Top Cyber Security Threats: How Threat Intelligence Can Help

Table of Contents

Every business is under constant threat from a multitude of sources, especially when they are online. From the most significant Fortune 500 companies, down to the smallest of those mom-and-pop stores — no business is 100% safe from a cyber-attack. The simple fact is that there are too many threats out there to prevent them all effectively.

However, malware isn’t the only threat out there. Several cyber security threats and network vulnerabilities in existence can exploit to steal your company’s data or cause harm.

Cyber security threats reflect the risk of experiencing a cyber-attack. A cyber-attack is an intentional and malicious effort by an attacker to breach another organisation’s systems or individual. The attacker’s motives may include information theft, financial gain, espionage, or to sabotage the organisational assets.

Main Types Of Cyber Security Threats

The main types of cyber security threats are listed below.

  • Distributed denial of service (DDoS)
  • Man in the Middle (MitM)
  • Social engineering
  • Malware and spyware
  • Password attacks
  • Advanced persistent threats (APT)

Let’s dig in and take a closer look at each one of these threats in detail.

Distributed Denial Of Service (DDoS)

A denial of service (DoS) attack aims to overwhelm a target system’s resources and cause it to stop functioning. The threat then denies access to its users. Distributed denial of service (DDoS) is a variant of DoS in which attackers compromise a large number of computers or other devices, and use them in a coordinated attack against the target system.

DDoS attacks are often used in combination with other cyber threats. These attacks may launch a denial of service to capture security staff’s attention and create confusion. Meanwhile, the DDoS carries out more subtle attacks aimed at stealing data or causing other severe damage.

Methods of DDoS attack include:

  • Botnets — these are the systems under hacker control that have been infected with malware. These bots carry out the DDoS attacks under the command of the attackers.
  • Smurf attack — these attacks send Internet the Control Message Protocol (ICMP) echo requests to the victim’s IP address. Attackers automate this process and perform it at scale to overwhelm a target system.
  • TCP SYN flood attack — attacks flood the target system with connection requests. When the target system attempts to complete the connection, the attacker’s device does not respond, forcing the target system to time out. This quickly fills the connection queue, preventing legitimate users from connecting.
Cyber Security

Man-In-The-Middle Attack (MitM)

When users or devices access a remote system over the internet, they assume they communicate directly with the target system’s server. While in a MitM attack, attackers break this assumption and place themselves in between the user and the target server.

Once the attacker has intercepted communications, they may compromise the user’s credentials, steal sensitive data and return different user responses.

MitM attacks include:

  • Session hijacking — an attacker hijacks a session between a network server and a client. The attacking computer substitutes its IP address for the IP address of the client. The server believes it is corresponding with the client and continues the session.
  • Replay attack — a cybercriminal eavesdrops on network communication and replays messages later, pretending to be the user. Replay attacks have been primarily mitigated by adding timestamps to network communications.
  • IP spoofing — an attacker convinces a system that it is corresponding with a trusted, known entity. The system thus provides the attacker with access. The attacker forges its packet with the IP source address of a trusted host, rather than its own IP address.
  • Eavesdropping attack — attackers leverage insecure network communication to access information transmitted between client and server. These attacks are difficult to detect because network transmissions appear to act naturally.

Social Engineering Attacks

Social engineering attacks work by psychologically manipulating users into performing actions desirable to an attacker or divulging sensitive information.

Social engineering attacks include:

  • Phishing — attackers send fraudulent correspondence that seems to come from legitimate sources, usually via email. The email may urge the user to perform a necessary action or click on a link to a malicious website, leading them to hand over sensitive information to the attacker or expose themselves to malicious downloads. Phishing emails may include an email attachment infected with malware.
  • Spear phishing — a variant of phishing in which attackers specifically target individuals with security privileges or influence, such as system administrators or senior executives.
  • Homograph attacks — attackers create fake websites with very similar web addresses to a legitimate website. Users access these fake websites without noticing the slight difference in URL and may submit their credentials or other sensitive information to the attacker.

Malware And Spyware Attack

Attackers use many methods to get malware into a user’s device. Users may be asked to take action, like clicking a link or opening an attachment. In other cases, the malware uses vulnerabilities in browsers or operating systems to install themselves without the user’s knowledge or consent.

After the installation, the malware monitors user’s activities, send confidential data to the attacker, assist the attacker in penetrating other targets within the network, and even cause the user’s device to participate in a botnet leveraged by the attacker for malicious intent.

Malware and Spyware attacks include:

  • Trojan virus — the virustricks a user into thinking it is a harmless file. A Trojan can launch an attack on a system and establish a backdoor that attackers can use.
  • Ransomware — prevents access to the victim’s data and threatens to delete or publish it unless a ransom is paid.
  • Malvertising — online advertising controlled by hackers, which contains malicious code that infects a user’s computer when they click or even view the ad. Malvertising has been found on many leading online publications.
  • Wiper malware — this threatintends to destroy data or systems, by overwriting targeted files or eliminating an entire file system.
  • Drive-by downloads — attackers can hack websites and insert malicious scripts into PHP or HTTP code on a page. When users visit the page, malware is directly installed on their computer; or the attacker’s script redirects users to a malicious site, which performs the download. Drive-by downloads rely on vulnerabilities in browsers or operating systems.
  • Rogue security software — pretend to scan for malware and then regularly show the user fake warnings and detections. Attackers may ask the user to pay to remove the counterfeit threats from their computer or to register the software. Users who comply with the instruction end up transferring their financial details to the attacker.

Password Attacks

A hacker can access an individual’s password information by ‘sniffing’ the connection to the network, using social engineering, guessing, or gaining access to a password database. An attacker can ‘guess’ a password either randomly or systematically.

Passwords attacks include:

  • Brute-force password guessing — an attacker uses software to try many different passwords, in the hope of guessing the correct one. The software can use some logic to trying passwords related to the name of the individual, their job, their family, etc.
  • Dictionary attack — a dictionary of common passwords is used to gain access to the victim’s computer and network. One method is to copy an encrypted file with passwords, apply the same encryption to a dictionary of regularly used passwords, and contrast the findings.

Advanced Persistent Threats (APT)

When an individual or group gains unauthorised access to a network and remains undiscovered for an extended period, the attackers may exfiltrate sensitive data. To perform APT, sophisticated attackers and significant efforts are involved in the process. These attacks are usually launched against nation-states, large corporations or other valuable targets.

Threat Intelligence For Threat Prevention

Threat intelligence, or often known as the cyber threat intelligence, is information an organisation uses to understand the threats that have will, or are currently targeting the organisation. This info is used to prepare, prevent, and identify cyber threats looking to take advantage of valuable resources. 

Threat intelligence systems are commonly used in combination with other security tools. When a security system detects a threat, it is cross-referenced with threat intelligence data to understand the threat’s nature immediately. It is analysed for its severity and works on the known methods for alleviating or containing the threat. In many cases, the threat of intelligence can help automatically block threats.

Threat intelligence is generally provided in the form of feeds. Several vendors are offering threat intelligence feeds. They can help manage threat data and assist in integrating it with other security systems.

Share this post