Cyber security threats come in many shapes and sizes. It takes a decade or more to become comfortable with all of the different attack methodologies, and be able to formulate a decent response to just about any situation.
The truth is: Most people who are in charge of a company’s cybersecurity are experts in about a third of the kinds of attacks that they may face off against. The smart ones surround themselves with people who are experts in the other types. Then not-so-smart ones have too much pride to spread the burden of constant learning and preparation.
But in order to know what you don’t (yet) know, a list of potential cyber security threats would be helpful. So without further ado, here are the ten most common types of cyber security threats.
Man-in-the-middle attacks require the attacker to have a presence somewhere in between the victim and the resource that they’re trying to access. If possible, they want to be in a position where they can see the unencrypted data flow. If someone works at an ISP, or hijacks an access point (wireless, phone tower, or even faking satellite uplinks) they can promiscuously snoop traffic, act as a pass-through while they scrape data as that flows by, and all sort of other nasty tricks.
Denial of Service
Denial of service (DoS) is a frustrating type of cyber security threat. DoS attacks attempt to overwhelm specific network or computing resources by flooding them with a ton of network traffic. The result will either be taking something offline by chewing through all available bandwidth, or to cause the defenses of certain services to self-destruct under the stress, leaving the rest of the system wide open for access. Distributed denial of service (DDoS) attacks are performed by botnets with nodes all over the world, which makes countermeasures more difficult.
Brute Force Attacks
Brute force attacks are attempting to break an encryption by trying every possible combination of characters in a key. Most of these attacks will only work against weaker or more outdated forms of encryption. Encryption with a small key space, known flaws in random number generation (RNG), and other vulnerabilities that limit the number of possible keys can greatly decrease the time required for a brute force attack. However: Modern encryption methods with 256+ bit key lengths effectively increase the brute force time to beyond the lifetime of our solar system. That doesn’t mean that future computers, like quantum systems, won’t have a better shot. Vulnerability to quantum computing is a relatively new consideration, and older encryption methods may be vulnerable.
Backdoors are hidden ways that either intentionally or unintentionally give privileged access to a system. Maybe they were used in the testing process to quickly change permissions, but they never got removed. Maybe they’re required by the government of the manufacturing or hosting country, for use in some kind of authoritarian monitoring. If the backdoor isn’t closed before the system goes online, anyone who knows how to access that secret feature will be able to take control of the hardware or software.
Fingerprinting refers to the ability to follow and monitor a user’s online activities over time by leveraging their device or browser’s digital fingerprint. Since factors like hardware configurations, browser settings, installed fonts and plugins create a unique combination on every user’s machine, they allow websites and other parties to persistently recognize and track each device interacting with them. Rather than using easy to clear cookies or logins, fingerprinting relies on involuntary factors that are very difficult for average users to mask or change. This allows for seamless tracking of users no matter where they browse. From purchasing habits to political interests, trackers can build extensive behavioral profiles without consent. Given our reliance on staying connected online, the potential for large-scale exploitation of data collected via fingerprinting poses a severe cybersecurity threat. Our awareness of how much our actions across the internet may monitored or misused lags behind, as does regulation around ethical use of fingerprint tracking. A privacy app like Hoody can hide device and browser fingerprinting and make tracking impossible.
Phishing is a way to convince users to give away their personal information and security credentials. It’s usually completely remote and automated. By sending an E-mail, setting up a web form, creating a cleverly disguised app, or putting up a trap website, phishing experts try to get the user to fill out forms, or otherwise provide information that can be used to gain access to sensitive systems. The more targeted, personalized version of this that hones in on a single individual is called ‘spear phishing’.
Social engineering is one of the oldest cyber security threats in the industry. It’s the process of fooling someone into committing a security breach by lying to them. It can also apply to taking advantage of bad business processes. By accessing information that has been handled carelessly, such as by looking for old hardware or authentication information in the trash or recycling bins, a treasure trove of company data can be harvested.
Zero-day exploits are vulnerabilities that were discovered and abused before a patch could be created. Hardware, software, or firmware flaws that may have been part of the core system for years are manipulated to create a surprise attack with no simple or easy countermeasures available. It takes a good generalist and a cool head to deal with these.
Malware attempts to hide code on a system that will later use the operator’s permissions to take over in secret. The malware is often installed along with the expected contents of a downloaded or Torrented file. Once installed, it can spy on the user’s actions, probe the network, infect other systems on the network, or set up a botnet for later.
SQL injection uses Structured Query Language to attack a server that is running on relational databases. Some tricks are commonly ignored or overlooked by basic database permissions. SQL injection uses commands that are ‘escaped’ into the system in order to reveal information that would normally only be accessible to privileged users. It can even change the permissions of the database itself. Some forms of SQL injection submit strings of malicious code via a website’s search box or other DB-connected field. Others can be executed as the response to a data query from an existing app.
DNS tunneling is a secondary hacking method that is often used to exfiltrate data. The packets are disguised as other kinds of traffic, looking like legitimate queries sent over the port dedicated to DNS (often port 53). This is how a hacker can bypass normal firewall restrictions and fool network monitoring systems into thinking their activity is nothing out of the ordinary. This technique can also be used as a command and control method for malware infected computers and botnets.
Only by keeping on top of your continuing IT education will you stay one step ahead of cyber security threats. Take a class, read a book, attend a webinar… whatever you have to do to stay aware of developments in the field. Be humble, stay informed, and be careful out there.