Internal detection: When an organization independently discovers it has been compromised.
External detection: When an outside entity informs an organization it is has been compromised.
Dwell time: The number of days an attacker is present in a victim environment before they are detected.
Malware family: A program or set of associated programs with sufficient code overlap.
Malware category: A malware family’s primary purpose.
OS effectiveness of a malware family: The operating system(s) that the malware can be used against.
Hop points: Compromised systems to camouflage the attacker’s IP address without the knowledge of the systems’ owners. These systems belong to third-party victims who are compromised for access to infrastructure.