Decoding Threat Intelligence: A Glossary

The Language of Threat Intelligence

Threat intelligence is a vast and evolving field that encompasses a wide range of concepts, methodologies, and terminologies. Whether you are a cybersecurity professional, an analyst, or someone looking to enhance your understanding of the domain, being familiar with key terms is essential. However, the sheer number of acronyms and technical jargon used in threat intelligence can often be overwhelming and difficult to keep up with. 

To simplify this, here is a list of some of the most commonly used terms in threat intelligence, along with their definitions, to provide clarity and improve understanding. 

1. APT (Advanced Persistent Threat): A sophisticated, highly motivated threat actor known for conducting technically complex attacks. They are often state-sponsored and use advanced techniques to infiltrate and maintain access to a target’s network without detection.  

2. The Dark Web: A part of the internet that is not indexed by standard search engines and requires specialised software, such as Tor, to access. It is often associated with illicit activities, but it is also used for privacy-focused communications.  

3. Data Breach: An incident in which unauthorised individuals gain access to sensitive, confidential, or protected data, often leading to financial, reputational, or legal consequences for affected organisations.  

4. Data Brokers: Companies or entities that collect, aggregate, and sell personal and business-related data, often obtained from public records, online activities, and third-party sources.  

5. Data Leak: The accidental or unintentional exposure of sensitive information, often due to misconfigurations, human error, or security vulnerabilities, rather than a deliberate cyberattack.  

6. Distributed Denial-of-Service (DDoS) Attack: A cyberattack that overwhelms a network, service, or website with excessive traffic from multiple sources, causing disruptions or making it inaccessible to legitimate users.  

7. Extortion Groups: Cybercriminal organisations that use threats, such as ransomware, data leaks, or denial-of-service attacks, to demand payment or other concessions from victims.  

8. Fraud: Any deceptive or dishonest act intended to gain financial or personal advantage, often involving identity theft, payment frauds, or business email compromise.  

9. Geopolitics: The influence of political, economic, and security-related factors on global relations, often shaping cyber threats, nation-state cyber activities, and cybersecurity policies.  

10. Indicator of Compromise (IOC): Pieces of evidence, such as IP addresses, file hashes, or malicious domains, that signal a potential security breach or cyberattack.  

11. Malware: Malicious software designed to disrupt, damage, or gain unauthorised access to computer systems, including viruses, trojans, ransomware, and spyware.  

12. MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Framework: A globally accessible knowledge base that categorises adversary tactics and techniques used in cyberattacks, helping organisations strengthen their security defences.  

13. Phishing: A social engineering attack where cybercriminals impersonate legitimate entities to trick individuals into disclosing sensitive information, such as login credentials or financial details, typically via deceptive emails, messages, or websites.  

14. Ransomware-as-a-Service (RaaS): A cybercriminal business model where ransomware developers lease their malware to affiliates, who then deploy it against victims in exchange for a share of the ransom payments.  

15. Security Information and Event Management (SIEM): A security solution that collects, analyses, and correlates data from multiple sources within an organisation to detect, investigate, and respond to security threats in real-time.  

16. Supply Chain Attack: A cyberattack that targets an organisation by compromising its suppliers, vendors, or service providers to gain unauthorised access to its systems or data.  

17. Third-Party Risk: The potential security threats posed by external vendors, partners, or service providers that have access to an organisation’s systems or data.  

18. Threat Actors: Individuals or groups responsible for cyberattacks, ranging from lone hackers and cybercriminal gangs to nation-state-sponsored entities.  

19. TTPs (Tactics, Techniques, and Procedures): The strategies and methods used by cybercriminals to conduct attacks, including how they gain access, move laterally within networks, and exfiltrate data.  

20. Zero-Day Attack: A cyberattack that exploits a previously unknown vulnerability in software or hardware before the vendor has had an opportunity to develop and release a fix or patch. 

Understanding these key threat intelligence terms is essential for staying informed about the evolving cyber threat landscape. As cybercriminal tactics continue to grow more sophisticated, having a solid grasp of these concepts can help individuals and organisations enhance their security posture and mitigate risks effectively. 

For regular updates on the latest threat intelligence insights, emerging cyber threats, and expert analysis, follow Cyjax on LinkedIn. To learn more about our intelligence-led cybersecurity solutions and how we can support your organisation in staying ahead of threats, explore our full range of capabilities.