10 Cyber Security Threats and Risks to Avoid

Cyber security threat facts at a glance

Did you know that:

• A cyber attack is executed every 39 seconds?
• 95% of all data breaches are caused by human error?
• Most companies take almost 6 months to detect a breach?
• There has been a 300% increase in reported cyber crimes since COVID-19?
• An average cyber attack results in $3.9 million in damages?

(Source for the above: Cybint)

With that out of the way, these are the cyber attack threats and security risks to look out for:

1. Malware

Malware is a malicious type of code or scripting that remains one of the most prominent cyber security  threats in the digital landscape. In a typical scenario, a malware infection occurs when the victim is tricked into opening a suspicious document or link that executes the malicious program.

Provided the infection is successful, the malware can then:

• Delete, corrupt, or encrypt your files
• Download additional payload
• Steal data
• Grant backdoor system access to an unauthorized third-party
• Spy on you
• Crash the operating system
• etc.

There are several types of malware that generally falls into the following categories:

Trojans

Trojans are one of the sneakiest computer security threats because this type of malware is usually bundled as part of another program or software with useful functionality. In other words, the victim doesn’t need much convincing to execute it. A key differentiating characteristic from viruses is that trojans don’t have the tendency to replicate themselves.

Spyware

Spyware is the type of malware that is specifically designed to spy on its victim and their activities. It can also extract information about their operating system and software, analyze their browsing habits, and send sensitive data back to its creator. In certain situations, this can lead to blackmailing, extortion, etc.

Worms

Unlike typical malware, these utilize a “shotgun approach”, meaning they rarely target any particular victim. The objective of a worm is to replicate and propagate itself across networks. Commonly distributed via infected email attachments, once being able to affect the target device, worms will attempt to scan the victim’s contact list to send emails with infected attachments to whoever they can.

In some instances, worms are the IT security weapon of choice when it comes to launching a DDoS attack or overloading an email server.

Viruses

Viruses are one of the most traditional forms of malware. After infecting the device, viruses will attempt to replicate themselves to infect others. They can also attach themselves to another file.

Whenever the recipient of the infected file launches it, the malicious code gets executed and infects their machine.

Ransomware

Out of every type of malware listed, ransomware is arguably one of the most fearsome cyber security threats  in existence because it takes file access away from the rightful owner. Once the infection has taken place, instead of the regular file, the victim is met with an encrypted version that’s inaccessible without the proper decryption key.

Typically, the attackers are looking to extort a ransom in Bitcoin or other untraceable cryptocurrencies in exchange for the key. The problem is, nothing binds them to honor the deal even if they manage to get paid, so it’s NOT recommended to comply.

2. Denial of Service attacks

Due to their disruptive nature, Denial of Service attacks (or DoS for short) is one of the most prominent internet threats. The basic premise is trying to flood the target computer network with pointless traffic with the sole purpose of destabilizing it and rendering it unresponsive to legitimate requests.

A Distributed Denial of Service attack (DDoS for short) follows a similar objective, with the only difference being the fact the attack originates from several sources rather than just a single network. Oftentimes, botnets are used to facilitate the attack, which is an industry term for infected devices that carry out the will of whoever controls them. Since botnets can originate from different regions across the globe, they can be hard to trace.

3. Man in the Middle attacks

Main in the Middle (MitM) attacks involve an unauthorized third-party intercepting the communication between the client and the server. Unless it’s encrypted, the attacker can filter and read any data that’s exchanged, whether it be in text, audio, video, or other formats.

This usually happens when an unsuspecting individual tries to connect to public Wi-Fi that tends to lack in security (since anyone can connect to it). A MitM attack can also be executed with the help of malware of phishing. Since these types of cyber threats tend to be hard to detect, several paid and open-source digital forensic tools may be used to scan the network in question.

4. Phishing

Phishing is one of the most nefarious and manipulative cyber security threats out there. In essence, an attacker tries to think of a scheme to trick the victim into forking over their login credentials, usually through email or direct messaging platforms by impersonating someone on their contact list.

Often accompanied by sense of pressure or an emergency (example: “There is something wrong with your account, fix the issue by clicking here”), the victim is taken to a fake login page designed exclusively to steal usernames and passwords. By copying the looks of the legitimate login page and a little bit of social engineering, anyone can fall for this trick before even realizing what had happened.

5. Brute forcing

What do hackers do when they can’t think of a better plan? They will attempt to brute force their way through the login screen. If you find yourself on the receiving end of a brute force attack, you better hope your password is something stronger than “12345”.

During the process, a hacker will try to guess their way through the login screen with the help of random string generation and automation. Typically, they will try the shorter character combinations first (1-4 characters) and then move on to the longer ones, eventually covering every possible combination in existence. Unless there’s some defensive cyber security mechanism in place that prevents repeated login attempts from the same IP, they can go through the list at the speed of light.

Another variation of this is the so-called dictionary attack during which the hacker will go through the list of common words like “cheese” and “dog” to see if one of them opens the door. This is cyber protection 101 – in this day and age, you need to think of something more clever than that to use as your password!

6. SQL injections

When talking about cyber security threats that have something to do with databases and servers, SQL injections are the first to come to mind. If the database in question uses SQL and the objective is to hack the website, sometimes, typing the right string into the search box is all it takes to reach that goal, given the website’s coder has a poor understanding of the best cyber security practices.

Digital forensics experts often investigate cases like these to uncover the scope of the damage and who’s behind the attack. Using sophisticated industry-grade digital forensics tools like DBF that are designed for restoring corrupted databases, they can perform complex operations without needing to know everything there is to know about the technical aspects of IT and still crack the case.

7. Zero-day exploits

There is hardly any cyber security protection against zero-day exploits. Thankfully, they are few and far between. But how do they work? The fact of the matter is that almost every piece of software has undiscovered vulnerabilities in it, even the kind that gets released by big-name software development companies. Sometimes, hackers who discover them don’t capitalize on them personally but rather choose to sell the knowledge on the dark web.

The person that finds out about a zero-day exploit and chooses to take advantage of it is the one to fear since these make for some of the most potent cyber threats and security risks imaginable. Even when the existence of such an exploit becomes public knowledge, there’s usually still a small window of time to abuse it because it can take a few days before the patch is released.

On top of it all, some webmasters who don’t follow the best industry practices may fail to apply them early enough, thus making them sitting ducks for a potential cyber attack.

8. Botnets

Commonly used as part of a DDoS attack, botnets are a fleet of infected devices an attacker controls from the outside. The larger the number of devices under a hacker’s control, the more powerful of an attack they can mount against their target. In concrete numbers, these could be millions of devices that all participate in a coordinated cyber attack.

A botnet can be used for a variety of different types of attacks:

DDoS

DDoS attacks are most commonly initiated by a cluster of infected devices that are part of a botnet, usually without their webmaster’s knowledge. As the attack is executed, the target website or network is flooded with massive waves of meaningless traffic so it gets overloaded to the point of no longer being able to serve legitimate users.

DDoS attacks may have personal or political motives or they can be launched by a company-sponsored hacker in the corporate space to gain an advantage over the competition.

Email spam

Botnets can also be used to send out waves of email spam. Typically, these messages would either contain unsolicited advertising or they could even resort to more underhanded tactics such as phishing and malware distribution.

If they go the malware route, the underlying purpose is likely to expand the botnet – any device that gets infected is then added to the botnet.

Targeted intrusions

As already mentioned, botnets are sometimes used in the corporate space to target high-value systems belonging to a company or an organization. Once capitalized, the targeted device then allows the hackers to make their way deeper into the organization’s cyber IT network.

Once inside, the hackers can steal valuable information such as sensitive data of their customers, research, financial data, intellectual property, and other sensitive data.

Enterprise financial theft

A sophisticated botnet can be used for the purpose of high-profile financial crime. For instance, they may be programmed to go after credit card information specifically and a swiftly executed attack can cause billions of dollars in damages in a rather short window of time. An example would be the infamous ZeuS botnet.

9. Cross-site scripting

When a victim gets infected with malware, it may modify what that person sees when browsing the internet. But more often than not, an infection like this does not seek to alert the victim of its presence. Instead, it executes its malicious intent in the background, often by inserting itself into the javascript of whatever website the victim is viewing.

As you can imagine, those that ask for sensitive data such as login credentials and credit card numbers are of particular interest to the hacker. So in essence, the victim may visit a legitimate website and not even suspect that malicious code has been inserted into it.

10. Rootkits

Just like regular malware, sometimes legitimate software comes bundled with rootkits, one of the most potent and dangerous cyber security threats  of all. This is because rootkits are designed to nest themselves deep into a device and are executed before the operating system even has a chance to load. Think of them as a secret remotely-controlled account with administrative privileges.

Depending on the objectives of their creator, a rootkit can be designed to alter the computer’s contents and even steal passwords and sensitive data. Since they can come from anywhere, including infected email attachments and dubious websites, digital forensic examiners often use industry-grade tools like SalvationDATA’s DRS to find the origin of the infection and restore files that may get corrupted as a result of the infection.

Avoiding cyber threats and security risks - best practices

Since an ounce of prevention is worth a pound of cure, there are certain cyber safety and security best practices you are advised to implement into your information security strategy:

• Make your password varied and complex. Never re-use them across different websites and accounts. Ideally, your password should be long and consist of lowercase and uppercase letters as well as contain numbers and special symbols.
• Enable 2FA. In essence, this mechanism acts as an additional layer of security that requires a confirmation from its owner before someone is granted permission to access an account.
• Update often. This includes your operating system, your software, and various browser extensions you may have installed.
• Learn to recognize phishing scams. Never open an email attachment or click on a link whose sender you don’t recognize.
• Don’t leave your devices unattended. A mere minute of leaving your laptop on the table in a public space while you hop to the bathroom can be enough for someone to physically go through its contents or install malware.
• Avoid suspicious Wi-FI networks. Typically, these will be public networks you can find at an airport or in a coffee shop. As convenient as they may be, they are also cyber network security risks.
• Make backups on a regular basis. In the digital world, things can go wrong, so it’s best to have a way to restore your most precious data in case it gets deleted or corrupted.
• Install a cyber security suite. Things like firewalls, antiviruses, and possibly even a VPN are a must when navigating the threats you’ll come across in the digital era.

Conclusion

Hackers never sleep and there are more cyber security threats out there than you can count. It’s up to you to study them and mount a defense against them – the more proactive you are in your approach, the better.

Either way, the list above should serve as a starting point to navigating the cyber threat landscape that gives you the essentials of what to look out for.