To implement and maintain an appropriate level of cybersecurity, you need to understand the cyber threats your organization faces.
If terms such as ‘spear phishing’, ‘XSS/cross-site scripting’, ‘DDoS/distributed denial of service’ and ‘SQL injection’ leave you confused, read on.
This page provides a beginner’s guide to the most common types of cybersecurity threat, the cyber attacks that are used to deliver them, and the vulnerabilities that they attempt to exploit.
Common cyber threats
Backdoors allow remote access to computers or systems without users’ knowledge.
Cryptojacking is the malicious installation of cryptocurrency mining – or ‘cryptomining’ – software. This software illicitly harnesses the victim’s processing power to mine for cryptocurrency.
DDoS (distributed denial-of-service) attacks attempt to disrupt normal web traffic and take targeted websites offline by flooding systems, servers or networks with more requests than they can handle, causing them to crash.
DNS poisoning attacks
DNS (domain name system) poisoning attacks compromise DNS to redirect traffic to malicious sites. Affected sites are not ‘hacked’ themselves.
Malware is a broad term used to describe any file or program that is intended to harm or disrupt a computer. This includes:
Botnet software is designed to infect large numbers of Internet-connected devices. Some botnets comprise millions of compromized machines, each using a relatively small amount of processing power. This means it can be difficult to detect this type of malware, even when the botnet is running.
Ransomware is a form of malware that encrypts victims’ information and demands payment in return for the decryption key. Paying a ransom does not necessarily guarantee that you will be able to recover the encrypted data.
RATs (remote-access Trojans) are a type of malware that install backdoors on targeted systems to give remote access and/or administrative control to malicious users.
Rootkits and bootkits
Rootkits tend to comprise several malicious payloads, such as keyloggers, RATs and viruses, allowing attackers remote access to targeted machines.
Bootkits are a type of rootkit that can infect start-up code – the software that loads before the operating system.
Spyware is a form of malware used to illicitly monitor a user’s computer activity and harvest personal information.
A Trojan is a type of malware that disguises itself as legitimate software but performs malicious activity when executed.
Viruses and worms
A computer virus is a piece of malicious code that is installed without the user’s knowledge. Viruses can replicate and spread to other computers by attaching themselves to other computer files.
Worms are like viruses in that they are self-replicating. However, they do not need to attach themselves to another program to do so.RATs
Common cyber attacks
Cyber criminals deliver malware and other threats via cyber attacks. They might use the following:
Botnets are large networks of compromized computers, whose processing power is used without the user’s knowledge to carry out criminal activity. This can include distributing spam or phishing emails or carrying out DDoS attacks.
Drive-by downloads install malware when victims visit a compromized or malicious website. They don’t rely on unsuspecting users taking action, such as clicking on malicious email attachments or links, to infect them.
Exploits and exploit kits
An exploit is a piece of malicious code that can compromise a security vulnerability. Many have been developed by the security services. For instance, in 2017 the WannaCry ransomware spread using an exploit known as EternalBlue. This exploit had been developed by, and stolen from, the US National Security Agency.
Exploit kits are collections of multiple exploits. Available for rent on the dark web, they enable unskilled criminals to automate attacks on known vulnerabilities.
An MITM (man-in-the-middle) attack occurs when a hacker inserts themselves between a device and a server to intercept communications that can then be read and/or altered.
MITM attacks often happen when a user logs on to an insecure public Wi-Fi network. Attackers can insert themselves between a visitor’s device and the network. The user will then unknowingly pass information through the attacker.
Phishing is a method of social engineering used to trick people into divulging sensitive or confidential information, often via email.
Not always easy to distinguish from genuine messages, these scams can inflict enormous damage on organizations.
Social engineering is used to deceive and manipulate victims in order to obtain information or gain access to their computer.
This is achieved by tricking users into clicking malicious links or by physically gaining access to a computer through deception.
A SQL (Structured Query Language) injection occurs when an attacker inserts malicious code into a server that uses SQL. SQL injections are only successful when a security vulnerability exists in an application’s software. Successful SQL attacks will force a server to provide access to or modify data.
Vulnerabilities are the security flaws in your systems that cyber attacks exploit.
The top vulnerabilities are readily available online for the benefit of security professionals and hackers alike.
All a criminal needs to be able to exploit them is a malware toolkit and an online tutorial. There is no need for any coding knowledge whatsoever.
Targeted attacks are more labour-intensive, but, again, rely on tools that are designed to exploit vulnerabilities.
Types of cyber security vulnerability include the following:
Network vulnerabilities result from insecure operating systems and network architecture. This includes flaws in servers and hosts, misconfigured wireless network access points and firewalls, and insecure network protocols.
Hardware vulnerabilities are exploitable weaknesses in computer hardware. Examples include the Spectre and Meltdown vulnerabilities, which were found in processors manufactured by Intel, ARM and AMD. They affected almost every system, including desktops, laptops, servers, and smartphones.
Software and application vulnerabilities
Software and application vulnerabilities are flaws such as coding errors or software responding to certain requests in unintended ways. They include CSRF (cross-site request forgery) and XSS (cross-site scripting) vulnerabilities.
Zero-day vulnerabilities are security flaws that have been discovered by criminals but are unknown to, and therefore unpatched by, the software vendors. The term refers to the number of days the vendor has to address the vulnerability. (Zero-day exploits are code that compromise zero-day vulnerabilities.)
Start your journey to being cyber secure today
IT Governance has a wealth of experience in the cybersecurity and risk management field. We have been carrying out cybersecurity projects for more than 15 years and have worked with hundreds of private and public organizations in all industries. All our consultants are qualified and experienced practitioners.
Our services can be tailored for organizations of all sizes in any industry and location. Browse our wide range of products below to kick-start your cybersecurity project.