This glossary is from Learning Ransomware Response & Recovery by W. Curtis Preston and Dr. Mike Saylor. Browse all letters of the glossary or get the book.
Machine Learning – AI technology used in security tools to identify patterns and detect threats based on behavioral analysis.
Malware – Any software designed to cause harm, including viruses, worms, trojans, and ransomware.
Malwarebytes – Free security tool for scanning and removing malware from endpoints.
Master Boot Record (MBR) – Legacy boot sector format that can harbor malware loading before the operating system; replaced by GPT on modern systems.
Mean Time to Detect (MTTD) – Average time between when a security incident occurs and when it’s detected.
Mean Time to Respond (MTTR) – Average time between detecting a security incident and taking initial response actions.
Mean Time to Restore (MTTR) – Average time required to fully restore systems to normal operation after an incident.
Memory Dump – Snapshot of a computer’s RAM at a specific point in time, used for forensic analysis.
Memory Forensics – Analysis of memory dumps to extract evidence like encryption keys, processes, and network connections.
Metamorphic Code – Advanced malware that completely rewrites its code while maintaining the same functionality, evading signature-based detection.
Metasploit – Penetration testing framework with exploit modules, weaponized by attackers for reconnaissance and lateral movement.
MFA (Multi-Factor Authentication) – Security mechanism requiring multiple forms of verification beyond just a password to authenticate users.
Micro-isolation – Security technique that creates granular network controls between individual workloads or applications.
Micro-segmentation – Network security practice that divides networks into very small, isolated segments to limit attack spread.
MITRE ATT&CK – Framework documenting adversary tactics and techniques used in cyberattacks.
ML (Machine Learning) – AI subset where systems learn patterns from data to improve detection without explicit programming.
MOVEit – File transfer software with a 2023 zero-day vulnerability (CVE-2023-34362) exploited by Cl0p ransomware for supply chain attacks.
MSP (Managed Service Provider) – Third-party organizations providing IT services, monitoring, and management.
MSSP (Managed Security Service Provider) – Specialized providers offering 24/7 security monitoring, threat detection, and incident response.
MTTD (Mean Time to Detect) – Average time between when an attack begins and when it’s detected.
MTTR (Mean Time to Respond) – Average time between detection of an incident and full containment or resolution.
Multi-Factor Authentication (MFA) – Authentication requiring two or more verification factors (something you know, have, or are) to grant access.
Multiplexing – Backup technique that interleaves multiple data streams to maintain tape drive performance, though it complicates restoration.
Mutex – Synchronization object in operating systems (e.g., LOCKBIT_MTX, ALPHV_MTX) that prevents multiple instances of malware from running simultaneously.