A cyber threat is an attempt by a person or group of people to exploit, steal or disrupt the digital wellbeing of individuals and/or organisations.
Cyber threats have become a dominant source of crime and there’s quite a few you and your business may come across in the future if you haven’t already.
And as they become more sophisticated, they can be harder to grasp so we’ve put together a list in simple terms that explains many of them.
Advanced Persistent Threats (APTs) - Active over a long period of time, these are undetected attacks that attempt to steal your sensitive information, conduct cyber espionage or disrupt operations.
Baiting - Manipulates you into revealing confidential information or installing malware into your devices.
Brute force - A type of hacking method where continuous attempts are made in the hope of correctly guessing your login details to access protected information.
Credential stuffing - Using one set of login details to gain access to multiple accounts, in the hope that they’re reused across several accounts.
Cyber espionage - An unauthorised user gets access to your confidential information or intellectual property.
Data encryption - Using an algorithm and an encryption key, data is converted into unreadable code to stop unauthorised access. A decryption key is needed to convert the code back to its original readable format.
Dictionary attack - A type of brute force attack: the hacker runs through a list of common words, phrases & number combinations in the hope of eventually guessing your login credentials.
Distributed Denial of Service (DDoS) - A network is flooded with fake traffic, making it unavailable to your users.
Doxing - Revealing personal information about you (e.g. your real name, addresses, financials) in the hope it will exploit you.
Insider threats - Individuals employed by an organisation that misuse their access rights to steal data, sabotage systems, or conduct espionage. This can be accidental (e.g. through negligence) or intentional (e.g. unhappy employees or contractors).
Internet of Things (IoT) vulnerabilities - A device’s built-in security is not strong enough to counter a cyber-attack, making it easy for hackers to access. If the device is connected to a network, the hackers can reach it and spread malware to gain control and cause harm. A few examples are photocopiers, mobile devices, phone systems & security systems.
Keyloggers - Tracking your keystrokes as you type, then using that data to work out confidential information (e.g. passwords)
Malware - Short for malicious software, it’s installed on your device without you knowing and spreads like an infection, damaging files, stealing information & taking control of your device, service or network. Some examples are viruses, worms, Trojans, ransomware, and spyware.
Man-in-the-Middle (MITM) - Intercepting data being sent between two people, aiming to steal, eavesdrop or modify the data.
Pass-the-Hash (PtH) - A hacking technique where an attacker steals a hashed version of a password (hidden by asterisks e.g. ****) and uses it to access a system without needing to know the actual password.
Password spraying - Instead of guessing many passwords for one account, the hacker tries to use one password for a list of many accounts. If the first password doesn’t work for any of the accounts, the hacker tries again with another password.
Phishing - Fake emails, text messages & websites disguised as trustworthy that contain harmful links designed to trick you into handing over confidential information.
Quishing - Like phishing, harmful links are accessed through QR codes, hoping to obtain your confidential information.
Ransomware - A type of malware that locks (encrypts) your files or entire system. A ransom is demanded, usually in cryptocurrency, for the decryption key to unlock the files/system. Ransomware has evolved and now frequently used as a double-extortion tool. An attacker will encrypt files they find after gaining a foothold in your network, but before doing so they’ll export the files out of it. The attacker can then extort you twice - once for the ransomware decryption keys, and then again by threatening to release your stolen data publicly.
Social engineering - The attacker uses persuasion, influence & observation to trick you into revealing confidential information that helps them commit online crime.
Spoofing - The attacker is disguised as someone you know, or from somewhere you’re familiar with to trick you into giving them confidential information.
Spyware - A type of software that monitors and collects confidential information on your computer or device without you knowing.
Structured Query Language Injection (SQLi) - Corrupt code is injected into a website or app, so the hacker can access, view, modify or delete data.
Supply chain attack - An indirect approach where hackers target a company’s suppliers and partners to get access to the company’s systems & data. Target’s breach via their aircon & refrigeration supplier remains one of the biggest attacks to date.
Trojan - A type of malware that disguises itself as trusted software but performs malicious activity when it’s used.
URL manipulation - A hacker changes part of a web address, to access areas on a website they shouldn’t be able to.
Viruses - Malicious software that infects your computer and spreads to others via programs & systems. Viruses cause damage/loss to data and software.
Worms - Malicious software that travels through the internet & networks deleting files, stealing data, overloading networks, conducting ransomware attacks and more. Worms can easily spread: e.g. hidden in email attachments or self-replicate across networks that are connected.
It can be as simple as a single email that gives cybercriminals the opportunity to harm your business. For some guidance on security measures you can put in place, read our article Securing your business is more than locking the front.
Alternatively reach out to our team. We can help with our cyber-led, subscription-based IT solution, Managed Cyber Zero.
