Company Logo
2023-24 ThreatScape Report: Analysis of 2023 Global CTI Reports
Recognized by Frost & Sullivan for Enabling Technology Leadership in the Global Digital Risk Protection (DRP) Industry


Clarify your Cyber Security Vocabulary

Abuse Box feed

An email box where users may submit complaints against any concerned domain.


Address Record. An A record maps a domain name to the IP address of the computer hosting the domain. An A record is used to find the IP address of a computer connected to the internet from a name.

A/AAAA Record

IPv4 and IPv6 addresses associated to a hostname.

Advance Fee Fraud/419 Scam/Nigerian 419

An advance-fee scam is a form of fraud and one of the most common types of confidence tricks. The scam typically involves promising the victim a significant share of a large sum of money, in return for a small up-front payment, which the fraudster requires in order to obtain the large sum. If a victim makes the payment, the fraudster either invents a series of further fees for the victim or simply disappears

Back links

A backlink is any link received by a web node (web page, directory, website, or top level domain) from another web node.

Brand Infringement

Brand infringement is an encroachment, violation, misappropriation, and/or disparagement of a message, identity, goodwill, talent, work, products, and intellectual property rights of a brand.

Brand jacking

Activity whereby someone acquires or otherwise assumes the online identity of another entity for the purposes of acquiring that person's or business's brand equity.

Business email compromise (BEC)

Business email compromise (BEC) scams that attempt to trick senior staff at medium and large corporations into transferring large sums of money typically rely on the same formats - either compromising the CEO's account, spoofing the CEO's email address, or using a form of typo-squatting where the email address uses a domain which resembles the targeted company's actual domain

Clear Web

The unencrypted part of the internet which is accessible by everyone using standard browsers.


Cybersquatting is the practice of registering domains identical or similar to a third party company name or trade mark.

Dark Web

An encrypted network that is not indexed by normal search engines. Can only be accessed using specialized software. Dark Web is a small part of the Deep Web

Data leakage

Confidential data being published anywhere on the internet inclusive of Email addresses


A denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. Distributed denial-of-service attacks are sent by two or more persons, or bots, whereas denial-of-service attacks are sent by one person or system.

Deep Web

Parts of the world wide web which have not been indexed by search engines as they are encrypted.


Website defacement is an attack on a website that changes the visual appearance of the site or a webpage. These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own.


In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users.


Doxing simply refers to the process of publishing other people’s information such as name, age, email, address, telephone number, photographs etc. using publicly available sources such as the Internet for malicious purposes.

Drive by malware

Malware delivery technique that is triggered simply because the user visited a website.

Email Wire Fraud

The purpose of this type of email is very simple—to get the recipient to process a payment for non-existent goods or services by way of a wire or credit transfer. The scammers send an email to a target recipient, usually pretending to be from the CEO or a senior executive of an organization. The scammers will usually send the fake wire transfer emails to employees working in the finance department of a company, as those employees will have the ability to action payment requests.


General Data Protection Regulation is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states


Act of pretending to be another person for the purpose of entertainment or fraud.

Job Scam

Scammers trick victims into handing over their money by offering a 'guaranteed' way to make fast money or a high-paying job for little effort

Mail bounce back feed

Mail bounce back are system generated files when emails are not sent due to a wrong email or there is an inbox space issue.

MX Preference

The lower the preference, the higher the priority a mail server has to recieve mail.

MX Record

States which mail servers accept incoming mail for a domain.


Webpage impersonating the client with the objective of collecting their customers' information

PTR Record

The pointer record status of a configured IP address to have a reverse DNS value to point to the associated host.

Search Engine ranking

Refers to the position at which a particular site appears in the results of a search engine query

Shadow IT

Or Stealth IT, is a term often used to describe information-technology assets without explicit IT approval.


SMS as the carrier of Phish URL

Social Media Fraud

Suspicious Profiles on any social media websites that have association with the client

Spear Phishing

Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.

Suspicious Mobile App

Mobile App published on the internet claiming to be published by client's organization

Text sharing sites

Websites that provide online storage of text, similar to an online Notepad. Often, a source for copywrite infringement

Unauthorized Association

Declaring affiliation to a company or individual without consent

Unauthorized Job posting

Posting a job declaring affiliation to a company or individual without consent


Vishing (voice phishing) is a form of attack that attempts to trick victims into giving up sensitive personal information over the phone

Watering hole attack

An attack strategy targeting a large group of individuals by observing the websites most visited and infecting them with malware


Whaling is a type of fraud that targets high-profile end users such as C-level corporate executives, politicians and celebrities.


A Whois record contains all of the contact information associated with the person, group, or company that registers a particular domain name. Typically, each Whois record will contain information such as the name and contact information of the Registrant , the name and contact information of the registrar, the registration dates, the name servers, the most recent update, and the expiration date.

Account suspension

Suspension of fraudulent emails or social media accounts

Accredited domain registrars of a registry

Registrars that are officially recognized by a Registry to provide domain-related services

Angler Phishing

An attack in which the fraudster will masquerade as a customer support representative on social media to send phishing links to customers in order to get their information such as username and password as well as other personal information.

App permissions

An app asking the user to grant permission to be able to execute tasks on thier device without consent or without informing the user.


Advanced Persistent Threats are attacks in which the attacker stays inside the system to spy and steal information rather than penetrate the network to cause damage.


Astroturfing is abusing the power of customer reviews on sites like Yelp, Facebook, Amazon and others. Either a place of business will post rave reviews from fake customers about their product, or a business will post bad reviews about a competitor.


Bank Identification Number. Which is the starting digits of a credit card, most commonly 6 or 8 digits.


Refers to the registration of a domain names one bit different than a popular domain. The name comes from typo-squatting: the act of registering domain names one key press different than a popular domain.

Blended Attack

A cyber attack that comprises multiple attack vectors and malware is known as a blended attack. Such attacks usually cause severe damage to targeted systems.

Brand Casting

Promoting a brand, product or service by streaming video of events, product demonstrations and other offline experiences through online media channels.


Country Code Top Level Domain. It is a top level domain that is reserved for a country/territory.

Cease & Desist

A document sent to an individual or business to halt purportedly unlawful activity ("cease") and not take it up again later ("desist")

De-indexing in search engines

Removing fradulent sites from search engine rankings

Defang URL

The process of rewriting the URL into a form that cannot be clicked.

Defensive (Domain) Registration

Defensive Registration refers to registering domain names, often across multiple TLDs and in varied grammatical formats, for the primary purpose of protecting intellectual property or trademark from abuse, such as cybersquatting.

Delist domains from RBLs

Removing links/emails from Blackhole list


False data is submitted to phish sites to dilute the quality of information collected by the phisher


The Digital Millennium Copyright Act is a 1998 United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization. It criminalizes production and dissemination of technology, devices, or services intended to circumvent measures that control access to copyrighted works.

DNS poisoning

DNS spoofing (or DNS cache poisoning) is an attack whereby data is introduced into a Domain Name System (DNS) name server's cache database, causing the name server to return an incorrect IP address, diverting traffic to another computer.

Domain suspension

Reporting a fraudulent domain to a domain authority and requesting its suspension

Domain Validation certificate

Is an X.509 digital certificate typically used for Transport Layer Security (TLS) where the identity of the applicant has been validated by proving some control over a DNS domain

Extended validation certificate

An Extended Validation Certificate (EV) is a certificate used for HTTPS websites and software that proves the legal entity controlling the website or software package

Form Grabber

Malware designed to record sensitive information that the targeted user provides in forms on the Internet. These malware particularly target the victim’s financial information.

Safebrowsing Warning

Providing security vendors fraudulent IP and Domains to be blocked in real-time through browsers, email firewalls, ISPs, proxies and any other relevant security products

MITB (Man in the browser)

A proxy Trojan horse that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host web application.

MITM (Man in the middle)

Attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.


States which nameservers handle queries about the location of a domain name.

Passive honey pot

A method of acquiring spam for analysis, via planting of bogus email addresses which are rigged to forward emails to a specific mailbox.

Password Spraying

It is an advanced brute-force technique that attempts to attack multiple user accounts with commonly used passwords

Phish tagging

Phish tagging allows banks to understand how attackers use the phished data. Banks can create fake customer accounts and share the credentials with CTM360. CTM360 uses these credentials on phishing sites targeting that bank and then the bank can observe what the attacker does with the phished data.

Polymorphic Virus

A polymorphic virus is a malicious program that modifies itself when it replicates. This technique enables it to evade detection by security software.

Privilege Escalation

An attack in which the user will attempt to exploit bugs in the system allowing them to reach and use resources which should not be accessed by them.


Real-time Blackhole List (RBL) is a service where users can check whether an IP address/domain is on a known blacklist.

Reclaim Accounts

A process to regain control over a hijacked account


Shutting down of Content and Websites related to Phishing Activities. Asking host to takedown certain content


Socialbots are softwares programmed to behave like humans on social media by posting pictures, retweeting, and even chatting with people. Socialbots can be used for malicious purposes such as distorting public opinion during political campaigns, marketing, and spreading scams.


Removal of content (full website or profile) that affects a brand or individual including cybersquatting.


Top-level domain (TLD) refers to the last segment of a domain name, or the part that follows immediately after the "dot" symbol


Any word, name, symbol, or design, or any combination thereof, used in commerce to identify and distinguish the goods of one manufacturer or seller


Binary Trading (commonly also known as Binary Options Trading or Binary Options) is a type of option where the trader takes a yes or no position on the price of a stock or other assets, with the resulting payoff being all or nothing. Questionable activities such as brand infringement, unregistered establishments, identity theft, misrepresentation of potential gains and back-end manipulation of software to cheat users is common in the name of BOT. As there does not appear to be an explicit legal framework to govern binary trading, online companies continue to operate and trap victims. This type of scam is known as TRAP10.


Twishing refers to phishing scams that are carried over Twitter. The attacker might tweet a post interesting or strange enough to trick users into visiting a fraudulent website and logging in with their credentials.

URL redirection attack

A URL Redirection Attack is a kind of vulnerability that redirects you to another page freely out of the original website when accessed, usually integrated with a phishing attack.

URL shortening

Is a technique on the World Wide Web in which a Uniform Resource Locator (URL) may be made substantially shorter and still direct to the required page.


Service provider of domain names

Web Skimmer

Web skimming is when a malicious code is inserted into a payment page. Whenever the customer attempts to pay online, the malicious code will steal the payment information (card number, expiry date, holder namer, security code...) and send it to the attacker.

Zone files

A Domain Name System (DNS) zone file is a text file that describes a DNS zone. A DNS zone is a subset, often a single domain, of the hierarchical domain name structure of the DNS. The zone file contains mappings between domain names and IP addresses and other resources, organized in the form of text representations of resource records (RR)

Air Gap

Having a critical computer or machine in a physically isolated location as well as disconnecting it from the internet.

Bastion host

A host with very few services/applications running on it, usually put between the internal network and the internet. This point acts as a proxy and is the only entry point to the internal network.


Border Gateway Protocol used to exchange information about routing between AS Numbers.

BGP peers

When BGP runs between two peers in the same autonomous system (AS), it is referred to as Internal BGP (iBGP or Interior Border Gateway Protocol). When it runs between different autonomous systems, it is called External BGP (EBGP or Exterior Border Gateway Protocol).

BGP route

When BGP runs between two peers in the same autonomous system (AS), it is referred to as Internal BGP (iBGP or Interior Border Gateway Protocol). When it runs between different autonomous systems, it is called External BGP (EBGP or Exterior Border Gateway Protocol).

Black Hat SEO

In search engine optimization (SEO) terminology, Black Hat SEO refers to the use of aggressive SEO strategies, techniques and tactics that focus only on search engines and not a human audience, and usually does not obey search engines guidelines.

Blackbox Testing - Whitebox testing - Graybox Testing

The hacker does not know the in/outs of the IT infrastructure. Usually launches a full scale brute force attack to reveal vulnerabilities. Can be very time consuming.

Whitebox Testing

attacker has full knowledge and access to the source code and infrastructure. A more thorough test can be performed in this type of pen testing.

Graybox testing

Attacker has partial knowledge/access, and can focus on specific weaknesses and discover more as he moves along.


Botnet comprises of multiple Internet-connected devices, each of which is running one or more bots. Botnets may be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allows the attacker to access the device and its connection.

Bullet proof hosting

Bulletproof hosting (sometimes known as bulk-friendly hosting) is a service provided by some domain hosting or web hosting firms that allows their customer considerable leniency in the kinds of material they may upload and distribute.

C&C Command and Control

Command and control refers to the main server used by a DDoS attacker to control the botnets used in a DDoS attack.

CNAME Record

Canonical Name record used to specify a hostname that is an alias for another hostname.


Common Vulnerabilities and Exposures is a database that contains all known vulnerabilities. These vulnerabilities have been tagged by a specific code such as: CVE-2019-5736

Cyber espionage

The use of computer networks to gain illicit access to confidential information, typically that held by a government or other organization.

Cyber War

The use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of communication systems by another state or organization.


DomainKeys Identified Mail (DKIM) allows senders to associate a hidden signature with their emails, allowing receiving mailservers to verify their authenticity.


Domain-based Message Authentication, Reporting and Conformance (DMARC) is a mechanism used to aid validating emails, prevent spoofing, and provide reporting.

Dolphin Attack

An attack where hackers use ultrasonic frequencies to launch a voice command to phones to unlock them and steal information.

Doppelganger domain

A doppelganger domain is similar to typosquatting domain. It is a domain which is missing "." (dot) in a domain name. For example, an instance of Doppelganger domain for is (notice the missing dot). When the content on these domain matches branding and content of the original website, users are not able to tell the difference and are more likely to be tricked by an attacker (e.g., for credential harvesting or financial fraud).

Downgrade Attack

An attack in which the victim is negotiated into using older and more vulnerable security protocols, making it easier for the attacker to launch the attack.

Fast Flux

Fast flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies.

Inference Attack

An inference attack is a data mining technique used to illegally access information about a subject or database by analyzing data. This is an example of breached information security. Such an attack occurs when a user is able to deduce key or critical information of a database from trivial information without directly accessing it.

Inframe hijacking

Hijacking nested browsing context, effectively embedding another HTML page into the current page.


If you click on a link and find yourself at an unexpected website, you may have been ‘pagejacked’. This happens when someone steals part of a real website and uses it in a fake site. If they use enough of the real site, Internet search engines can be tricked into listing the fake site and people will visit it accidentally. The fake site could contain unwanted or offensive material. As an online merchant trading via a website, you need to know that your site isn’t being stolen in this way. Unfortunately you can’t prevent pagejacking; you can only deal with it after you know it’s a problem.

Pay Per Click (PPC)

An internet advertising model used to direct traffic to websites, in which advertisers pay the publishers


DNS poisoning to redirect legitimate internet traffic of your websites to a fraudulent page

Phishing Kits

Phishing kits are kits provided by hackers for people with basic computer skills to launch phishing attacks. The kit includes several items which make launching a wide scale phishing attack easy such as spamming software, source code, and script to launch the attack.

Potentially Unwanted Program

PUP is a program that piggybacks software downloaded by the user. It is an unwanted program that downloads with the user's consent such as spyware, adware, or toolbars for browsers.

Red Team - Blue Team

An exercise in which a system's security is tested by security experts. Red team is in charge of attacking and gaining access/control of an objective while the blue team is responsible for defending it. This exercise is meant to test the system and reveal vulnerabilites and measure the readiness of the security team responsible for defending it.

Reserved domains

Domain has been reserved via the dropcatcher service. Incase the user decides not to renew the domain, another person can take it.

Root Zone

Root Zone refers to the highest level of the Domain Name System (DNS) structure. It contains the names and the numeric IP addresses for all the top level domain names such as the gTLDs (.com, .net, .org, .jobs), and all the country code top level domains (ccTLDs), for example (.us, .uk .ph), including the entire list of all the root servers.


A form of social engineering where victims are tricked into thinking that their device is infected with a virus, encouraging them to download an anti virus software, which in fact is malicious.

Search Engine Optimization SEO

The process of affecting the visibility of a website or a web page in a search engine's unpaid results

Skill Squatting

An attack which takes advantage of speech recognition systems' errors. Example: A person with bad intent can create a malicious mobile application called Ramazon. When a user tries to install Amazon application on their phone using voice commands, the voice recognition system might hear "Ramazon" instead of "Amazon" and end up downloading the malicious application.


Start of Authority record containing administrative information about the resided zone and zone transfers.


Sender Policy Framework (SPF) helps prevent spoofing emails of the host by granting specified servers or IP addresses authorization to send emails from the host.


It is a technique used to hide the existence of a message, files, or any other information. For example, hiding a text message inside an image file to avoid being discovered (Data hidden within data).


Tactics (or Tools), Techniques, and Procedures is the behavior of attackers or adversaries in the cyber space. TTPs are usually deeply analyzed to understand how the adversary works and how to expect and prepare for future attacks.

Unified Threat Management

UTM is a software or hardware that combines several network security functions such as IDS/IPS, VPN, Firewall, Gateway Anti-Virus and others under one platform, making it easier to manage and monitor through a single interface.


Web Referral Log Analyzer: This is a simple tool, used for the early detection of Phish attacks. This tool extracts Suspicious URLs from the web server's referral logs, compares it with white list & sends the rest of the URL' to a specified email.

Zero-Day Vulnerability

A vulnerability in the system that the developer does not know about. These vulnerabilites are difficult to detect as they do not have a signature which anti malware or intrusion prevention systems depend on to find vulnerabilities. The vulnerability is called Zero-Day because it takes zero days for the first attack to occur since the vulnerability has been made public.