What are cyber security threats?
A cyber security threat is a type of threat that targets computer networks, systems, and user data. These threats can come in the form of malware, phishing, and other malicious activity.
A cyber security threat is a type of threat that targets computer networks, systems, and user data. These threats can come in the form of malware, phishing, and other malicious activity.
This page provides a guide to the most common types of cyber security threat, cyber attacks, and vulnerabilities.
Learn more about the scale and nature of cyber crime
Common cyber threats
Backdoor attacks
A backdoor attack is a type of cyber attack. The attacker uses this method to gain access to a system or network by bypassing security mechanisms. Once the attacker has gained access, they can then install malicious software or perform other malicious actions.
Formjacking
Formjacking is a type of cyber attack where malicious code is injected into a web page that uses a form. This then collects sensitive information (such as credit card details) from unsuspecting users who later enter it into the form. The stolen information is then sent to the attacker, who can use it for fraudulent purposes.
Learn more about formjacking
Cryptojacking
Cryptojacking is a type of cyber attack in which a criminal hacker hijacks a victim’s computer to mine cryptocurrency. The hacker typically does this by embedding malicious code in a website or email, which causes the victim’s computer to mine cryptocurrency without their knowledge or consent. This can slow down the victim’s computer and consume their electricity, which can lead to higher bills. In some cases, cryptojacking can also cause physical damage to the victim’s computer.
DDoS attacks
A DDoS (distributed denial-of-service) attack is a type of cyber attack. A malicious actor tries to disrupt a network by overwhelming it with traffic from multiple sources. This can be done by overloading the target with illegitimate requests or by sending a large amount of data to overload its systems.
Learn more about DDoS attacks
DNS poisoning attacks
DNS poisoning is a type of DNS attack where malicious actors change the records that a server uses to direct traffic to the right websites. This can cause the name server to return the wrong IP address for a given domain name, redirecting traffic intended for a legitimate website to the attacker’s website. DNS poisoning can be used to carry out a variety of attacks, including man-in-the-middle attacks, phishing attacks and malware distribution.
Malware
Malware is a type of software that is designed to harm a computer, server, or network. It can be used to steal information, delete files, or damage equipment. This includes:
-
Botnet software
Botnet software is a type of malware that allows attackers to control a network of infected computers, or ‘bots’. Botnets can be used to perform a variety of tasks, including launching attacks, stealing data, or sending spam.
-
Ransomware attack
Ransomware is a type of malware that encrypts a user’s files and demands a ransom be paid to decrypt them. Paying a ransom does not necessarily guarantee that you will be able to recover the encrypted data.
Learn more about ransomware
-
RATs
A RAT (remote-access Trojan) is a malware program that gives an attacker access to a victim’s computer. The attacker can then control the victim’s computer remotely, without the victim’s knowledge or consent. RATs are often used to spy on the victim, or to steal sensitive information from the victim’s computer.
-
Rootkits and bootkits
A rootkit is a type of malicious software that allows attackers to gain administrator-level access to a system. Rootkits can be used to stealthily install other malicious software on a system, such as viruses, Trojans and backdoors. They can also be used to hide the presence of other malware, such as botnets. Rootkits are often used by attackers to maintain access to a system after they have gained initial access.
Bootkits are a type of rootkit that can infect start-up code – the software that loads before the operating system.
-
Spyware
Spyware is a type of software that is installed on a computer without the user’s knowledge. It is designed to collect information about the user, such as their web browsing habits, and send it to the creator of the spyware.
-
Trojan
A Trojan is a type of malware that is designed to gain access to a computer by disguising itself as a legitimate file or program. Trojans can be used to steal personal information, install other forms of malware, or take control of a victim’s machine.
-
Viruses and worms
A computer virus is a piece of malicious code that is installed without the user’s knowledge. Viruses can replicate and spread to other computers by attaching themselves to other computer files.
Worms are like viruses in that they are self-replicating. However, they do not need to attach themselves to another program to do so.
Common cyber attacks
Cyber criminals deliver malware and other threats via cyber attacks. They might use the following:
Drive-by downloads
A drive-by download is a type of malicious code execution that occurs without the user’s knowledge or permission. This can happen when the user visits a malicious website or clicks a malicious link. Drive-by downloads can install malware on the user’s computer, steal sensitive information or allow the attacker to take control of the user’s computer.
Exploits and exploit kits
An exploit is a piece of malicious code that can compromise a security vulnerability. Many have been developed by the security services. For instance, in 2017, the WannaCry ransomware spread using an exploit known as EternalBlue. This exploit had been created by and stolen from the US National Security Agency.
Exploit kits are collections of multiple exploits. Available for rent on the dark web, they enable unskilled criminals to automate attacks on known vulnerabilities.
MITM attacks
An MITM (man-in-the-middle) attack occurs when a hacker inserts themselves between a device and a server to intercept communications.
MITM attacks often happen when a user logs on to an insecure public Wi-Fi network. Attackers can insert themselves between a visitor’s device and the network. The user will then unknowingly pass information through the attacker.
Phishing attacks
Phishing is a method of social engineering used to trick people into divulging sensitive or confidential information, often via email. Not always easy to distinguish from genuine messages, these scams can inflict enormous damage on organisations.
Learn more about phishing
Social engineering
Social engineering is used to deceive and manipulate victims to obtain information or gain access to their computer.
This is achieved by tricking users into clicking malicious links or by physically gaining access to a computer through deception.
Learn more about social engineering
SQL injection
An SQL (Structured Query Language) injection is when a user inputs SQL code into a web form to gain access to data that they are not supposed to have access to. This can be used to view data that is normally not viewable, delete data or even modify data.
Vulnerabilities
Vulnerabilities are the security flaws in your systems that cyber attacks exploit.
The top vulnerabilities are readily available online for the benefit of security professionals and criminal hackers alike.
All a criminal needs to be able to exploit them is a malware toolkit and an online tutorial. No coding knowledge is required.
Targeted attacks are more labour-intensive, but, again, rely on tools that are designed to exploit vulnerabilities.
Types of cyber security vulnerability include the following:
- Network vulnerabilities result from insecure operating systems and network architecture. This includes flaws in servers and hosts, misconfigured wireless network access points and firewalls, and insecure network protocols.
- Hardware vulnerabilities are exploitable weaknesses in computer hardware. Examples include the Spectre and Meltdown vulnerabilities found in processors designed by Intel, ARM and AMD. They affected almost every system, including desktops, laptops, servers, and smartphones.
- Software and application vulnerabilities include coding errors or software responding to certain requests in unintended ways. They include CSRF (cross-site request forgery) and XSS (cross-site scripting) vulnerabilities.
- Zero-day vulnerabilities are security flaws that have been discovered by criminals but are unknown to the software vendors, and therefore unpatched. The term refers to the number of days the vendor has to address the vulnerability. (Zero-day exploits are code that compromise zero-day vulnerabilities.)
Read more about patch management
Start your journey to being cyber secure today
IT Governance has a wealth of experience in the cyber security and risk management field. We have been carrying out cyber security projects for more than 15 years. We have worked with hundreds of private and public organisations in all industries. All our consultants are qualified and experienced practitioners.
Our services can be tailored for organisations of all sizes in any industry and location. Browse our wide range of products below to kick-start your cyber security project.