Live Chat Now
Available
Give us a call

Send us a text

855.890.3001

855.890.3001

8 Types of Cyber Security Threats

By Steve Smith

The information presented here is true and accurate as of the date of publication. DeVry’s programmatic offerings and their accreditations are subject to change. Please refer to the current academic catalog for details.

 

May 17, 2023
7 min read

 

Information systems and the devices or infrastructure they’re connected to can be put in harm’s way by a variety of cyber security threats, often meant to alter, destroy or steal sensitive or personal data. 

 

In this article, we will describe 8 common cyber security threats and discuss how you can take steps to prepare yourself or your organization against them.

Man-in-the-Middle (MITM) Attack

In the first of several cyber security attacks we’ll cover, the attacker positions himself between two parties, whether that’s people, networks or computers. MITM attacks are often silent and carried out without the victims’ knowledge. 

Unbeknownst to either party, the attacker spies on their interactions and may collect data from the participants’ devices without them noticing anything out of the ordinary. In some cases, the attacker might use a bot to generate seemingly legitimate messages to the targets. 

Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks

What’s the main difference between these types of attacks? A DoS attack is essentially a system-on-system attack, while a DDoS attack involves several systems attacking a single target system. A denial-of-service (DoS) attack is designed to flood a website with traffic from illegitimate requests, making the website unavailable and interrupting the normal course of the target’s business. Distributed denial-of-service (DDoS) attacks are launched by a network of malware-infected host machines controlled by the attacker. 

In either attack, the targeted site is overwhelmed by the volume of bot-generated requests. It crashes or freezes up and is unable to provide service to legitimate customers. This often results in the site coming offline, which can then leave it vulnerable to other attacks. 

Amazon Web Services was the victim of a major DDoS attack in February 2020, for example, but employed their AWS Shield service to help mitigate it. The company stated that the peak point of the attack had been 44% larger than anything they had seen before.

Structured Query Language (SQL) Injection

The SQL injection is a cyber security threat to websites that depend on databases. In this type of attack, a command is introduced into a data plane in place of a password or login. The server where the database is hosted then runs the command, allowing the cybercriminal to penetrate the system. A successful SQL injection can have several different results: sensitive data can be released, modified or deleted. The attacker could also command the system to shut down, which would interrupt the function of the database and, in turn, disrupt the functionality of the websites connected to it.

Malware

Several types of cyber security threats involve forms of malware, or software containing malicious code. This type of software infects a computer and changes the way it functions. It can cause the destruction of data, spy on the computer’s users and spread across networks. In a malware attack, the malicious software has to be installed on a targeted device. Users are often tricked into installing malware on devices by opening email attachments that appear to be legitimate but actually contain malware like spyware, which monitors and collects data based on a computer user’s keystrokes or online behavior.

Ransomware

Ransomware is another type of cyber security threat with a name that describes exactly what it is. In a ransomware attack, the victim’s computer system and their access to their data are held hostage by the attacker, who demands payment of a ransom before restoring the victim’s access to their system. The ransomware is typically introduced into the targeted system through a website or email attachment. Ransomware is written to exploit vulnerabilities that haven’t been identified or addressed by an organization’s cyber security team and is sometimes designed to evade traditional antivirus software.

Domain Name System (DNS) Attack

In DNS spoofing, DNS records altered by a cybercriminal send traffic to a phony website that mimics or impersonates a genuine site. In cyber security attacks like these, the hackers rely on site visitors never realizing the site is inauthentic. Once they’ve landed on the spoofed site, they may enter sensitive information like login credentials or credit card profiles that can be used or sold by the hackers. The attackers could also construct a poor-quality site or one containing offensive content to damage a targeted business’ reputation.

Social Engineering

Social engineering is the term used to describe cyber security threats that exploit human nature. Common methods used by social engineering cybercriminals include phishing attacks, in which the attackers pretend to be a trusted organization or individual and trick the targeted individual into providing personal data or downloading an attachment containing malware. Phishing can be deployed as a wholesale attack intended to cover a broad population of computer users, while spear phishing is an attack targeting an individual. 

Cybercriminals are determined to sabotage, corrupt or interrupt the flow of data, or gain financially through access to login information. In other kinds of social engineering attacks, the hacker manipulates an unsuspecting target into taking an action by posing as someone in authority or conveying messages that put them into a heightened emotional state. For example, they might masquerade as a legitimate IT professional trying to complete a time-sensitive support task and try to trick the target into providing confidential information like their login credentials. Once the information is secured, they can reset passwords and gain access to their network.

Cyber-Physical Attacks

In our increasingly interconnected Internet-of-Things world, many physical systems that were once separated are now interconnected and can be managed remotely using a single point of entry. This represents a target-rich environment for sophisticated hackers. In a cyber-physical attack, the data breach results in the manipulation of a physical system which could be as large as a gas and oil pipeline or as small as an individual’s medical device. 

A few examples of these cyber security threats in the United States and abroad include:

  • The 2021 Colonial Pipeline cyberattack, which caused the shutdown of a major oil and gas pipeline in the United States and highlighted weaknesses in its infrastructure.

  • The 2016 ransomware attack against the San Francisco Municipal Transportation Agency’s light rail service, which impacted physical ticketing machines and caused the suspension of payment systems.

  • A 2015 cyberattack at a German steel mill that caused major damage to a blast furnace and disrupted multiple systems.

  • Russian-based power grid cyberattacks of 2015 and 2016 that cut off electrical power to more than 200,000 people in Ukraine.

How to Prepare for Cyber Security Threats

To safeguard your personal information and defend against cyber security threats, even basic preventative measures can be effective. These can be applied whether you are networked with colleagues in a large organization or using your own devices for shopping and bill paying. 

The antivirus software maker Norton recommends 3 basic steps to take before a cyberattack or data breach occurs:

  1. Protect your files and devices. This can be accomplished by keeping software up to date, securing your files with robust back-up devices or cloud services, encrypting your devices and using multifactor authentication (like 2FA) on important accounts where login credentials are used. 

  2. Keep your wireless network safe from snooping cybercriminals by using a strong individual password for your router instead of the one that came with it from the factory and using strong encryption to protect the information sent over your network. WPA2 and WPA3 are both strong forms of encryption.  

  3. Adopt smart cyber security practices like the use of strong passwords, avoiding using the same password on multiple accounts, using a VPN (virtual private network) and staying up to date on cyber security threats, which are always evolving. Organizations should also consider obtaining cyber insurance. 

Another smart cyber security threat defense is to remain vigilant in managing emails. Never open an email attachment without fully understanding what it is and confirming that it comes from a trusted source.

Prepare to Pursue a Career as a Cyber-Defender at DeVry

If you want to learn to defend networks and systems against cyberattacks, we can help. Our online Undergraduate Certificate in Cyber Security covers OS concepts, information assurance policies, ethical hacking and more. This 100% online program can help you develop skills necessary to assess cyberthreats, develop countermeasures and design security processes. If you’re interested in earning a degree, consider our Associate in Cybersecurity and Networking, Bachelor’s Specialization in Cyber Security Programming or Bachelor’s Specialization in Cyber Security which can help you develop a more advanced skillset. 

Let’s talk about how you can get started in our next session. 

8-Week Class Sessions

Classes Start January 6, 2025

Filter Blog Post Category

Related Posts