systems
- Systems targeted by APTs for long-term espionage or sabotage.
- Systems vulnerable to security flaws allowing for Arbitrary/Remote Code Execution.
- Devices utilizing unencrypted network traffic susceptible to AitM attacks.
## Mitigations
- **Data Encryption:** A key measure to make network traffic difficult for AitM attackers to read or understand.
- **Code Execution Prevention:** Security measures to prevent the exploitation of vulnerabilities leading to ACE/RCE.
- **Understanding Attribution:** Recognizing that definitively identifying attackers is difficult, assessment confidence levels vary based on patterns of TTPs observed by intelligence firms.
## Conclusion
This glossary is essential for interpreting technical security reports, establishing standardized definitions for concepts like APT motivation, common exploit vectors like RCE, and investigative challenges like attribution. Readers should prioritize strong encryption to counter interception threats and understand the persistent nature associated with high-level threats like APTs.