A cyber security threat refers to any possible malicious attack that seeks to unlawfully access data, disrupt digital operations, or damage information.
These are the most common cyber threats that hit individuals and businesses every day:
This is a type of attack in which the hacker tries to steal the user’s information by disguising as a legitimate person or company. Phishing attacks tend to use spam emails as a mode to attack the user and get information like credit card or bank account details. The emails sent usually look very authentic to the user and the hacker tries to make it look like a real company including company logos too sometimes.
- Smishing: This phishing attack is done for the same reasons but the mode is by sending fraudulent text messages or SMS. These are really common, most of the urgent or warning messages that we get daily on our mobile phones are usually examples of smishing.
- Vishing: This phishing attack is done over telephone systems. The hackers mask the real contact number using a fake caller ID. The number shown to the user can be familiar to the victim or of a legitimate bank.
- Identity Theft
In this attack as the name suggest the main motive of the hacker is to steal personal information related to a person. The hacker tries to impersonate the victim by knowing sensitive information about them. Knowing the victim’s password, account details, ID number, or social security numbers can enable a hacker to misuse them for illegal purposes too.
(Repeated, already in chapter 2)
Malware is a collective term for all the software that is intended to harm a computer system, this includes viruses, worms, Trojan viruses, spyware, and other malicious programs or software.
- Ransomware, Spyware & Trojan
Ransomware is malicious software (malware) with which the cybercriminal blocks the user’s access to the computer and encrypts all the information there. This information is held with the criminals and they ask the user for some ransom in exchange for releasing the information. The user is left with only a few options here either paying the money they demand, restarting the device, or trying removing the malware.
Spyware is something that we all might have seen in detective movies, but it is all too real. This software is used to keep an eye on the user’s online behavior without their consent or permission. This installs itself on the user’s device, spyware that steals the user’s information like password, username, or some other credentials is known as a keylogger.
A trojan is again malicious software with an interesting history to its name. The Trojan horse from the Trojan War in which the Greek soldiers hid inside the hollow horse and entered the enemy’s empire to capture the territory. The computer Trojan works in a similar fashion, this software disguises itself as useful and legitimate but actually damages the victim’s machine once installed.
- Social Engineering
This attack is a psychological technique used to manipulate the user into giving out sensitive information. In simple words it’s the art to fool people and steal their information, it would be easy for a criminal to talk and try to find out a person’s password rather than trying to hack it. These are the attacks where proper cyber security training is the only solution to avoid releasing sensitive information just because of a lack of knowledge of a person or employee of an organization.
- Revenge Porn
This term may be new to hear but this practice has been on a hike with mobile phones becoming more and more intelligent. The sharing of explicit images or videos of a person without their consent is referred to as revenge porn. This is most commonly seen among teenagers and people in their 20s. The motive is very clear, to hurt a person’s reputation and take revenge which can affect the victim psychologically affect their future relationships.
- Cyber Bullying
Cyberbullying is a crime that can cause an accused some time in prison in most of the countries in the world. This can include sharing or posting mean and false content about a person which can result in humiliation or embarrassment to the victim. This can happen on social media, online forums, emails, text messages or even on online gaming communities.
- Account Steal
Account steal refers to the stealing of information by criminals from online accounts. Account steal or takeover is a crime counted under identity theft. To get hold of the user’s account, the hacker needs to know the username and password of the user. This can be done through various ways like the use of social engineering attacks, phishing attacks, malware, and viruses, spying on online activities using some spyware, or even getting information through another data breach.
Deepfake has arrived from the combination of “deep learning” and “fake”. It’s basically a form of Artificial Intelligence called deep learning which is used to create fake videos and images from scratch. This is generally called photoshop in common words. These are generally used to edit videos with faces of celebrities or famous politicians to create scandals or controversies. This can also be used to blackmail people for money and can also be considered a part of identity theft.
- Data Misuse
Data misuse is using data for something it’s not meant to be used. This is different from data theft as it’s not necessary to be a consequence of a cyberattack, it can happen due to simple human errors too like collection errors and improper filing of data. Data misuse has been in limelight these years for example any company or organization can use the data of their users or clients for purposes they are unauthorized.
- Advanced Cyber Threats
Following are some advanced cyber threats that we need to be aware of-
- Denial of Service (DoS) attack: In this attack, the hacker’s motive is to crash the server by sending a lot of fake requests. The server becomes so busy attending to all these fake requests that it is not able to provide its service to genuine users. The server can also crash by the flooding of the fake requests by the hacker. These attacks do not usually cause data theft or information theft but this can cost the victim a huge waste of time and money. An advanced Dos attack known as Distributed Denial of Service Attack (DDoS) enables the hacker to attack the victim with multiple systems located at different locations at the same time and this makes it a bigger threat for organizations.
- Man in the middle attack: This attack is like when someone tries to eavesdrop on a personal conversation. The attacker tries to position themselves in a conversation between the victim and the application they are using. Once the conversation is being compromised by the attacker, he can either simply steal the information or even impersonate one of the people in the conversation and makes it look like a normal conversation. The targets of such attacks are usually financial sites where the user is required to log in.
- SOL injection: This is a type of attack in which a code is injected into a website that can destroy the whole database. It very common web applications attack. Usually, it is given in form of a web page input and therefore the best way to prevent this attack is to analyze and filter out the inputs and check them for potentially malicious code.