top-malicious-attacks

Top 7 Cyber Threat Types

Today’s cyber threat landscape is diverse – new threats are emerging every day and cyber criminals are being sophisticated in terms of their covert nature and ability to launch attacks in massive frequency with minimal chances of detection.

1.   Advanced Persistent Threats (APTs)

The APTs belong to multiple groups of threat actors, most often nation-state groups, who clandestinely penetrate networks of governmental or non-governmental agencies without authorizations, stay undetected for a longer period of time, and inflict damage in terms of data loss and damage to finance and brand image. In 2010, the U.S. and Israeli cyber forces collectively launched Stuxnet APT to take down Iran’s nuclear program, which is known as Hydraq.    

2.   Social Engineering Attacks

Social engineering is the act of performing malicious activities by interacting and manipulating people in order to steal confidential information and data such as passwords, bank accounts, or credit card information. Phishing is one of the most common notorious examples of social engineering attacks. Phishing is the fraudulent act of sending E-mails to companies’ employees in order to compromise sensitive information such as company secrets or employee’s Personally Identifiable Information (PII). Other examples of social engineering attacks include:

  • Tailgating
  • Vishing
  • Whaling
  • Spear Phishing
  • Shoulder Surfing
  • Dumpster Diving
  • Impersonation
  • Hoax
  • Water Hole Attacks  

3.   Malware and Types

Malware is a malicious piece of software used to damage hardware devices, and steal critical data. Malware is a broad term that involves various malicious software variants. Below is the list of common types of malware:

  • Ransomware
  • Spyware
  • Adware
  • Botnets
  • Keyloggers
  • Worms
  • Trojan Horse
  • Logic Bombs
  • Hybrid Malware
  • Remote Access Trojan (RAT)

4.   Cryptojacking

Since the rise of cryptocurrencies in the digital market, cryptojacking attacks have been increased substantially. As a matter of fact, cryptojacking is the malicious practice of secretly using your computing device such as a computer to mine cryptocurrency. The threat actors who mine cryptocurrencies are called miners.

5.   Application Attacks

Applications are undoubtedly the first line of the attack surface for various types of attacks on systems. There are hundreds of applications installed on operating systems and each of them is not properly patched and secure. They are also not updated occasionally. Therefore, these applications often become the victim of application attacks that include:

  • Denial of Service (DoS)
  • Distributed Denial of Service (DDoS)
  • Man-in-the-middle (MITM)
  • Replay
  • Zero-Day
  • Man-in-the-browser (MITB)
  • Domain Hijacking
  • DNS Poisoning
  • Amplification
  • ARP Poisoning
  • Privilege Escalation
  • Cross-site Scripting
  • SQL Injection
  • Buffer Overflow

6.   Wireless Attacks

A wireless attack is a malicious act against the wireless network. Mostly, wireless attacks are launched on wireless devices such as routers, bridges, as well as wireless networks such as WAN or PAN.  The example of these attacks include:

  • Replay
  • Bluesnarfing
  • Bluejacking
  • WPS
  • Jamming
  • Rogue AP
  • Evil Twin

7.   Cryptographic Attacks

Cryptography is the practice of using codes to protect information from cybercriminals. An example of cryptography is encryption. Cyber pests use various cryptographic attacks to break encryption in order to achieve their malicious goals. For example, password attacks are specifically designed to compromise passwords. Dictionary attacks allow attackers to use a program that cycles through common words. Other cryptography attacks are listed below:

  • Birthday
  • Brute force
  • Rainbow Table
  • Downgrade
  • Collision  

Conclusion

Today, cyber threats are emerging by leaps and bounds. They are large in frequency and sophisticated in their operations. The most common types of these cyber threats are APTs, social engineering attacks, malware, cryptojacking attacks, application attacks, wireless attacks, and cryptography attacks.

Are you thinking about the cybersecurity of your company against these attacks? Are you not comfortable with the current security posture of your organization? Logsign provides next-generation SIEM and Security Orchestration, Automation and Response (SOAR) platforms for enterprises all across the world.

References:

https://en.wikipedia.org/wiki/Advanced_persistent_threat

https://www.cybereason.com/blog/advanced-persistent-threat-apt

https://www.avg.com/en/signal/what-is-malware

https://www.veracode.com/security/attacks

Leave a Reply

Your email address will not be published. Required fields are marked *