Defending Against Types of Cyberattacks & Security Threats
Learn about the most common types of cybersecurity threats, along with some examples and tips on preventing or remediating them.
In today’s digital world, it is more pertinent than ever to exercise cybersecurity best practices and train staff to detect and avoid potential cyber attacks. The invasion of cybersecurity is all too common, and cybercriminals who dabble in these actions are intelligent, targeted, precise, and ruthless in their approach. With many well-developed techniques of attack, it is vital to understand the nature of a potential attack to better avoid it or combat it. In this post, we’ll provide a guide to the most common types of cybersecurity threats along with some examples and tips on preventing them.
Protect your business with the latest CDW Amplified™ Security Services.
Plain and simple, a malware attack generally involves the installation of unwanted programs or software on your system without your permission. The attack typically takes the form of a virus that either infects an application, arrives as a new application (like the prevalent .exe file), or buries itself into the root of your system. Alternatively, it may involve a Trojan or Trojan Horse, which could dangerously open a back door to your system, or worms, which commonly spread like wildfire through email.
Some of the most common types of malware include:
Let's take a closer look at each of these types of cybersecurity threats.
Much like the Greek army hidden in the wooden horse in the legend of Odysseus, Trojan malware is a malicious code that is an unwelcome cargo brought in something you willingly install on your PC. It is distributed by attackers who aim to either take control over your PC /network or to damage it.
This type of malware typically comes in through legitimate-looking sites and their software offerings. As many legitimate pieces of software do, many trojans request administrative access permissions on your PC. Once the permissions are granted, the attacker has free reign in the system.
Trojan malware comes in multiple forms:
- Backdoor trojans exploit vulnerabilities in your computer’s security to allow hackers to get into it.
- Downloader trojans drag in additional malicious code with the intent of giving hackers broader control.
- Rootkit trojans install hidden hacking toolkits, allowing for future exploitations.
- Ransomware trojans encrypt or lock you out of your files/machine and will not release until a ransom (typically in the form of money or cryptocurrency) is paid.
- Mailfinder trojans scan your system for any email addresses, then spams them.
The best way to avoid having to deal with trojan malware is to download only from reputable sources—but even that may not be sufficient. Staying vigilant by running malware detection and isolation programs is a good way to steer clear of many of these nefarious invaders.
Spyware is a type of cybersecurity threat that steals sensitive information and internet usage data, then relays it to other users. The data is often sent to data collectors and advertisers (adware), who can then use it to target you with ads or sell that information to others. More concerningly, spyware can collect your financial and personal information, which can lead to identity theft and/or stolen money. The spyware may track your internet activity, retain your login methods and passwords, and record credit card inputs when you make a purchase.
- Identifying spyware can be tough. Some signals that your machine may be infected include abnormal behavior like slowness, crashes, lack of hard drive space, and excessive pop-ups.
- Removing spyware can be tricky, but the best way to approach it is to run malware removal tools as well as reputable antivirus software. The better option is to prevent them from infecting your machine in the first place.
- Preventing spyware can be achieved by not clicking on pop up ads, not downloading attachments from unknown sources, and not opening emails from questionable senders.
Malvertising is the criminally intentioned use of advertisements to infect personal PCs and business networks. The scary thing about this type of cybersecurity attack is that it can come in the form of any advertisement on any site, even reputable sties that you use every day. A small bit of code embedded in the ad sends your information to a server controlled by a nefarious party, at which point it will be evaluated to see what kind of malware to send out to your system.
Many companies outsource advertising to third parties and simply sell space on their site for advertisers to upload their own ads. Often, the source of these ads is not fully vetted. Even the most cautious user can be deceived by a legitimate-looking advertisement and have their system infected with this type of malware.
When you are prompted to update your browsers, don’t simply ignore it. Run programs that help block ads (these can be browser extensions), and perpetually run malware monitoring software in the background from an up-to-date, reputable source.
Even legitimate software will often have security flaws. While the software vendor might be aware of vulnerabilities in their release, they may not have a way to prevent it (at least not yet). Hackers can exploit these vulnerabilities to harm your devices and network.
Hackers may write code to exploit a recently discovered vulnerability, putting together a “zero-day” exploit. The reason for the name is that the vulnerability is very recently identified, and the software creator hasn’t yet had a chance to create a fix for it. In other words, the developer has had zero days to address the newly identified problem.
Zero-day attacks are hard to anticipate, but the best way to get ahead of their exploits is to be on the lookout for any software updates and install them as soon as possible. Of course, this needs to go hand in hand with regularly running your malware and anti-virus checks.
Advanced Persistent Threats (ATP)
An advanced persistent threat (APT) attack targets access to systems, such as company networks—wreaking havoc once inside. Unlike some lower-level hacking assaults, APTs aim to scour the system they invade for an extended time, with the intent of stealing a variety of sensitive information. These are sophisticated methods that might target large enterprises, but small businesses are very often the victims as well.
An APT attack is a layered, evolving attack that tends to occur in stages:
- Acquiring Access: Hackers gain entry into the network through an email, an infected file, or an app vulnerable to malware.
- Establishes Staying Power: The cyber attacker then implants malware that allows them to move through the system undetected. Backdoors, typically created by overwriting code, are usually included to allow them access into the system again even if they are identified.
- Dig For More Access: Hackers crack passwords to gain administrative rights, giving them greater control of the system, systematically opening doors to more access points.
- Lateral Movement: Armed with administrator access, the hacker can now control various aspects of the system and gain even more access.
- Observe, Learn & Stay: After understanding how the system is designed to work, the hacker learns many methods to access information and continues to do so at will.
This term applies to a broad range of tactics that uses human interactions and leverages psychological manipulations to deceive users into giving up their information or making bad security choices. There is a level of study involved by the hacker in these multi-step methods. The hacker learns about the victim’s background information and gathers data about what type of information would be needed for an attack. The hacker then tries to get the victim to trust them by prompting them to break security protocols and reveal private or sensitive information.
Common types of social engineering cyber threats include:
Let’s take a closer look at each of these.
Phishing is a method of trying to get the user to give up their money or information willingly to the hacker. This is typically done over emails or texts that aim to create a sense of curiosity, urgency, or even fear, playing on the victims’ social vulnerabilities to trick them into clicking links to malicious websites or willingly accepting attachments with malware built in.
One of the oldest tricks in the book, phishing is a common scam that often targets unsuspecting victims through email. Generally, cyber criminals send out fraudulent emails pretending to be from a reputable source. These emails tend to go after passwords and vital financial details.
Remember that important matters such as IRS communications most likely will not occur via email. Above all, do not click on any links from sources you do not know.
Spear phishing is a scam typically performed via an email sent to a recipient from what looks to be a trustworthy source. The email contains a link that takes the user to a fake website stacked with malware. Cybercriminals design their approaches in such a manner that the user is targeted specifically with social engineering techniques used to catch the recipient's eye. Therefore, a single user at home is as susceptible to this type of attack as a high-ranking company executive. When these emails are opened and links are accessed, the hackers gain the ability to steal important data from the user or the company.
Because these attacks are so customized, combating them with traditional security is not simple. They are hard to detect, and one erroneous click by an employee can result in devastating consequences for an infiltrated business. Once data is stolen, it can be sold—and hackers can engage in all levels of espionage. Worse than that, malware can be deployed into the network, overtaking the network and leaving it vulnerable to many other forms of exploitations.
This is an art of deceptive communication in which the hacker approaches a user with the presumption of being a friend, public employee, bank or government official, or anyone else with a “right to know” authority. This “pretext” is then used to question the victim to get them to reveal important data. These records are gathered and may be used later for nefarious purposes.
A spoofing attack is a method by which a hacker pretends to be someone they are not to gain a user’s confidence or warrant enough concern to violate a victim’s security. If you receive an email from Amazon with purchases you never made, for instance, you are likely to be concerned enough to click the link. The problem, however, is that in the case of a spoofing attack, the link would take you to a fake website URL with a fake login prompt, into which you would then enter your login information, handing it over to the hacker.
This type of cybersecurity threat is similar to spear phishing, with the key difference being that whaling attacks always target high ranking individuals in an organization. General phishing attacks, however, tend to cast a “wider net”. Information regarding high ranking individuals in an organization is typically easily obtained from a company’s website or sources like LinkedIn. Attackers then use that information to target these individuals specifically with phishing attacks.
Denial-of-Service (DoS) & Distributed Denial-of-Service (DDoS) Attacks
Like its namesake, a Denial-of-Service (DoS) attack plots a major shutdown, barring users from accessing the service or network. Typically, the goal of this attack is to overwhelm the network to the point that it cannot function. As a result of an intense amount of traffic or an information overload, employees, members, customers and other important parties may not be able to access the service or network at all.
With a Distributed-Denial-of-Service (DDoS), numerous different sources send overwhelming traffic to the server under attack. Unfortunately, attempting to block set sources is not helpful with these types of cybersecurity threats, since the attacks come from multiple locations all at once.
Motives for these types of cyber threats may simply be to hurt a business and its information resources. DoS or DDoS attacks could also be a decoy for a different kind of attack.
Ransomware is an especially malicious type of malware that can deny users access to their system or personal files until the user agrees to pay a ransom to regain access to their system. The original version of ransomware demanded that the payment be mailed, crippling the ability of a user to access their device(s) for days. Modern forms of ransomware often demand payment via credit card or cryptocurrency.
There are several common types of ransomware:
- Screen Locks. Some ransomware locks your screen, preventing you from accessing your device. An example may be where a full-sized window appears, posing as a message from the US DOJ or the FBI, stating that illegal activity has been detected on your computer and you are being fined.
- Scareware. Scareware may pester you with ads insisting your system is compromised to try to sucker you into volunteering “payment” through the use of your credit card.
- Encrypting Ransomware. This type of ransomware essentially allows for your files to be overtaken and encrypted, meaning you have no access to them until you pay a ransom to have them released. If you do not pay, your files can be purged, and you may not be able to restore them.
Man-in-the-middle attacks involve an attacking party positioning themselves in the middle of normal communication between a user and the application they are working with. This type of attack could be used to spy or to impersonate other users, making it appear that the exchange of information and data is perfectly regular. The information obtained can then be used for bank transfers, password manipulation, penetrating a network, identity theft, and other nefarious applications.
As the name might suggest, SQL injections use SQL to gain access to information stored in a non-display capacity. This allows hackers to view lists of users, manipulate user accounts, and gain administrative rights to data.
As a whole, a breach of company cybersecurity, theft, removal, or manipulation of data can have devastating consequences. Breaches can limit a company’s ability to function normally, can be costly to resolve, and can decimate client trust.
When criminals bypass cybersecurity protocols, they can see things they are not meant to see, or worse, distribute or sell that information. Perhaps worst of all, hackers can purge information, which can be costly for businesses, eliminating important business operation data and opening them up to lawsuits from clients for not sufficiently safeguarding their information.
Tips on Preventing Cyberattacks
With so many different types of cyber attacks, malware protection has never been more important. Here are a few tips on how to prevent cyber attacks:
Never open emails or click links from people you don't know.
- Create strong passwords and regularly update them for best security.
- Browse safely, avoiding questionable webpages.
- Protect your important information, networks, websites, databases and systems with regular backups. Choose the data storage products that best meet your needs.
- Rely on a firewall to help keep your materials and networks safe.
- Install an anti-malware or anti-virus program to keep your system clean.
- Don't forget about your mobile devices! Treat all your devices with the same respect for dangerous types of cybersecurity threats.
Take every opportunity to be vigilant in your use of the internet, email and all aspects of technology, particularly if you're running your own website. Whether you use the computer and the internet recreationally or for business purposes, be sure to look into malware protection to keep your assets safe. Take these important steps to protect your assets against all the different types of cyber attacks.