Last Updated: 12th September, 2019
A cyber or cyber security threat is a malicious act targeted at damaging information, stealing information, or generally disrupting digital life. Threats such as computer viruses, information breaches, and Denial of Service (DDoS) attacks include cyber attacks.
Cyber security threats are growing in frequency, diversity and complexity. A review of top 21 cyber security threats and how to gain the information you need to defend against them.
Table Of Contents
- What Are Cyber Security Threats?
- 21 Types Of Cyber Security Threats: DDoS, MitM, Social Engineering, ETC.
- Usual Sources Of Cyber Threats
- Cyber Threats Prioritization: The OWASP Threat Model
- Employing Threat Intelligence For Threat Prevention
What Are Cyber Security Threats?
Cyber security threats reflect the risk of experiencing a cyber attack. A cyber attack is an intentional and malicious effort by an organization or an individual to breach the systems of another organization or individual. The attacker’s motives may include information theft, financial gain, espionage, or sabotage.
21 Types Of Cyber Security Threats: DDoS, MitM, Social Engineering, ETC.
Distributed Denial Of Service (DDoS)
The objective of a denial of service (DDoS) attack is to overwhelm the resources of a target system and cause it to stop functioning, denying access to its users. Distributed denial of service (DDoS) is a variant of DoS in which attackers compromise a large number of computers or other devices, and use them in a coordinated attack against the target system.
DDoS attacks are often used in combination with other cyber threats. These attacks may launch a denial of service (DDoS) to capture the attention of security staff and create confusion, while they carry out more subtle attacks aimed at stealing data or causing other damage.
Methods of DDoS attacks include:
- Botnets – Systems under hacker control that have been infected with malware. Attackers use these bots to carry out DDoS attacks. Large botnets can include millions of devices and can launch attacks at devastating scale.
- Smurf Attack – Sends Internet Control Message Protocol (ICMP) echo requests to the victim’s IP address. The ICMP requests are generated from ‘spoofed’ IP addresses. Attackers automate this process and perform it at scale to overwhelm a target system.
- TCP SYN Flood Attack – Attacks flood the target system with connection requests. When the target system attempts to complete the connection, the attacker’s device does not respond, forcing the target system to time out. This quickly fills the connection queue, preventing legitimate users from connecting.
The following two attacks are less common today, as they rely on vulnerabilities in the internet protocol (IP) which have been addressed on most servers and networks.
- Teardrop Attack – Causes the length and fragmentation offset fields in IP packets to overlap. The targeted system tries to reconstruct packets, but fails, which can cause it to crash.
- Ping Of Death Attack – Pings a target system using malformed or oversized IP packets, causing the target system to crash or freeze.
Man-In-The-Middle Attack (MiTM)
When users or devices access a remote system over the internet, they assume they are communicating directly with the server on the target system. In a MitM attack, attackers break this assumption, placing themselves in between the user and the target server.
Once the attacker has intercepted communications, they may be able to compromise a user’s credentials, steal sensitive data and return different responses to the user.
MitM attacks include:
- Session Hijacking – An attacker hijacks a session between a network server and a client. The attacking computer substitutes its IP address for the IP address of the client in MitM. The server believes it is corresponding with the client and continues the session in MitM.
- Replay Attack – A cyber criminal eavesdrops in MitM on network communication and replay the messages at a later time, pretending to be the user. Replay attacks have been largely mitigated by adding timestamps to network communications in case of MitM.
- IP Spoofing – An attacker convinces a system that it is corresponding with a trusted, known entity. The system thus provides the attacker with access. The attacker forges its packet with the IP source address of a trusted host, rather than its own IP address.
- Eavesdropping Attack – Attackers leverage insecure network communication to access transferred data from both client and server. These MitM attacks are difficult to detect because network transmissions appear to act normally.
Social Engineering Attacks
Social engineering attacks work by psychologically manipulating users into performing actions desirable to an attacker, or divulging sensitive information.
The attacks on social engineering include:
- Phishing – Attackers send fraudulent correspondence that seems to come from legitimate sources, usually via email. The email may urge the user to perform an important action or click on a link to a malicious website, leading them to hand over sensitive information to the attacker, or expose themselves to malicious downloads. Phishing emails may include an email attachment infected with malware.
- Spear Phishing – A variant of phishing in which attackers specifically target individuals with security privileges or influence, such as system administrators or senior executives.
- Homograph Attacks – Attackers create fake websites with very similar web addresses to a legitimate website. Users access these fake websites without noticing the slight difference in URL and may submit their credentials or other sensitive information to an attacker.
Malware And Spyware Attack
Attacks use many methods to get malware into a user’s device. Users may be asked to take an action, such as clicking a link or opening an attachment. In other cases, malware uses vulnerabilities in browsers or operating systems to install themselves without the user’s knowledge or consent.
Once malware is installed, it can monitor user activities, send confidential data to the attacker, assist the attacker in penetrating other targets within the network, and even cause the user’s device to participate in a botnet leveraged by the attacker for malicious intent.
The attacks on social engineering include:
- Trojan Virus – Tricks a user into thinking it is a harmless file. A Trojan can launch an attack on a system and can establish a backdoor, which attackers can use.
- Ransomware – Prevents access to the data of the victim and threatens to delete or publish it unless a ransom is paid.
- Malvertising – Online advertising controlled by hackers, which contains malicious code that infects a user’s computer when they click or even just view the ad. Malvertising has been found on many leading online publications.
- Wiper Malware – Intends to destroy data or systems, by overwriting targeted files or destroying an entire file system. Wipers are usually intended to send a political message or hide hacker activities after data exfiltration.
- Drive-By Downloads – Attackers can hack websites and insert malicious scripts in PHP or HTTP code on a page. When users visit the page, malware is directly installed on their computer; or the attacker’s script redirects users to a malicious site, which performs the download. Drive-by downloads rely on vulnerabilities in browsers or operating systems.
- Rogue Security Software – Pretend to scan for malware and then regularly show the user fake warnings and detection. Attackers may ask the user to pay to remove the fake threats from their computer or to register the software. Users who comply transfer their financial details to an attacker.
A hacker can gain access to the password information of an individual by ‘sniffing’ the connection to the network, using social engineering, guessing, or gaining access to a password database. An attacker can ‘guess’ a password in a random or systematic way.
Passwords attacks include:
- Brute-Force Password Guessing – An attacker uses software to try many different passwords, in the hope of guessing the correct one. The software can use some logic for trying passwords related to the name of the individual, their job, their family, etc.
- Dictionary Attack – A dictionary of common passwords is used to gain access to the computer and network of the victim. One method is to copy an encrypted file that has the passwords, apply the same encryption to a dictionary of regularly used passwords, and contrast the findings.
Advanced Persistent Threats (APT)
When an individual or group gains unauthorized access to a network and remains undiscovered for an extended period of time, attackers may exfiltrate sensitive data, deliberately avoiding detection by the organization’s security staff. APTs require sophisticated attackers and involve major efforts, so they are typically launched against nation states, large corporations or other highly valuable targets.
Usual Sources Of Cyber Threats
It is essential to know whoever the threat player is when identifying a cyber threat, along with their tactics, techniques and procedures (TTP). Usual sources of cyber threats include:
- State-Sponsored – Cyber attacks by countries can disrupt communications, military activities, or other services that citizens use daily.
- Terrorists – Terrorists may attack the government or military targets, but at times may also target civilian websites to disrupt and cause lasting damage. Industrial spies-organized crime and international corporate spies carry out industrial espionage and monetary theft. Their prime motivation is money.
- Organized Crime Groups – Criminal groups infiltrate systems for monetary gain. Organized crime groups use phishing, spam and malware to carry out identity theft and online fraud.
- Hackers – There is a massive international hacker demographic, varying from beginner “script kiddies” or pre-made tool-kits to advanced operators capable of developing new kinds of threats and ignoring organizational defenses.
- Hacktivists – Hacktivists are hackers who, for political or ideological purposes rather than economic gain, penetrate or break systems.
- Malicious Insider – Insiders face a very severe danger because they already have access to corporate systems and understanding of target structures and sensitive information. Insider threats can be devastating and very difficult to detect.
- Cyber Espionage – It is a form of cyber attack that steals classified, or sensitive intellectual data to gain an advantage over a competitor company or government entity.
Cyber Threats Prioritization: The OWASP Threat Model
The number of cyber threats is increasing quickly, and organizations are unable to adapt to them at all. To help prioritize cyber security efforts, OWASP has developed a model for evaluating cyber threats, summarized as follows:
Risk = Likelihood + Impact
Consider the likelihood of a cyber threat – how easy is it for attackers to carry out an attack? Are there any attackers out there with the relevant skills? How likely are you able to detect and mitigate the threat?
In addition, consider the impact of the threat – how sensitive are the systems likely to be affected, how valuable and sensitive is the data that may be lost, and in general what would the financial or the reputation impact of an attack be?
By combining the likelihood with impact, you can identify threats that are significant for your organization and ensure you are protected.
Employing Threat Intelligence For Threat Prevention
There is structured threat intelligence, pre-analyzed data on attacks that could damage an enterprise. Threat intelligence enables enterprises to perceive existing cyber threats or future threats. More and more information security personnel have around threat players, their capacities, infrastructure, and intentions, the better they are able to protect their organization.
In combination with many other security tools, threat intelligence systems are usually used. Whenever a security system recognizes a threat, threat intelligence information can be cross-referenced to interpret instantly the magnitude of the problem, its severity, and defined techniques to mitigate or prevent the threat.
Threat intelligence may help block threats automatically in several cases – for instance, known malicious IP addresses can all be fed into a firewall to block traffic from breached servers automatically.
Threat intelligence is typically provided in the form of feeds. There are free threat intelligence feeds, and others provided by commercial security research bodies.
Several companies offer additional threat intelligence platforms with countless threat intelligence channels and enable monitoring and integrate threat information with several other security solutions.