What are cybersecurity threats?
A cybersecurity threat is any threat posed online or in a digital space. You might be exposed to cybersecurity threats as soon as you connect your device to the internet. While some risks arise from human error, most are the result of bad actors operating with malicious intent.
From man-in-the-middle (MITM) attacks to malware, cybercriminals have a wide range of tactics with which to target victims online. Some threats, like DDoS attacks, can cause massive disruption for multiple users, while others target individuals with social engineering scams and personalized attacks.
Cybersecurity threats can lead to personal financial loss, online harassment, and the disruption of essential services. Companies and even national governments can also be targeted, with disastrous results. To understand the risks you face and how you can protect yourself, it’s important to understand the causes of online threats and cyberattacks.
What causes cyberattacks?
Cyberattacks are caused by hackers and cybercriminals who are usually motivated by financial gain. Certain circumstances increase the likelihood of an attack, however, or make individuals more tempting as targets. Behind most cyberattacks is one of two causes:
- Human error. The most common factor that makes a cyberattack more likely is an error on the part of the victim. Using weak passwords, connecting to unsafe public Wi-Fi, and failing to keep software updated are all examples of mistakes that could make you an easier target for cybercriminals.
- Software weaknesses. The other major cause of cyberattacks is weaknesses in software. Even if you take all the necessary steps to protect yourself online, bugs and misconfigurations in the code of an application or website you use could still be exploited, allowing hackers to steal your information.
What are the consequences of cyberattacks?
Cyberattacks can have dire consequences. Victims might lose money or have their personal information exposed on the internet. Their devices and online accounts might be hijacked and used to launch new attacks against other people.
The consequences can play out on a much larger scale for organizations like businesses or government agencies. A corporate data breach could put customers at risk and cause massive reputational damage. The PR fallout from a major attack can linger on long after any initial financial loss has been absorbed.
While the loss of money and reputation can be devastating for individuals and businesses, cyberattacks against critical infrastructure like energy networks and hospitals can have deadly results. Cyber warfare is on the rise, and ransomware attacks against hospitals and power plants could be catastrophic.
The most common sources of cybersecurity threats
Organizations and individuals face cybersecurity threats from a range of sources:
- Lone hackers. Lone-wolf hackers can carry out massive attacks, even without the support of a larger hacking collective. Many cybercriminals operate in this way, maintaining online anonymity while targeting victims across the globe. With a few exceptions, like piggybacking or RFID skimming, most attacks can be performed at a distance and require minimal manpower.
- Criminal groups. While many hackers work alone, others form large collectives. Some of these criminal groups develop ransomware and launch attacks against major companies, while others run large-scale vishing scams from call centers around the globe. In recent years, criminal hacking groups have been linked to nation-states including Russia and North Korea.
- Nation states and intelligence agencies. Large-scale cybersecurity attacks are sometimes launched as acts of cyber warfare between nation-states. Intelligence agencies have also been accused of actively cultivating backdoors in certain software, allowing for covert data gathering later.
- Malicious insiders. Threats don’t always come from the outside. Sometimes, bad actors within an organization (referred to as malicious insiders) can pose a major risk to data security. An insider might steal information themselves or pass sensitive data to someone on the outside, allowing them to launch an attack.
Types of cybersecurity threats
Let’s explore some of the most common cybersecurity threats currently active on the internet.
Malware is any piece of software designed for malicious purposes, and malware attacks can occur through many different channels. A computer worm or a hacker’s rootkit might be installed as a trojan, stowing away within a larger file. An email virus could be delivered in the form of an infected attachment. Let’s look at some of the most common types of malware.
- Spyware monitors your activity, logging keystrokes or even mirroring your screen. Spyware allows a hacker to watch your every move and view your sensitive data, including passwords and other login credentials. Armed with this information, hackers can break into your online profiles, steal your identity, or empty your bank accounts.
- Ransomware encrypts some or all of the files on the device. A message is then delivered to the device’s user informing them that if they wish to regain access to their encrypted data, they must pay a ransom. This ransom is usually to be transferred in cryptocurrency to the hacker’s online wallet, making it harder to trace them.
- Cryptojacking malware secretly hijacks your operating system to mine cryptocurrency. Mining involves running complex calculations related to the trade of cryptocurrency which, in turn, generates more currency. You might not notice any obvious adverse effects from cryptojacking malware at first, but this malware will use up considerable amounts of processing power and slow your device down over time.
- Fileless malware operates without leaving traditional traces on a computer’s hard drive, which makes it particularly hard to detect. Normally, malware requires files or executable programs to be saved on your device. Fileless malware installs itself directly into your computer’s RAM and does not manifest as a file that can be found by searching your operating system’s storage.
- Adware is unwanted software that displays advertisements on a user’s device. While not inherently dangerous, adware can be annoying and degrades system performance. Adware often comes bundled with free software, or may even come preinstalled on a device.
Many cyberattacks involve social engineering, a tactic in which hackers take on false identities to trick victims into exposing data or downloading malware. Most social engineering attacks are based on baiting users into willingly taking steps that put their data at risk, but many different strategies are employed.
- Pretexting attacks involve hackers creating a false pretext to lure a victim into revealing sensitive information. This often means building a false sense of trust with the target by pretending to be someone they know or claiming to be part of a trusted organization (a bank or a charity, for example).
- Phishing is one of the most common types of social engineering. Hackers send messages to potential victims, usually via email, pretending to be someone they are not. Phishing is heavily based on pretexting, with attackers trying to convince their victims that they are emailing on behalf of a trusted entity, like a major company or a government agency. These messages usually contain a link — if the receiver clicks it, it could install malware on their device or lead them to expose sensitive data.
- Vishing, or voice phishing, involves using a voice communication system to lure someone into divulging personal information or downloading malware. Attackers call their victims, using either traditional phone lines or VoIP platforms, and try to convince them to expose information over the phone or follow steps on their device that will cause a malware installation.
- Smishing is like phishing but uses SMS (text messaging) instead of email. In a smishing attack, the perpetrator takes on a false identity and tries to convince the receiver to click a malicious link in an SMS message.
In spoofing attacks, bad actors temporarily mask elements of their online identity with fake identifiers, like email domains or IP addresses. Spoofing can come in many forms, as described below.
- Email spoofing is a technique used to make phishing attacks more effective. A bad actor can forge an email domain within the header information on an email, making it look as though the message was sent from a different source address. Seeing what appears to be the email address of a reliable sender, a victim may unthinkingly trust the email’s authenticity and be more inclined to click on a link or attachment it contains.
- DNS spoofing involves manipulating the domain name system (DNS) to redirect users to malicious websites. DNS servers are key components in internet infrastructure — if you search for a domain name online, a DNS server can check its logs and find the IP address associated with that domain. Hackers send fake information to a DNS server and trick it into associating the IP address of a malware delivery site with the domain of a legitimate website. When the DNS server connects you to the domain you asked for, you might end up being sent to the hacker’s site instead.
- IP spoofing alters the source IP address in an IP packet to deceive the recipient about the packet’s origin. By forging the source IP, attackers can hide their identity during attacks or convince devices that data is being sent from a trusted source. IP spoofing is also used to launch DDoS attacks, with hackers sending millions of data requests and spoofing the address of whoever they’re trying to target. When their requests are answered, all the responses go to the spoofed IP address, overwhelming it with activity and potentially forcing it offline.
Distributed denial of service (DDoS) attacks are intended to cause disruption and make websites and services inaccessible to legitimate users. Many different tactics can be used to achieve this end.
- SYN flooding attacks take advantage of a vulnerability in the three-way handshake of the TCP protocol, a process used to establish reliable communication channels before data transfer. Attackers overwhelm a target’s resources by flooding it with a high volume of SYN requests, preventing a legitimate connection from occurring.
- NTP amplification attacks exploit the Network Time Protocol (NTP) to overwhelm a target with amplified traffic. Attackers target vulnerable NTP servers to amplify their attack, leading to service disruption for the target. For this to work, the targeted NTP servers have to be poorly configured and unprotected.
- Ping flood attacks overwhelm networks with fake ping requests. The attacker uses a tool or script to send a massive number of ICMP (Internet Control Message Protocol) echo request packets (pings) to a target device or network. Each ping packet prompts the target to respond with an ICMP echo reply. If enough of this traffic occurs at once, the network can be flooded to capacity, making it impossible for other users to access it.
Code injection attacks
Code injection is the process of inserting some kind of malicious code into a system to elicit an unauthorized response (data retrieval from a database, for example).
- Command injection involves running commands through a user input field and forcing a website or application to respond. An example of this is SQL injection, in which a hacker inputs code into a website and causes the website’s database query system to provide information the hacker is not authorized to access.
- Cross-site scripting (XSS) is an attack in which bad actors inject malicious scripts into legitimate, non-malicious web pages. XSS attacks come in two varieties — stored and reflected. In stored XSS attacks, the hacker plants malicious software on the website server, and these stored scripts run when a user connects. Reflected XSS attacks don’t require anything to be permanently stored on the site’s servers and instead focus on sending malicious responses to users as they attempt to connect to the site.
- XML eXternal entities (XXE) injection involves exploiting vulnerabilities in XML parsers to expose internal files or DDoS attacks. Attackers manipulate an XML input to exploit an application’s XML processing capabilities, essentially tricking the application into displaying more information than it’s meant to.
Emerging cyber threats
Cybersecurity threats continually evolve, which makes threat prevention very difficult. What risks should you be aware of in the coming years?
- AI-based attacks. Artificial intelligence is being used in security systems to detect and neutralize threats, but hackers can take advantage of the same technology for their own purposes. With AI-generated deepfakes, vishing can be even more effective, with hackers mimicking the voices of real people over the phone. Likewise, AI can be used to create highly convincing malvertising videos — a trend that has been growing in recent years — with the faces and voices of celebrities being hijacked to promote phishing scams.
- Cloud-storage data breaches. Companies and governments are increasingly storing data in the cloud rather than on local data centers. In response, hackers are focusing their attention on gaining access to these cyber storage spaces, taking advantage of cloud security misconfigurations and poorly protected login credentials to gain unauthorized access to data. The more people and organizations migrate to cloud storage, the more cloud breaches we can expect.
- IoT attacks. The Internet of Things (IoT) is the ecosystem of smart devices we use in daily life, from phones and computers to smart cars and app-controlled central heating systems. The more devices we connect to the internet, the more endpoints hackers can target to gain access to our networks. It seems likely that IoT devices will only become more common, so we can expect cybercriminals to intensify their attacks in this area.
How to prevent cyber threats
You can take proactive steps today to protect against the many cyber threats we’ve discussed in this article. Follow these tips to boost your cybersecurity.
- Update software regularly. To make sure your apps are as safe as they can be, install updates as soon as they are available. Companies are responsible for application security, but one way they make their apps more secure is by patching bugs and potential exploits. If you postpone updates, those patches might not be installed in time to prevent a hack.
- Protect your networks. Hackers are always ready to take advantage of unsecured networks, so make sure to protect yours properly. The first principle of network security is to use a strong password or network key. This should be a complex string of random characters, at least 10 digits long. The longer your network password, the harder it will be for hackers to brute force their way past it.
- Use antivirus software. Install antivirus software on all your devices, especially in work environments. A network is only as safe as the devices that use it. If you have poor endpoint security, it’s only a matter of time until one of the devices is compromised, putting the rest of the network at risk.
- Use a VPN. With a virtual private network (VPN), you can encrypt your online traffic in transit and mask your IP address. If you use NordVPN, you also get access to a range of extra features, including Threat Protection, a suite of tools that can limit the risks of malware infection. NordVPN users can also stay up to date on the latest cybersecurity threat intelligence with NordVPN’s Threat Center.