Top Cybersecurity Threats in 2022

Backdoors

Backdoors allow remote access to computers or systems without users’ knowledge.

Cryptojacking

Cryptojacking is the malicious installation of cryptocurrency mining – or ‘cryptomining’ – software. This software illicitly harnesses the victim’s processing power to mine for cryptocurrency.

DDoS attacks

DDoS attacks aim to overload systems, servers, or networks with requests, making them crash and disrupting normal web traffic.

Read more: Can your organization withstand these 30 types of DDoS attacks?

DNS poisoning attacks

DNS (domain name system) poisoning attacks compromise DNS to redirect traffic to malicious sites. Affected sites are not ‘hacked’ themselves.

Formjacking

Formjacking is the process of inserting malicious JavaScript code into online payment forms to harvest customers’ card details.

Malware

Malware is a broad term used to describe any file or program that is intended to harm or disrupt a computer. This includes:

Ransomware Attacks

Ransomware is a form of malware that encrypts victims’ information and demands payment in return for the decryption key.

Paying a ransom does not necessarily guarantee that you will be able to recover the encrypted data.

Read more: 5 Tips to Protect Against Ransomware

• Remote-access Trojans

  Remote-access Trojans (RATs) are malware that allows an attacker to take control of a victim's computer. The attacker can then access the victim's files, install additional software, and even spy on the victim through the webcam. RATs are often spread through email attachments or infected websites.

• Rootkits & Bootkits

  Rootkits tend to comprise several malicious payloads, such as keyloggers, RATs and viruses, allowing attackers remote access to targeted machines.

  Bootkits are a type of rootkit that can infect start-up code – the software that loads before the operating system.

• Spyware

  Spyware is a form of malicious software used to illicitly monitor a user’s computer activity and harvest personal information.

• Trojans

  A Trojan is a type of malware that disguises itself as legitimate software but performs malicious activity when executed.

• Viruses & Worms

  A computer virus is a piece of malicious code that is installed without the user’s knowledge.

  Viruses can replicate and spread to other computers by attaching themselves to other computer files.

  Worms are like viruses in that they are self-replicating. However, they do not need to attach themselves to another program to do so.

Botnets

Botnets are large networks of compromized computers, whose processing power is used without the user’s knowledge to carry out criminal activity. This can include distributing spam or phishing emails or carrying out DDoS attacks.

Drive-by Downloads

Drive-by downloads install malware when victims visit a compromized or malicious website. They don’t rely on unsuspecting users taking action, such as clicking on malicious email attachments or links, to infect them.

Exploits & Exploit Kits

An exploit is a piece of malicious code that can compromise a security vulnerability. Many have been developed by the security services.

For instance, in 2017 the WannaCry ransomware spread using an exploit known as EternalBlue. This exploit had been developed by, and stolen from, the US National Security Agency.

Exploit kits are collections of multiple exploits. Available for rent on the dark web, they enable unskilled criminals to automate attacks on known vulnerabilities.

MITM Attacks

A man-in-the-middle attack is a type of cyber attack where a malicious actor inserts themselves into a conversation between two parties, usually to eavesdrop or steal data.

Phishing Attacks

Phishing is a method of social engineering used to trick people into divulging sensitive or confidential information, often via email.

Not always easy to distinguish from genuine messages, these scams can inflict enormous damage on organizations.

Read more: Can you spot the 5 kinds of phishing attack?

Social Engineering

Social engineering is used to deceive and manipulate victims to obtain information or gain access to their computer.

This is achieved by tricking users into clicking malicious links or by physically gaining access to a computer through deception.

SQL Injections

A SQL (Structured Query Language) injection occurs when an attacker inserts malicious code into a server that uses SQL.

SQL injections are only successful when a security vulnerability exists in an application’s software. Successful SQL attacks will force a server to provide access to or modify data.

Network vulnerabilities

Network vulnerabilities result from insecure operating systems and network architecture. This includes flaws in servers and hosts, misconfigured wireless network access points and firewalls, and insecure network protocols.

Hardware vulnerabilities

Hardware vulnerabilities are exploitable weaknesses in computer hardware. Examples include the Spectre and Meltdown vulnerabilities, which were found in processors manufactured by Intel, ARM and AMD. They affected almost every system, including desktops, laptops, servers, and smartphones.

Software and application vulnerabilities

Software and application vulnerabilities are flaws such as coding errors or software responding to certain requests in unintended ways. They include CSRF (cross-site request forgery) and XSS (cross-site scripting) vulnerabilities.

Zero-day vulnerabilities

Zero-day vulnerabilities are security flaws that have been discovered by criminals but are unknown to, and therefore unpatched by, the software vendors. The term refers to the number of days the vendor has to address the vulnerability. (Zero-day exploits are code that compromise zero-day vulnerabilities.)