Cybersecurity threats

What are cybersecurity threats?

Cybersecurity threats are a broad category of attack vectors used to compromise digital systems for malicious intent. There is a subcategory of cyber threats that is unintentional, but most references refer to those spawned and deployed by those with nefarious objectives. 

Cyber threats are used by individuals and groups (e.g., crime syndicates, nation-state actors, and unscrupulous competitors). The end goal of cyber threats ranges from disruption and destruction to stealing money and sensitive information. 

The target of cyber threats is as wide and varied as organizations’ attack surfaces. Cyber threats target every digital access point. Common targets are networks, devices, applications, cloud services, databases, and people. 

Sources of cybersecurity threats

Mounting an effective defense against cybersecurity threats requires understanding who attackers are and their motivations.  

In general, cybersecurity threat actors are groups or individuals who exploit security vulnerabilities to gain unauthorized access to data, devices, systems, and networks. 

Motivations include siphoning processing power, exfiltrating or manipulating information, degrading network performance to disrupt services, and extorting ransom payments. Attacks target individuals and organizations. The attacks range from highly targeted to spray-and-pray attacks on large, disparate groups.  

Types of cyber attackers include the following. 

Criminal groups

Cybercriminals are usually driven by financial motivations. The degree of sophistication in the types of cybersecurity threats they pose varies greatly—from rudimentary to advanced persistent threats. In some cases, cybercrime syndicates produce and sell cyber attack kits or offer cyber attacks as a service, such as ransomware as a service.  

Hacktivists

Motivated by ideology, hacktivists pose a trick cybersecurity threat. Although generally not highly sophisticated, hacktivists often take random approaches and catch organizations off guard. Their objectives are usually to embarrass or shame an organization rather than seek financial gain or inflict physical or long-term damage beyond reputational scars. 

Malicious insiders

Malicious insiders’ motivations are mostly related to financial gain and revenge. Sometimes, their crimes are the result of extortion. The cybersecurity threats posed by malicious insiders can be devasting, since these threat actors come at the attack with specific knowledge of an organization’s operations and sometimes their security systems.  

Nation states 

These cybersecurity threats are very serious as they are usually well-funded and highly targeted. In general, nation-state attacks have geopolitical motivations.  

The motivations include espionage against governments, organizations, and individuals, disrupting critical infrastructure and systems, influencing and shaping public discourse, or developing botnets to support additional attacks.  

State-sponsored cybersecurity threats are usually perpetrated by the most sophisticated threat actors backed by extensive and dedicated resources.  

State-sponsored cyber threat actors may also pursue financially motivated threat activity. 

Types of cybersecurity threats

Cyber threats continually evolve. Below are examples of the most common types of cyber threats.   

Malware

Malware (malicious software) includes viruses, worms, trojans, spyware, adware, and ransomware. Between these various vectors, malware ranks as the most common cybersecurity threat.  

The usual points of entry for malware are through malicious links or email messages. Users click, the malware is activated, and the cybersecurity threat turns into an attack. 

• Adware
  Adware can be benign, albeit annoying, or malicious. Malware presents unwanted pop-up ads when users are browsing websites from computers or mobile devices.
• Ransomware
  Ransomware is one of the most feared cybersecurity threats. Once activated, ransomware encrypts files on users’ systems, rendering the information completely inaccessible and the systems useless. Attackers make demands, usually monetary, in exchange for decrypting the data.
• Spyware
  Spyware is a form of malware that embeds itself in devices. It monitors and transmits information about users’ activities. It is also used to steal sensitive information, such as credit card numbers and access credentials.
• Trojans
  Trojans are types of malicious code that pose as legitimate programs, such as applications or games. Trojans can also be embedded in email attachments. Once downloaded, the trojan is managed by an attacker and is used to control infected devices. 
• Viruses
  A computer virus is malicious code that spreads across devices through infected files. Viruses can be programmed to perform a variety of harmful functions.  
• Worms  
  Like computer viruses, worms can be programmed to perform various malicious functions. Unlike a virus, which requires a host to replicate, worms are self-replicating and can spread across systems without human intervention. 

Cloud vulnerabilities

Human error accounts for many cybersecurity threats related to cloud deployments. These include cloud misconfigurations, incomplete data deletion, and vulnerabilities in cloud applications. 

Corporate account takeover (CATO)

CATO is a type of cybersecurity threat that targets businesses. Attackers impersonate a legitimate user at an organization to gain access to business accounts. Once access has been gained, funds are transferred to the criminal’s account using unauthorized wire transfers or automated clearing house (ACH) transactions.   

Distributed denial-of-service attacks

A DDoS attack targets websites, overwhelming their servers with large volumes of traffic from different internet protocol (IP) addresses (sometimes hundreds of thousands in the form of a botnet) over a sustained period. The result is that websites are shut down, causing disruption and damage to an organization.   

Drive-by download attacks

A drive-by download attack occurs when an individual visits a malicious website. Unbeknownst to them, a piece of code (e.g., a Trojan or malware) is installed without their permission.   

Injection attacks

Injection attacks exploit different vulnerabilities to enable malicious code to be inserted into a web application’s code. The cybersecurity threats that come from an injection attack vary according to the type of malware used.  

Types of injection attacks include:   

• Code injections insert code into an application.   
• Cross-site scripting (XSS) inject malicious JavaScript into a web application. When the browser executes the code, the attacker redirects users to a malicious website or steals cookies to hijack the session.   
• LDAP injections alter Lightweight Directory Access Protocol (LDAP) queries.  
• OS command injections exploit a command injection vulnerability to input commands for the operating system to execute.   
• Structured Query Language (SQL) injections target SQL databases. 
• XML eXternal Entities (XXE) injections exploit inherent vulnerabilities in legacy XML parsers, allowing XML documents to execute code remotely and server-side request forgery (SSRF). 

Insider threats

Insider threats are a particularly challenging type of cybersecurity threat, because people use their knowledge of an organization’s inner workings to compromise systems or grant access to malicious outsiders. An insider threat can also be a person who, without malicious intent, exposes an organization to an attack (e.g., clicking infected files or links and falling for a phishing scam). 

IoT (internet of things) attacks

IoT devices are a major cybersecurity threat. These connected devices have notorious security vulnerabilities and are pervasive, making them a prime target for attackers.  

Cybercriminals compromise IoT devices and use them to gain access to networks and move laterally to expand their footprints and gain access to sensitive information and systems.

Man-in-the-middle attacks

With man-in-the-middle attacks, cybercriminals insert themselves in the middle of two-way communications and intercept incoming messages. The intent is to filter and steal information. Man-in-the-middle cybersecurity threats take various forms, including the following. 

• Email hijacking
  The attacker spoofs a legitimate email address and uses it to trick people into giving up sensitive information or transferring money to the attacker. Since the email appears legitimate, the user follows instructions. 
• DNS spoofing 
  When a domain name server (DNS) is spoofed, traffic is directed to a malicious website that is posing as a legitimate site. Or credentials and other sensitive information can be collected from the compromised site.   
• HTTPS spoofing 
  HTTPS spoofing takes advantage of users’ implicit trust in HTTPS domains (vs. HTTP). Also called an IDN (internationalized domain name) homograph attack, HTTPS spoofing entails tricking users into going to the attacker’s malicious site by modifying the name to look legitimate to users, such goog1e.com instead of google.com. 
• Internet protocol (IP) spoofing
  Another form of impersonation, IP spoofing attacks alter IP headers to make the address appear to be that of a trusted source. Instead, it is a malicious packet that is used to infiltrate systems. 
• Wi-Fi eavesdropping
  Attackers set up a Wi-Fi connection, leaving it open for unsuspecting users. Connections are then monitored, and sensitive data is recorded. 

Phishing

Phishing persists as one of the most effective types of cybersecurity threats. It exploits naïve, careless, or busy people, tricking them into compromising actions.  

Phishing attacks are usually launched through email, but are also perpetrated using voice calls (vishing) or text messages (smishing). Another form of phishing that is often used is spear phishing.  

With spear phishing, the attackers research specific targets in an organization (e.g., administrators and executives) and launch highly customized attacks. Other variations of phishing are clone phishing, evil twin phishing, URL phishing, and watering hole phishing.   

Social engineering attacks

In addition to phishing, other types of social engineering cybersecurity threats follow the same tactics. 

• Baiting 
  People are lured into a social engineering trap with the promise of something interesting or valuable, such as a free item.   
• Pretexting 
  Attackers trick people into giving up information under false pretenses, such as impersonating someone the person would respond to, such as a police officer, hospital staffer, IRS agent, bank, or credit card company.  
• Piggybacking or tailgating 
  An unauthorized person gains access to physical facilities by using an authorized person’s access mechanisms, such as following someone through a gated door under false pretenses (e.g., lost keycard or having their hands full). 

Supply chain attacks

In a supply chain attack, attackers access their target’s systems through third-party tools or services. This type of cybersecurity threat is challenging to detect, because the attackers infect legitimate applications with malware that is then distributed as part of the solution. 

 Vectors for supply chain attacks include: 

• Building tools
• Developers’ accounts 
• Development pipelines 
• Installation on physical devices 
• Software update mechanisms 
• Source code 

Third-party exposure 

Cybercriminals commonly target third-party organizations that provide services and have connections into larger companies. This cybersecurity threat is difficult, because the attackers compromise a third party and are able to gain legitimate access through authorized channels.    

Tools to fight cybersecurity threats

Following are examples of the many tools that can be used to fight cybersecurity threats. 

Antivirus software 

Antivirus software can be installed on systems to provide proactive protection from malware cybersecurity threats. It scans, detects, and removes malware, such as viruses, spyware, ransomware, Trojans, and worms.   

Databases and knowledge bases

Various groups collect data about cybersecurity threats, which can be accessed and used to shore up defenses and refine existing cybersecurity systems. Examples of these include: 

• ATT&CK   
  MITRE ATT&CK® is a global knowledge base of attackers’ tactics and techniques. It is based on real-world observations and used by governments, the private sector, and cybersecurity threat solution providers to develop threat models and methodologies. 
• National Vulnerability Database (NVD) by the National Institute of Standards and Technology (NIST)
  This is a centralized database of vulnerabilities in well-known, widely deployed systems and software. It helps organizations address commonly exploited, relatively easy-to-fix issues.  

Encryption software

Encryption software uses encryption algorithms (e.g., AES, DES, and RSA) to scramble data, rendering it unreadable without the decryption key. Data is usually encrypted when it is stored or transmitted to protect it from unauthorized access. 

Firewalls 

Firewalls monitor incoming and outgoing network traffic and filter malicious or suspicious items according to set security policies. 

Patch management software

Available as an installed solution or as a service, patch management software can be used to automate the installation of updates and patches. 

Penetration testing

Also referred to as pen testing and ethical hacking, penetration testing tools and services use software and people to probe applications and systems for vulnerabilities. Pen testing includes manual and automated scans and simulated attacks to uncover security gaps that adversaries can use to gain unauthorized access. 

Web vulnerability scanning tools

Web vulnerability scanning tools or vulnerability scanners continuously scan all types of web pages to detect security vulnerabilities, such as SQL injection, cross-site scripting (XSS), adware, and spyware. 

Zero trust security architecture

A zero-trust security architecture approach assumes that no user should be trusted. All users (i.e., people and machines) are required to validate their identities continuously.  

In addition, zero trust enforces the principle of least privilege access, limiting users to the minimum access necessary to perform their duties. Zero trust architecture also uses microsegmentation to keep sensitive information isolated. With a zero trust architecture, attack surfaces and potential points of unauthorized entry are reduced. 

Cyber threats should never be underestimated

Cybersecurity threats pose a risk to every organization, no matter the size or industry. Even a small organization can be valuable for cybercriminals as it can have sensitive data to steal or provide a point of entry to a larger target.  

The scale, sophistication, and impact of cybersecurity threats continue to grow. Organizations that enable effective defenses against cybersecurity threats are those that invest in detecting, assessing, and managing risks. These organizations continually evaluate their security posture and keep a keen eye out for ways to optimize their security systems and controls to address evolving cybersecurity threats. 

You might also be interested in: