Essential Threat Reference

Ransomware is a type of malicious software that blocks access to a computer system or data, usually by encrypting it, until the victim pays a fee to the attacker. In many cases, the ransom demand comes with a deadline—if the victim doesn’t pay in time, the data is gone forever.

Impostor emails trick people into sending money—sometimes hundreds of thousands of dollars in a single wire transfer—or sensitive corporate or personal data. They appear to come from the CEO or other high-level executive and urge the recipient to keep the details confidential.   

Scammers want information, and they try to extract it by tricking recipients of emails. The information they collect could be an organization chart - or as significant as usernames and passwords to corporate resources. 

Spam, also known as Unsolicited Commercial Email (UCE), is often questionable, mass-emailed advertisements. At its peak, spam accounted for 92% of all email traffic, and most of the spam was non-malicious.

Attackers attach files to email that indirectly launch an executable program that can destroy data, steal and upload information to outsiders, or can silently use the infiltrated computer for other tasks – all without the user’s knowledge.

Phishing is a socially engineered attack that uses embedded URL links to extract information from the user or take control of their computer. Clicking on a link opens a browser, and the user is taken to a site that’s been setup as a trap by the attackers.

Mass customized phishing messages that are typically engineered to look like they are only arriving in small quantities, mimicking targeted attacks. Attackers leverage approaches used by mass marketing campaigners to generate millions of dissimilar messages.

A targeted attack designed to compromise users within a specific industry or function by infecting websites they typically visit and luring them to a malicious site. Watering Hole attacks, or strategic website compromise attacks, are limited in scope as they rely on an element of luck. 

Socially-engineered and sophisticated threats sent to an organization’s users that are typically designed to steal information. Spear phishing is a phishing attack where attackers typically personalize messages to the user based on publicly available information about them.

Mostly nation-state-sponsored attacks aimed at compromising an organization to carry out espionage or sabotage goals, but which aim to remain undetected for a longer period of time. The term Advanced Persistent Threat (APT) is often misused.

Attackers can use strategies such as leaving an infected USB drive around the organization’s parking lot in anticipation that an employee will pick it up and plug it into a network connected system. 
 

To execute a successful network attack, attackers must typically actively hack a company’s infrastructure to exploit software vulnerabilities that allow them to remotely execute commands on internal operating systems. 

Graymail is bulk email that does not fit the definition of spam because it is solicited and has varying value to different recipients.