Every 39 seconds a cyberattack occurs, 75% of which start with an email (Phishing). 72% of hackers target larger companies and 80% of breaches involve stolen credentials or brute force attacks.
With all these attacks taking place, cybersecurity professionals are constantly on the lookout for cyberattacks. Cybercriminals target individuals and organisations every single day and the number of attacks is continuously increasing.
Why do cyberattacks occur?
There are a multitude of reasons why cybercriminals wreak havoc on people including money, for fun, to gain access to sensitive information, etc.
Here are six common types of cybersecurity threats to look out for.
6 Common Types of Cybersecurity Threats
Malware (Malicious Software) isn’t just one attack, it’s a collective name for various types of attacks including ransomware, spyware, and viruses.
Malicious software contains code developed by hackers to cause substantial damage to an individual or company’s data and/or systems. Typically these attacks are also used to gain access to the victim’s network.
The simplest ransomware type is called Scareware. It simply means hackers make use of scare tactics to trick victims of the attack to pay the ransom. For example, a fake message appearing on your computer screen saying your computer has a virus and online payment is necessary.
During a ransomware attack, data is encrypted, which is what often forces a company or individual to pay the fee in order to regain access to their data.
Below are some examples of ransomware:
3. Phishing & Spear Phishing
What is Phishing?
A common cyber-attack where users (often hundreds) are contacted via email, text, or phone call by a hacker which often poses as a legitimate business to retain sensitive information from the user such as their credit card details, passwords, etc.
Check out the origins of phishing and how it received its name here.
What is Spear Phishing?
Although Spear Phishing uses the same processes as normal phishing attacks, the difference is that spear phishing is used to target a single individual. This method makes it seem personal as the hacker is pretending that they know you.
Trojan (or Trojan horse) is a type of malicious code created to take control of your device. It’s designed to damage, steal, or disrupt an individual or organisation’s data or network.
How Trojan Attacks Work
A hacker typically sends an email with a file attachment, containing malicious code, which a user opens thinking it’s legitimate. After downloading and opening the file, malware is installed on your device. When a user opens the program, the malware spreads to their files and damages your device.
Common Types of Trojans (norton.com)
- Backdoor Trojan
- Distributed Denial of Service (DDoS) Attack
- Downloader Trojan
- Fake AV Trojan
- Game-thief Trojan
- Infostealer Trojan
- Mailfinder Trojan
- Ransom Trojan
- Remote Access Trojan
5. Man-in-the-Middle (MitM) Attacks
A Man-in-the-Middle (MitM) attack is when communication between two parties is intercepted by a cybercriminal. The two affected parties think they are in direct contact when in fact, the hacker is relaying or modifying the communication.
MitM attacks are typically used to steal personal info, login details, corrupt data, etc.
How MitM attacks work:
- A hacker creates a fake network or interferes with a legitimate one.
- The traffic is then decrypted to allow the hacker to steal information, or reroute traffic.
- This is typically done without the victim or host’s knowledge, allowing the hacker to silently observe and manipulate traffic.
6. Denial of Service (DDoS) Attacks
A Distributed Denial-of-Service (DDoS) Attack is when an attacker uses a network of infected computers (botnet) to overwhelm a targeted server with phoney requests, preventing the server to handle legitimate requests. The goal is to overwhelm the server with traffic to render the website or online service inoperable.
How do you know you’re under attack?
- Your Internet is disconnected
- Unable to access a website
- Access to remote or local files is slow
- High volumes of spam emails
Botnet – Network of computers that are hacked and controlled remotely by an attacker.
Brute Force Attacks – A trial and error process where a hacker guesses username and password combinations to log in to the backend of a site or application. Hackers often also try to find encryption keys or hidden web pages.
Command and Control (C&C) Server – A computer-controlled by a cybercriminal that sends commands to a system compromised by malware. These servers allow a hacker to gain complete control of a victim’s computer to execute malicious code.
Spyware – Unwanted software created to steal sensitive information about an individual or business by gaining access to their hardware devices. Hackers can also steal information from users via web tracking.
Web Tracking – When websites collect, store and share information about visitor’s activities on the Internet.
Worms – Worms get their name from the way they infect systems. Worms typically start with one machine then work their way through the network, spreading the infection. This type of malware works rapidly, causing damage in a short period.