Recognising Common Cyber Security Threats

The term cyber security threat sounds sophisticated. It’s true that the methods criminals use to attack computers, networks and smart devices are complicated. But they’re also commonplace.

Simply put, a cyber security threat is a potential malicious attack on a computer system. Criminals usually launch these attacks for financial gain, typically by stealing sensitive information or suspending digital operations until a ransom is paid.

Cyber criminals can be individuals or groups with the technical expertise to exploit weaknesses in digital systems. Weaknesses that include system users’ lack of awareness and tendency not to question emails, sites or updates that appear legitimate.

Cyber attacks can be categorised into two types: targeted and un-targeted.

Targeted attacks are planned and executed against a specific individual, organisation or system. Cyber criminals conducting these attacks have a clear objective and select their targets based on perceived vulnerabilities or the value of the information accessible. Such attacks often involve lengthy research to find specific weaknesses within the target’s systems. Examples include spear phishing, where attackers send fraudulent messages designed to trick specific people into revealing sensitive information.

Un-targeted attacks are indiscriminate. Criminals launch these attacks against as many systems, devices and users as possible rather than one specific target. They’re usually automated and used to find multiple weaknesses simultaneously. Distributing malicious software through mass email campaigns is a typical example of an un-targeted attack. Criminals reason that sending emails to a long list of recipients will entrap at least a handful of unsuspecting users.

A study by Detica, on behalf of the Cabinet Office, puts the cost of cyber crime to the UK at a colossal £27 billion. Businesses take the biggest hit, losing approximately £21 billion annually to cyber security threats.

The same Cabinet Office report suggests that businesses can protect against some of these losses by increasing cyber security awareness within their organisations. This preventative strategy is also championed by the National Cyber Security Centre (NCSC). The NCSC recommends a risk-based approach to cyber security, reinforced with regular staff training.

Adopting these strategies can significantly lower your organisation’s risk profile.

Below, we’ve outlined seven common types of cyber security threats organisations face. It will help you conduct a risk assessment for your IT systems and plan appropriate safeguards.

Social engineering is manipulating people into revealing sensitive information or breaking security procedures. It doesn’t need sophisticated hacking techniques or technology; instead, it exploits the most vulnerable link in the security chain: people.

Cyber criminals use various tactics to trick individuals into providing confidential information or access. These tactics play on human emotions, such as fear, curiosity or the desire to help, making them remarkably effective.

For instance, an attacker might impersonate a senior figure in an email to persuade an employee to disclose sensitive company data, as in the ‘CEO scam’. In this scam, an employee receives an email that appears to be from their CEO. The message urgently requests a transfer of funds or sensitive information. Mistaking the request as legitimate, the employee complies, only to later find out they’ve been duped.

Phishing is a common cyber security threat that uses social engineering tactics. In these attacks, criminals masquerade as trustworthy entities in emails or other communication channels to lure individuals into providing sensitive data or access. This form of social engineering is alarmingly successful and is often the first step in more complex cyber attacks.

As a form of social engineering, phishing attempts are designed to prey on people’s expectations and emotions. Malicious messages are designed to appear as legitimate, making it difficult to separate them from genuine examples.  Attackers also often use urgent language to trick victims into hastily clicking on suspicious links or attachments.

There are a number of subcategories of phishing attacks:

• Spear Phishing takes the deception further by targeting specific individuals or organisations. These attacks are highly personalised, with the attacker having done their homework to make the scam more convincing. For example, they might use information gathered from social media profiles to craft a believable email asking for sensitive information, supposedly from a colleague or a known contact.
• Whaling targets the ‘big fish’ – senior executives or other high-profile targets within an organisation. These attacks are sophisticated and meticulously planned, often involving fake legal documents or other high-stakes communications designed to pressure the target to respond.

Malware (a contraction of ‘malicious software’) is harmful software designed to infiltrate, damage or disable computers, systems and networks. It represents one of the most common and destructive cyber threats facing organisations today.

There are numerous types of malware, each with its own method of attack and malicious intent. These include:

• Viruses, which attach themselves to clean files and spread throughout a system
• Worms, which replicate and spread across networks
• Ransomware, which locks access to files or systems until a ransom is paid
• Spyware, which monitors and collects information from unaware targets

A notable example of malware in action is the WannaCry ransomware attack. In May 2017, WannaCry spread globally, exploiting vulnerabilities in Windows operating systems to encrypt data on infected computers. Attackers behind WannaCry demanded ransom payments for decryption keys.

Microsoft was aware of this vulnerability in its flagship operating system and released a security patch fixing it a month before the WannaCry attack. The estimated 300,000 computers worldwide that were still corrupted by the ransomware highlight how important it is to update your systems regularly.

In the context of cyber security, spoofing refers to attacks in which a criminal ‘spoofs’ a legitimate site or source of communication. Users believe they’re exchanging messages with a known person or accessing a trustworthy site but they’re actually feeding criminals critical information.

There are various forms of spoofing, including email spoofing, website spoofing and IP address spoofing, each with its unique method and purpose.

• Email spoofing sees attackers falsely replicate sender email addresses, making their messages appear to come from a trusted contact. This method is often used with phishing scams to trick recipients into divulging sensitive information or downloading malware.
• Website spoofing requires creating a malicious website that reproduces the look and feel of a legitimate one. Users are tricked into entering their login details, which the attackers steal.
• IP address spoofing involves concealing the attacker’s IP address behind a legitimate one. This can trick systems into thinking the incoming connection is safe.

Denial-of-service (DoS) attacks are a formidable cyber threat. They shut down a machine or network by overwhelming the target with a flood of useless traffic, making it inaccessible to genuine users.

When these attacks come from multiple sources simultaneously, they are referred to as Distributed Denial-of-Service (DDoS) attacks. DDoS attacks are more complex and difficult to prevent because the attack traffic is spread across multiple points of origin.

DDoS attacks paralyse websites, online services and networks by saturating them with more requests than they can handle. This denies service to legitimate users and can also lead to longer-term impacts on a business’s reputation and financial health.

Identity-based attacks are a category of cyber security threats that exploit personal or organisational information.

These attacks leverage stolen credentials, such as usernames and passwords, to impersonate legitimate users. The sophistication and personalised nature of these attacks make them particularly dangerous and challenging to detect and prevent.

Three specific types of identity-based attacks include:

• Man-in-the-middle (MitM) attacks: These occur when an attacker intercepts communications to gather or alter the information being exchanged.
• Brute force attacks: In this approach, attackers use trial and error to guess login info. Tools that automate password guessing allow attackers to try thousands of passwords per minute. They rely on the brute force of multiple repeated attempts to crack a password rather than exploiting a specific vulnerability.
• Password spraying: Instead of targeting one account with thousands of password attempts, password spraying targets many accounts with a few commonly used ones. This method exploits the probability that a fraction of accounts will have weak passwords.

Human error is perhaps the most significant type of cyber security threat.

Despite advances in technology and security protocols, people still operate systems. Simple oversights or lapses in judgment can lead to significant security incidents. Phishing, social engineering, spoofing and identity-based attacks all exploit our emotions or ignorance of cyber security best practice.

No amount of technology can make a system safe if the users can’t back it up. Your employees need to recognise common cyber attacks and understand how to protect against them. This awareness is the first and best defence against the multiple cyber security threats your organisation faces.

At a time when cyber threats are ever-present, equipping yourself and your team with the knowledge to protect against them is more crucial than ever.

Our online Cyber Security Awareness Training is designed to help trainees recognise a wide array of cyber threats and develop the habits and responses needed to protect sensitive information effectively.

Trainees learn to identify various types of cyber threats, from malware to phishing attacks, and understand the methodology behind them. This insight helps to prevent staff from falling victim to social engineering attempts. The course also explores the concept of cyber hygiene and routine measures staff must use to protect against common threats.