7 Common Cybersecurity Threats Overview for 2023

Understanding cybersecurity threats isn’t a necessity for IT professionals alone, but for everyone who uses the internet. From individual users to large corporations and governments, cybersecurity threats pose significant risks. This article aims to provide a comprehensive overview of the most common cybersecurity threats, exploring their definitions and main characteristics.

Common Cybersecurity Threats

In this section, we go into some of the most common cybersecurity threats, providing an overview of each threat.

A. Malware

Malware, short for malicious software, is a general term encompassing various types of harmful or intrusive software. It’s designed to damage, disrupt operations and gain unauthorized access to a computer system.

Here’s a deeper look into the different types of malware:

• Virus: A computer virus is a type of malicious software that replicates itself by modifying other computer programs and inserting its own code when executed. Viruses often perform harmful activities such as corrupting system files, stealing data, taking control of system operations and more. They can often spread via email attachments, file downloads, or malicious web links. Viruses may require some form of user interaction to infect a system, such as opening a malicious file or running a malicious program.
• Worm: Unlike a virus, a worm is standalone software that replicates itself to spread to other computers. It doesn’t need to attach itself to another program. Worms often exploit vulnerabilities in operating systems or software applications to spread without any user interaction. They can cause damage by consuming bandwidth or overloading a system’s resources, potentially leading to system slowdowns or crashes.
• Trojan: Named after the Greek story of the Trojan Horse, a Trojan is a type of malware that disguises itself as a normal file or program to trick users into downloading and installing malware. Unlike viruses and worms, Trojans don’t replicate themselves but can be just as destructive. Trojans often create a backdoor in a computer systems allowing an attacker to gain control of the system and potentially access sensitive information.
• Spyware: This type of malware secretly observes the user’s activities without consent and sends the information to the attacker. Spyware can collect various types of personal information, such as internet surfing habits, user logins, keystrokes , bank or credit account information and more. It often works silently in the background, making it difficult for users to detect.
• Adware: While not always harmful, adware can be intrusive. It automatically displays or downloads advertising material (often unwanted) when a user is online. In some cases, adware can come bundled with spyware that collects and sends user information to third parties without the user’s consent.
• Ransomware: This type of malware encrypts the user’s files and data and copies the data onto their servers, the attackers will demand a ransom(In a form of crypto currency) to restore access or to delete the stolen data. The user is often given a deadline to pay and if the deadline is missed the ransomware group involved may publish the sensitive data or sell it to other cyber criminals . Ransomware can spread via phishing emails, malicious advertisements on websites, or exploit kits that take advantage of system vulnerabilities. This has been increasingly used in recent years, with ransomware attacks targeting schools, hospitals, and businesses worldwide.

B. Phishing Attacks

Phishing is a type of social engineering attack often used to steal user data including login credentials and credit card numbers. The attack happens when a perpetrator masquerading as a trusted entity tricks a victim into opening an email, instant message, or text message. The victim is then tricked into clicking a malicious link which can lead to the installation of malware, freezing of the system as part of a ransomware attack or the revealing of sensitive information. According to the Montana government, phishing attacks are the most common way hackers gain access to networks and computers. Let’s delve deeper into different types of phishing attacks:

• Email Phishing: This is the most common phishing scam where attackers send out emails to thousands, sometimes millions of users. In basic email phishing the attackers send emails without conducting specific research on their targets and the emails are not personalized . These emails are designed to appear as though they come from a legitimate company often a financial institution and ask for sensitive information. The emails often create a sense of urgency to prompt the victim to respond quickly. For instance, they might include statements like “Your account will be closed if you don’t respond right away.”
• Spear Phishing: Unlike regular email phishing which involves mass mailing, spear phishing is highly targeted. Attackers gather information about the intended target to create a more personalized and convincing message. This information can include the target’s name, position, company, work phone number and details about their work or personal life. Because of the personal nature of these emails, they can be more difficult to identify as phishing attempts.
• Whaling: Whaling is a type of phishing attack that specifically targets senior executives and other high-profile targets within a business, such as the CEO or CFO. The content of a whaling phishing attempt typically focuses on executive-level issues like a subpoena or customer complaint and they are highly personalized and targeted. Whaling attacks can be challenging to detect because they often involve personal email addresses and appear to be from a trusted source like a fellow executive or a relevant vendor. Phishing attacks heavily rely on human interaction and often involve tricking people into breaking standard security practices.

C. Man-in-the-Middle Attacks

A Man-in-the-Middle (MitM) attack is a type of cyber threat where an attacker intercepts and potentially alters communication between two parties without their knowledge. This act allows the attacker to eavesdrop on the conversation, steal sensitive information or inject malicious data into the communication. Let’s delve deeper into MitM attacks:

• Interception: The first step in a MitM attack is interception. The attacker needs to gain access to the communication channel between the two targets. This access can be achieved in various ways such as packet sniffing, IP spoofing and ARP spoofing. In some situations, the attacker might create a fake Wi-Fi network and trick the victim into connecting to it.
• Decryption: If the intercepted data is encrypted the attacker must decrypt it to read it. This decryption can be achieved through various methods such as key cracking, SSL stripping, or exploiting vulnerabilities in the encryption software.
• Injection: Once the attacker has access to the communication, they can inject malicious data into the conversation. This data could be anything from false information to malicious software. The attacker could also alter the communication by changing the information being sent between the two parties.
• Eavesdropping: In some cases, the attacker might simply listen in on the conversation without altering it. This eavesdropping can provide valuable information like login credentials, credit card numbers or sensitive personal information. MitM attacks can be especially damaging as they can be hard to detect and can provide the attacker with a wealth of information. They can occur in various situations such as email correspondence, online payments, or internet browsing.

D. Distributed Denial-of-Service (DDoS) Attacks

A Distributed Denial-of-Service (DDoS) attack is a malicious attempt to disrupt the normal functioning of a network, service or website by overwhelming it with a flood of internet traffic. These attacks are often carried out using multiple compromised computers know as bots as the sources of traffic. In June 2023, Microsoft Azure and Outlook experienced a DDoS attack on their servers, which caused an outage on their services. Let’s take a more detailed look at DDoS attacks.

• Volume-Based Attacks: This type of DDoS attack aims to overwhelm the bandwidth of the targeted site. It involves flooding the network or servers with massive amounts of data, causing a loss of service. Common types of volume-based attacks include ICMP floods and UDP floods.
• Protocol Attacks: These attacks aim to consume all the processing capacity of the target’s web servers or intermediate resources, such as firewalls and load balancers. They exploit weaknesses in the layer 3 and layer 4 protocol stack by sending malformed pings, partial packets or IP fragments. Examples include SYN floods, Ping of Death and Smurf DDoS.
• Application Layer Attacks: These are the most sophisticated type of DDoS attacks. They target the layer where web pages are generated on the server and delivered to the visitor. They mimic human behavior by interacting with the application or website making them harder to detect and mitigate. Examples include HTTP floods and Slowloris attacks.

E. SQL Injection Attacks

SQL Injection is a code injection technique that attackers use to exploit vulnerabilities in a web application’s database query software. This type of attack can manipulate the SQL statements that a web application uses to interact with its database allowing the attacker to view, modify or delete data in the database. In June 2023, hackers used an SQL injection flaw in the Moveit transfer to steal data from large companies including BBC and others . Let’s take a more detailed look at SQL Injection attacks.

• Classic SQL Injection: In a classic SQL injection scenario, the attacker includes malicious SQL code in a user input field that is included in an SQL query. If the user input is not properly sanitized before being included in the SQL query, the malicious SQL code will be executed by the database. This can allow the attacker to view data that they should not have access to, modify or delete data, or even execute administrative operations on the database.
• Blind SQL Injection: In a blind SQL injection attack, the attacker asks the database true or false questions and determines the answer based on the application’s response. This type of attack is used when the web application is configured to show generic error messages but has not mitigated the code vulnerability that allows an attacker to inject SQL statements.
• Time-Based Blind SQL Injection: In this type of SQL injection, the attacker injects a query that forces the database to wait for a period of time (time delay) before responding. The response time will indicate to the attacker whether the result of the query is TRUE or FALSE.
• Out-of-band SQL Injection: This is a more complex form of SQL injection. Instead of using the same communication channel to launch the attack and gather results, an attacker can use different channels (out-of-band) to receive the data often in situations where the server responses are not very verbose.

F. Zero-day Exploits

A zero-day exploit is a cyber attack that occurs on the same day a weakness or vulnerability is discovered in software. The term “zero-day” refers to the fact that the developers have “zero days” to fix the problem that has just been exposed and perhaps already exploited by hackers.

These attacks are particularly dangerous because they occur before the developer is aware of the vulnerability. By the time the developer learns about the issue, there may have already been significant damage or unauthorized access to data. Here’s a more detailed look at zero-day exploits:

• Discovery of Vulnerability: A zero-day attack starts with the discovery of a vulnerability that’s unknown to the software vendors or when it’s known but unpatched. These vulnerabilities can be flaws in software code that allow an attacker to execute malicious code, gain control of the system, or steal data.
• Exploit Creation: Hackers then create an exploit — a piece of software, a chunk of data, or a sequence of commands that takes advantage of these vulnerabilities. This exploit is designed to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). In the wrong hands, this exploit can be used to carry out an attack.
• Zero-Day Attack: A zero-day attack happens when a hacker uses that exploit before the software vendor knows about the vulnerability or has had the time to develop and distribute a solution (patch). Hence, “zero-day.”
• Potential Damage: The damage from a zero-day attack can be significant. The attacker can potentially gain control of the system, steal sensitive data, install malicious software, create a backdoor to the system for future access, or cause other harm.
• Response and Patching: Once the software vendor becomes aware of the vulnerability, they work to develop a patch or workaround to fix the flaw. This is then distributed to users, who need to apply the patch to protect their systems.
• N-day vulnerability: After the vulnerability is disclosed or detected being used in the wild, it’s typically referred to as an “N-day” or “one-day” vulnerability.

G. Advanced Persistent Threats (APTs)

An Advanced Persistent Threat (APT) is a prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period. These attacks are typically carried out by highly skilled adversaries, such as state-sponsored groups, seeking to steal, spy, or disrupt. Here’s a more detailed look at APTs:

• Targeted Attacks: APTs are typically targeted at organizations in sectors with high-value information, such as national defense, manufacturing, and the financial industry. The attackers often have a specific goal, such as stealing intellectual property, compromising infrastructure, or spying on the target for political gain.
• Long-term Presence: The “persistent” in APT refers to the attacker’s objective to maintain long-term access to the target, as opposed to most attacks, which aim to get in and out as quickly as possible. This allows the attacker to map out the network, identify all the resources, and access the most valuable information at their leisure.
• Sophisticated Techniques: APT attackers often use sophisticated techniques to gain initial access and then to remain undetected within the network. This can include zero-day exploits, spear phishing, and the use of custom malware that is not detected by typical antivirus software.
• Lateral Movement: Once inside a network, APT attackers often move laterally, exploiting the fact that internal systems are usually less defended than the perimeter. They can compromise additional systems, escalate privileges, and gather more and more information over time.
• Data Exfiltration: The ultimate goal of an APT attack is usually to exfiltrate data from the target network. This can be done slowly over time to avoid detection. The data is often encrypted and sent to a remote server controlled by the attacker.

Find information on how your personal data is being sold here