7 Types of cyber security threats
Cyber security professionals should be well-versed in the following categories of cyber security threats.
Malware includes spyware, ransomware, viruses, and worms. When a user clicks on a malicious link or attachment, malware is activated, which results in the installation of malicious software. Cisco reports that once activated, malware can:
Restriction of access to critical network components (ransomware)
Add additional malicious software
Acquire information covertly by transmitting data from the hard drive (spyware)
Disrupt individual components of the system, rendering it inoperable2.
Emotet is described by the Cybersecurity and Infrastructure Security Agency (CISA) as "a sophisticated, modular banking Trojan that primarily acts as a downloader or dropper of other banking Trojans." Emotet remains one of the most expensive and destructive forms of malware."
3. Denial of Service
A denial of service (DoS) attack is a type of cyber attack in which a computer or network is flooded with data, rendering it incapable of responding to requests. A distributed denial of service (DDoS) attack accomplishes the same thing, except the attack originates on a computer network. Cyber attackers frequently employ a flood attack to disrupt the "handshake" process and perform a denial-of-service attack. Numerous other techniques may be used, and some cyber attackers exploit the downtime of a network to launch additional attacks. According to Jeff Melnick of Netwrix, an information technology security software company, a botnet is a type of DDoS attack in which millions of systems can be infected with malware and controlled by a hacker. Botnets, affectionately referred to as zombie systems, are designed to attack and overwhelm a target's processing capabilities. Botnets are dispersed geographically and are difficult to trace.
4. Man in the Middle
When hackers insert themselves into a two-party transaction, this is referred to as a man-in-the-middle (MITM) attack. Cisco reports that after interfering with traffic, they can filter and steal data. MITM attacks frequently occur when a visitor connects to a public Wi-Fi network that is not secured. Attackers place themselves in the path of the visitor and the network, then use malware to install software and steal data.
Phishing attacks employ forgery, such as an email, to trick the recipient into opening it and following the instructions contained within, such as providing a credit card number. "The objective is to steal sensitive data such as credit card and login information or to infect the victim's computer with malware," Cisco reports.
6. SQL Injection
SQL injection is a type of cyber attack that occurs when malicious code is injected into a server that uses SQL. When a server is infected, data is released. Submitting the malicious code is as simple as typing it into a search box on a vulnerable website.
7. Password Attacks
A cyber attacker can gain access to a wealth of information with the right password. Social engineering is a type of password attack, which Data Insider defines as "a strategy used by cyber attackers that heavily relies on human interaction and frequently involves duping people into violating standard security practices." Other types of password attacks include gaining access to a password database or guessing the password outright.