Phishing via SMS: mass text messages sent to users asking for sensitive information (e.g. bank details) or encouraging them to visit a fake website.
A type of malware or virus disguised as legitimate software, that is used to hack into the victim's computer.
2FA is the use of two different components to verify a user's claimed identity. Also more generally known as multi-factor authentication.
An encrypted network often created to allow secure connections for remote users, for example in an organisation with offices in multiple locations.
Virtualisation is the creation of a virtual (rather than actual) version of something, such as an operating system, server or storage device. Storage Virtualisation is the pooling of physical storage from multiple network storage devices into what appears to be a single storage device that is managed from a central console.
Programs which can self-replicate and are designed to infect legitimate software programs or systems. A form of malware.
A devastating global cyber attack that crippled computers in hospitals across the UK has cost the NHS ¬£92m.
The so-called WannaCry hack, which shut down hundreds of thousands of computers around the world with messages from hackers demanding ransom payments, hit a third of hospital trusts and 8 per cent of GP practices. Around 1 per cent of all NHS care was disrupted over the course of a week.
The hack caused more than 19,000 appointments to be cancelled, costing the NHS ¬£20m between 12 May and 19 May and ¬£72m in the subsequent cleanup and upgrades to its IT systems.
The cyber attack caused 200,000 computers to lock out users with red-lettered error messages demanding the cryptocurrency Bitcoin. The attack was blamed on elite North Korean hackers after a year-long investigation.
At the time of the attacks, the NHS was criticised for using outdated IT systems, including Windows XP, 17 year-old operating system that could be vulnerable to cyber attacks.
See also: ransomeware.
Setting up a fake website (or compromising a real one) in order to exploit visiting users.
Highly targeted phishing attacks (masquerading as a legitimate emails) that are aimed at senior executives.
Authorising or allowing approved connections or applications in order to protect systems from potential harm.
The opposite of blacklist(ing) q.v.
Note: Using 'black' and 'white' to show approval status is now regarded as pejorative. The NCSC has stopped using terms based on colour and other organisations should also deprecate avoid them.
See also: Allowlisting and Denylisting