Following from my previous article on: (Phishing: Definition, Types of Attacks, and Examples), it is perplexedly to know that there are businesses, companies, and corporations who are not taking seriously cyber threats i.e. online threats that are varied, and they do not discriminate organisations from individuals when looking for a target.

Cyber threats are a big deal. Cyberattacks can cause electrical blackouts, failure of military equipment, and breaches of national security secrets. They can result in the theft of valuable, sensitive data like medical records. They can disrupt phone and computer networks or paralyse systems, making data unavailable. In today’s age of technology and society’s reliance on it, it is not an exaggeration to say that cyber threats may affect the functioning of life as we know it.

There are at least 10 types of Cybersecurity Threats:

1. Malware 

Software that performs a malicious task on a target device or network, e.g. corrupting data or taking over a system.

2. Phishing

An email-borne attack involves tricking the email recipient into disclosing confidential information or downloading malware by clicking on a hyperlink in the message.

3. Spear Phishing

This is a more sophisticated form of phishing, where the attacker learns about the victim and impersonates someone he or she knows and trusts.

4. “Man in the Middle” (MitM) attack 

Where an attacker establishes a position between the sender and recipient of electronic messages and intercepts them, perhaps changing them in transit. The sender and recipient believe they are communicating directly with one another. A MitM attack might be used in the military to confuse an enemy.

5. Trojan 

Named after the Trojan Horse of ancient Greek history, the Trojan is a type of malware that enters a target system looking like one thing, e.g. a standard piece of software, but then lets out the malicious code once inside the host system.

6. Ransomware

An attack that involves encrypting data on the target system and demanding a ransom in exchange for letting the user have access to the data again. These attacks range from low-level nuisances to serious incidents like the locking down of the entire city of Atlanta’s municipal government data in 2018.

7. Denial of Service attack or Distributed Denial of Service Attack (DDoS) 

Where an attacker takes over many (perhaps thousands) of devices and uses them to invoke the functions of a target system, e.g. a website, causing it to crash from an overload of demand.

8. Attack on IoT Devices 

IoT devices like industrial sensors are vulnerable to multiple types of cyber threats. These include hackers taking over the device to make it part of a DDoS attack and unauthorised access to data being collected by the device. Given their numbers, geographic distribution, and frequently out-of-date operating systems, IoT devices are a prime target for malicious actors.

9. Data Breaches 

A data breach is a theft of data by a malicious actor. Motives for data breaches include crime (i.e. identity theft), a desire to embarrass an institution (e.g. Edward Snowden or the DNC hack), and espionage.

10. Malware on Mobile Apps 

Mobile devices are vulnerable to malware attacks, just like other computing hardware. Attackers may embed malware in app downloads, mobile websites, or phishing emails and text messages. Once compromised, a mobile device can give the malicious actor access to personal information, location data, financial accounts, and more.

Cyber threats are never static. There are millions being created every year. Most threats follow the standard structures described above. However, they are becoming more and more potent. For example, there is a new generation of zero-day threats that are able to surprise defences because they carry no detectable digital signatures.

Another worrisome trend is the continuing improvement of what experts call Advanced Persistent Threats (APTs). As Business Insider describes APTs, “It’s the best way to define the hackers who burrow into networks and maintain persistence, a connection that can’t be stopped simply by software updates or rebooting a computer.”

The notorious Sony Pictures hack is an example of an APT, where a nation-state actor lurked inside the company’s network for months, evading detection while exfiltrating enormous amounts of data.