To implement and maintain an appropriate level of cybersecurity, you need to understand the cyber threats your organization faces.
If terms such as ‘spear phishing’, ‘XSS/cross-site scripting’, ‘DDoS/distributed denial of service’ and ‘SQL injection’ leave you confused, read on.
This page provides a beginner's guide to the most common cybersecurity threats, as well as the vulnerabilities that they exploit.
Common cyber threats
Backdoors allow remote access to computers or systems without users’ knowledge.
Cryptojacking is the malicious installation of cryptocurrency mining – or ‘cryptomining’ – software. This software illicitly harnesses the victim’s processing power to mine for cryptocurrency.
DDoS attacks aim to overload systems, servers, or networks with requests, making them crash and disrupting normal web traffic.
Read more: Can your organization withstand these 30 types of DDoS attacks?
DNS poisoning attacks
DNS (domain name system) poisoning attacks compromise DNS to redirect traffic to malicious sites. Affected sites are not ‘hacked’ themselves.
Malware is a broad term used to describe any file or program that is intended to harm or disrupt a computer. This includes:
Ransomware is a form of malware that encrypts victims’ information and demands payment in return for the decryption key.
Paying a ransom does not necessarily guarantee that you will be able to recover the encrypted data.
Read more: 5 Tips to Protect Against Ransomware
Remote-access Trojans (RATs) are malware that allows an attacker to take control of a victim's computer. The attacker can then access the victim's files, install additional software, and even spy on the victim through the webcam. RATs are often spread through email attachments or infected websites.
Rootkits & Bootkits
Rootkits tend to comprise several malicious payloads, such as keyloggers, RATs and viruses, allowing attackers remote access to targeted machines.
Bootkits are a type of rootkit that can infect start-up code – the software that loads before the operating system.
Spyware is a form of malicious software used to illicitly monitor a user’s computer activity and harvest personal information.
A Trojan is a type of malware that disguises itself as legitimate software but performs malicious activity when executed.
Viruses & Worms
A computer virus is a piece of malicious code that is installed without the user’s knowledge.
Viruses can replicate and spread to other computers by attaching themselves to other computer files.
Worms are like viruses in that they are self-replicating. However, they do not need to attach themselves to another program to do so.
Common cyber attacks
Cyber criminals deliver malware and other threats via cyber attacks. They might use the following attack vectors:
Botnets are large networks of compromized computers, whose processing power is used without the user’s knowledge to carry out criminal activity. This can include distributing spam or phishing emails or carrying out DDoS attacks.
Drive-by downloads install malware when victims visit a compromized or malicious website. They don’t rely on unsuspecting users taking action, such as clicking on malicious email attachments or links, to infect them.
Exploits & Exploit Kits
An exploit is a piece of malicious code that can compromise a security vulnerability. Many have been developed by the security services.
For instance, in 2017 the WannaCry ransomware spread using an exploit known as EternalBlue. This exploit had been developed by, and stolen from, the US National Security Agency.
Exploit kits are collections of multiple exploits. Available for rent on the dark web, they enable unskilled criminals to automate attacks on known vulnerabilities.
A man-in-the-middle attack is a type of cyber attack where a malicious actor inserts themselves into a conversation between two parties, usually to eavesdrop or steal data.
Phishing is a method of social engineering used to trick people into divulging sensitive or confidential information, often via email.
Not always easy to distinguish from genuine messages, these scams can inflict enormous damage on organizations.
Read more: Can you spot the 5 kinds of phishing attack?
Social engineering is used to deceive and manipulate victims to obtain information or gain access to their computer.
This is achieved by tricking users into clicking malicious links or by physically gaining access to a computer through deception.
A SQL (Structured Query Language) injection occurs when an attacker inserts malicious code into a server that uses SQL.
SQL injections are only successful when a security vulnerability exists in an application’s software. Successful SQL attacks will force a server to provide access to or modify data.
Vulnerabilities are the security flaws in your systems that cyber attacks exploit.
The top vulnerabilities are readily available online for the benefit of security professionals and hackers alike.
All a criminal needs to be able to exploit them is a malware toolkit and an online tutorial. There is no need for any coding knowledge whatsoever.
Targeted attacks are more labour-intensive, but, again, rely on tools that are designed to exploit vulnerabilities.
Types of cyber security vulnerability include the following:
Network vulnerabilities result from insecure operating systems and network architecture. This includes flaws in servers and hosts, misconfigured wireless network access points and firewalls, and insecure network protocols.
Hardware vulnerabilities are exploitable weaknesses in computer hardware. Examples include the Spectre and Meltdown vulnerabilities, which were found in processors manufactured by Intel, ARM and AMD. They affected almost every system, including desktops, laptops, servers, and smartphones.
Software and application vulnerabilities
Software and application vulnerabilities are flaws such as coding errors or software responding to certain requests in unintended ways. They include CSRF (cross-site request forgery) and XSS (cross-site scripting) vulnerabilities.
Zero-day vulnerabilities are security flaws that have been discovered by criminals but are unknown to, and therefore unpatched by, the software vendors. The term refers to the number of days the vendor has to address the vulnerability. (Zero-day exploits are code that compromise zero-day vulnerabilities.)
Start your journey to being cyber secure today
IT Governance has a wealth of experience in the cybersecurity and risk management field. We have been carrying out cybersecurity projects for more than 15 years and have worked with hundreds of private and public organizations in all industries. All our consultants are qualified and experienced practitioners.
Our services can be tailored for organizations of all sizes in any industry and location. Browse our wide range of products below to kick-start your cybersecurity project.