Cyber security threats come in a lot of different forms. But most of them fall into a few general categories that can be studied in depth.
Here’s a secret that a lot of people in the industry don’t like to admit: Most professions who are in charge of a company’s cybersecurity are experts in about three or four of the kinds of attacks that they may face off against in the future. Smart cyber security managers surround themselves with people who are experts in the types they’re weak in. They encourage certification and further education, to make sure the gaps are always covered.
To examine what those gaps might be, here is a list of potential cyber security threats. Let’s look at the ten most common types:
#1 – Backdoors
Backdoors give a normally unauthorized individual access to a system as long as they know the master credentials that were secretly left in the system. They may have been used in the testing process to quickly change roles or permissions, but they never got removed before the software went gold. Or they might be mandated by the government for authoritarian monitoring, like the SORM system in Russia. Either way, if the backdoor isn’t closed before the system goes live, anyone who knows how to access it will have power over that hardware or software.
#2 – Phishing
Phishing is an invitation for users to simply give away their personal information and their personal security credentials. The process is completely remote and usually automated (to start with). Phishing is an advanced, but more scattershot version of social engineering (which we’ll cover shortly). Using E-mail, a web form, a cleverly disguised app, or a trap website, phishing attempts to get the user to fill out forms that can be used to gain access to sensitive systems.
#3 – Malware
Malware, and some viruses, are attempts to hide code on a system that will later secretly take actions using the operator’s login. Malware is downloaded and installed just like any other program or app, often pretending to be pirated software, an app, or a code executing document. The malware then installs alongside the expected contents of the download. Once running, it can spy on the user’s actions, examine the network, execute crowdsourced computing like crypto farming, or attempt to infect more systems by creating a wide botnet.
#4 – Browser fingerprinting
Browser fingerprinting is a specific form of digital fingerprinting that focuses just on gathering identifying information from a user’s web browser configuration and settings. Things like operating system, browser type and version, language, timezone, installed plugins, screen resolution, and other browser-related data can be collected to form a unique fingerprint for that browser on that device. This allows websites and advertisers to track users across the web without using traditional tracking methods like cookies. Since browser fingerprints are very difficult to change and mask, they allow for persistent tracking of user behavior and data collection without consent. The prevalence of browser fingerprinting means most of our online activity can be identified and monitored, posing a major threat to privacy and data security in the modern world. It has become a top cyber security concern. A privacy app like Hoody can neutralize browser fingerprinting and is compatible with most of the popular browsers, including Chrome.
#5 – SQL Injection
An SQL injection uses the complex code inside Structured Query Language to subvert a server that relies on relational databases. It uses tricks that are commonly overlooked by basic database permissions. SQL injection forces the server to reveal information that would normally only be accessible to superusers. Many forms of SQL injection submit strings of malicious code through a website’s search box.
#6 – DNS Tunneling
DNS tunneling is an important secondary attack method often used to export data that has been collected through other hacks. By disguising packets as legitimate queries sent over the port dedicated to DNS (port 53 most of the time), a hacker can often bypass normal firewall restrictions and defeat network monitoring systems. This technique is not only used to get stolen data out of a private network, but it is also used as a command and control channel for botnets.
#7 – Social Engineering
Social engineering is the oldest cyber security threat on record. Much of the time, it involves examining physical security, phone use, and scheduling data to create a realistic cover story. Then it’s just a matter of fooling someone into aiding or committing a security breach. Social engineering also covers common ways to collect security information that has been discarded carelessly, such as via dumpster diving (looking for old hardware or authentication information in trash or recycling) or buying old company devices that weren’t properly wiped out.
#8 – Zero-Day Exploits
Zero-day exploits are vulnerabilities discovered and acted on before a patch could possibly be made. These hardware, software, or firmware flaws might have been part of the core system for years, but simply never discovered until recently. The hacker wants to get as much done as possible before anyone knows how to deal with this new threat.
#9 – Man-In-The-Middle
Man-in-the-middle attacks involve setting yourself up somewhere in between the victim and the server that they’re trying to access. Some examples of this include authority attacks, where a person in charge of a network resource promiscuously snoops traffic, and public resource attacks, where the hacker pretends to be an access device (something like a public wi-fi hotspot or a phone tower) but instead acts as a pass-through and records data as it flows by.
#10 – Denial of Service
Denial of service (DoS) is probably the most frustrating of all the types of cyber security threats. Because even if the hacker gets away with nothing, you still lose. DoS attempts to overwhelm specific network or computing resources with a flood of traffic. The goal might just be to take something offline by eating all of the bandwidth. But the goal might also be to cause the defenses of certain services to collapse under the stress. Distributed denial of service (DDoS) attacks are performed by Cloud resources and botnets with nodes all over the world.
#11 – Brute Force Attacks
Brute force attacks attempt to break encryption by simply guessing every possible key. These attacks only reliably work against weaker or outdated forms of encryption. Encryption that has smaller key space, known flaws in the RNG, or other vulnerabilities that effectively limit the number of possible keys can increase the effectiveness of a brute force attack. But strong encryption methods with long key lengths can effectively increase the brute force time to millenia. But remember: Vulnerability to quantum computing is still up in the air for some of these encryptions.
And Many More…
This list isn’t exhaustive. It isn’t meant to be. Only by covering the 90% of the most common scenarios will you understand the strange rarities that crop up once in a while. For anyone learning about intrusion detection, security management, or corporate cyber security training, the topics above are the best place to start.