What are the Main Types of Cyberthreats?
Cybercriminals use a variety of methods to exploit businesses and people to gain access to valuable information within corporations, organizations and the defense enterprise. With the rise of numerous modes of attack, cyberthreats are becoming sneakier and more deceptive than ever. Each threat uses different strategies, capitalizing on both the innovation and weaknesses of technology systems to achieve an objective. Whether the target is consumer information, company data, capital or confidential defense strategy, awareness of the main types of cyberthreats is critical to minimizing your organization’s susceptibility to cyberattacks.
Malware
Malware, also known as “malicious software,” is used by cybercriminals to intentionally impair, interrupt or achieve unwarranted entry into a server or network. Despite its prevalence on computer systems, malware attacks can also occur on mobile devices or applications. Malware can further lead to ransomware attacks, or take on the form of spyware, Trojans, viruses, worms and botnets.
- Spyware: Once malware is installed, spyware allows cybercriminals to “spy” on your online activity through unknown observation and gather information on a user or organization.
- Trojans: Trojans are a form of malware that impersonate a legitimate software, application or other download to obtain access to systems with valuable information. Remote-access Trojans (RATs) can give cybercriminals regulatory control over the attacked device. From here, data can be stolen, harmed, deleted, copied or even encrypted.
- Viruses and worms: Similar to Trojans, viruses and worms are a harmful program that seeks to modify or damage data. Viruses and worms are unique as they are self-replicating, allowing them to quickly spread and disperse through networks.
- Botnets: Botnets are multiple devices grouped or connected by the internet under the control of a cybercriminal, allowing them to perform tasks or attacks as a unit.
Ransomware
Ransomware takes malware a step further, encrypting data or preventing access to the system, server or network until a ransom is paid. Cybercriminals typically give victims an ultimatum: pay to have the data restored or do not pay and have the data deleted. To create even greater leverage or financial incentive, the criminal may threaten to sell or leak the information to the public, increasing the stakes for any sensitive details. The FBI recommends that ransomware victims do not pay the demanded ransom. By paying ransoms, organizations are giving more power to the cybercriminal, with no guarantee that the data will be returned. Additionally, payment could increase the organization’s chances of becoming the target of ransomware attacks again.
Phishing
Phishing occurs when a cybercriminal poses as a reputable source, such as a trusted company, bank or organization, to trick users into providing sensitive information. In this form of cyberattack, the objective is to gain valuable data such as credit card information, logins or passwords. Typically, phishing is executed through email, prompting users to provide information, click a link, or navigate to a phishing login or checkout “form” page. It can also be used as a method to install malware on a computer, or take on several other forms:
- Spear phishing: Spear phishing targets an individual versus a group, using personalized messaging to create a more realistic appeal. This is typically the first step of targeting a company, as most attacks can penetrate an entire system through the access of one individual.
- Business email compromise (BEC): BEC phishing entails the imitation of communications from a business vendor or provider. With this type of phishing, the cybercriminal performs research on the company and gains inside access by capitalizing on supply chain partnerships.
- Whaling: When phishing targets a senior executive within an organization, such as the CEO or president, it is called whaling. In this case, the cybercriminal spends an extensive amount of time studying the target to determine the perfect phishing opportunity and approach to obtain valuable information and greater access to the company. Whaling can be a large threat due to the amount of information and power these high-profile targets have access to.
- Social media phishing: In social media phishing, cybercriminals use social media platforms to study their targets and choose the right phishing approach. Using personal information a user has willingly posted online, a cybercriminal can craft a tailored appeal that increases their odds of being able to dupe their target.
Overall, personal phishing attacks can result in hacked bank accounts, lost data, social media takeover or impersonation. In employee or organization-based phishing attacks, consequences can include stolen corporate capital, the release of employees’ or customers’ personal data, encrypted data or reputation damage.
Denial of Service (DoS) Attack
In a DoS attack, the cybercriminal aims to block user access to a system or network by interrupting internet hosts. These attacks are performed by “flooding” the host with countless server requests or excess traffic until it fails to keep up and refuses access or crashes. This can be extremely detrimental as DoS attacks can impact the users’ emails, websites, online financial or medical accounts, and other online services reliant on this network. Similarly, a Distributed Denial of Service (DDoS) attack uses botnets from several devices working together to perform a wide-scale attack on a single target. In this form of DoS, cybercriminals exploit weak security and device flaws to overwhelm the host.
Domain Name System (DNS) Cache Poisoning
DNS cache poisoning, also known as “DNS spoofing,” is the result of an improper information input, typically in the form of a wrong IP address. This generates an invalid response, transferring users to the incorrect website. To execute this type of attack, cybercriminals create a fake DNS nameserver to mimic the original. It is generally unlikely that those attending to the problem are able to verify cache data, so the incorrect IP address remains in the cache. Most of the time, it stays until the expiration of time to live (TTL) or intentional removal.
Formjacking
Formjacking occurs when cybercriminals use destructive JavaScript code to gain access to a website. Through this access, they compromise capabilities of the website’s “form” page to retrieve information about users. Checkout pages and e-commerce websites are a common target of this type of cyberthreat, as cybercriminals seek to retrieve credit card information, payment information, addresses, phone numbers or other sensitive consumer information. This data is then added and kept in the attacker’s server. As a result, the hacker can use this information, sell it or threaten to sell it, all to his or her own benefit.
Cryptojacking
When cybercriminals use a victim’s computer to obtain or “mine” cryptocurrency, it is referred to as cryptojacking. Many times, this is prompted by a phishing email link. This link, when clicked, sparks cryptomining code input on the computer or system. Essentially, this mechanism tricks victims into loading the code directly onto their own computers. Another cryptojacking method targets websites or online advertisements using JavaScript code that is activated once the victim loads their browser. Victims are typically unaware as the cryptomining code operates in the background, and several cybercriminals use both of these techniques to maximize their opportunity or chances of success. Once this type of attack is completed, results of the cryptomining code are transferred to the hacker’s personal server.
Man in the Middle (MitM) Attack
A MitM attack occurs when a cybercriminal interrupts the line of communication between two ends or “parties” to eavesdrop or disrupt the flow of traffic. To perform this, the intercepted traffic’s encryption is removed and the target is then redirected to the hacker’s chosen site. For example, this could be a phishing look-alike login site or a fake e-commerce checkout page. The objective of these attacks is to “spy,” obtain logins or personal information, or impair or destroy data. This is a difficult attack to spot, as common methods include network interference or attacker-created “fake” networks.
Between all of the various threats covered, the ability to recognize, identify and understand the most common forms of attack is crucial. By educating employees and devising an effective cybersecurity plan, organizations will be better able to prevent cyberthreats in the future and avoid their devastating consequences. A comprehensive plan should stem from risk management and cover multiple areas of prevention, equipment, action and evaluation. From understanding the foundations of all-encompassing malware to inspecting the specifics of DNS cache poisoning, the first steps to cybersecurity and proper response to threats requires awareness of these numerous types, methods and targets.
Ready to dive deeper into the types of cyberthreats and enhance your cybersecurity? The Institute for Defense and Business (IDB) is offering the course “Cyber Risk Management Program in a National Security Context” (IU-IDB). This program will provide relevant technology education for those within their military careers, early professional careers or private industry experience. If you are looking to develop innovative strategies and gain a greater understanding of cybersecurity, this course is for you.
About the Institute for Defense and Business
The Institute for Defense and Business (IDB) delivers educational programs and research to teach, challenge and inspire leaders who work with and within the defense enterprise to achieve next-level results for their organization. IDB features curriculum in Logistics, Supply Chain and Life Cycle Management, Complex Industrial Leadership, Strategic Studies, Global Business and Defense Studies, Continuous Process Improvement, and Stabilization and Economic Reconstruction. Visit www.IDB.org or contact us on our website for more information.