Organizations are under greater threat than ever. It doesn’t matter the type of industry or size of the organization. Threat actors of all kinds—whether governments, criminals, corporate spies, or your everyday hackers—are out to disrupt operations and compromise sensitive data. They might be in it for the money or competitive edge or political gain or an assortment of other reasons. And they’re getting better at it all the time, with attacks becoming more sophisticated, targeted, aggressive, and costlier for the victim. No organization is safe in today’s climate of cybersecurity threats, and every indication is that it will only get worse in the years to come.
What is a cybersecurity threat?
A cybersecurity threat can be defined as any potential action driven by malicious intent that could result in damaged or stolen data, disrupted services or operations, or the destruction of computer or network resources. Cybersecurity threats might target individuals, organizations, industries, or governments, and they might be carried out for any of the following reasons:
- Steal sensitive data or intellectual property
- Destroy, corrupt, or manipulate data
- Hold data and systems hostage
- Damage computer or network systems
- Disrupt or disable operations
- Gain a competitive advantage
- Make money
Whatever the reason, a successful cyberattack can have dire consequences. It can stop supply chains, disrupt utility services, paralyze transportation, bankrupt a business, or threaten national security. Organizations that fall victim to cyberattacks might end up paying large ransoms or be subject to lawsuits or regulatory penalties. They might also have to contend with tarnished reputations and lost revenue—fallout from which they might never recover.
The Covid pandemic has only fueled the threat momentum. Cybersecurity teams must contend with larger attack surfaces and users connecting from less secure environments with more people working from home. Cybercriminals have been quick to take advantage of the new vulnerabilities by carrying out Covid-themed attacks, often in the form of socially engineered phishing scams. In the US alone, such attacks rose to 30,000 per day early in the pandemic, according to the Microsoft 365 Defender Threat Intelligence Team.
But this figure tells only part of the story. Cisco’s 2021 Cyber security threat trends report paints a particularly grim picture of what today’s organizations are up against:
- 86% had at least one user try to connect to a phishing site.
- 70% had users who were served malicious browser ads.
- 69% experienced some level of unsolicited cryptomining.
- 50% encountered ransomware-related activity.
- 48% found information-stealing malware.
The report also states that cryptomining, phishing, ransomware, and trojans averaged 10 times the activity of all other threat types, reaching internet query volumes of around 100 million each month. And such attacks have serious financial consequences. According to IBM’s Cost of a Data Breach Report 2021, the average cost of a data breach rose from US$3.86 million to US$4.24 million in the past year, the highest average in the report’s history. IBM has been publishing this report for 17 years.
Sources of cybersecurity threats
Cybersecurity attacks come from an assortment of threat actors using various tactics and techniques to infiltrate secure systems in organizations of all types and sizes. An organization might come under attack from any of the following types of groups or individuals:
- Nation states. Government-sponsored cyberattacks might target individuals, organizations, or other countries in an attempt to steal data, inflict damage, disrupt communications, or in other ways undermine operations.
- Terrorist groups. Similar to nation states, terrorists might go after individuals, organizations, or governments, often with the goal of compromising national security and stability, disrupting economies and infrastructure, or gathering intelligence for carrying out other types of attacks.
- Criminal groups. Criminals are in it for the money and will use whatever means possible to gain access to data for their financial gain, whether they go after trade secrets, blackmail material, financial records, or personally identifiable information (PII).
- Hackers. Hackers exploit vulnerabilities in computer and network systems to carry out different types of actions, depending on their motives, which might include revenge, financial gain, thrill-seeking, or bragging rights.
- Hacktivists. These types of hackers also exploit system vulnerabilities but do so specifically to support their political agendas rather than for the other reasons hackers might have for infiltrating secure systems.
- Corporate spies. Corporate spies gain access to their competitors’ systems in order to disrupt their operations, steal trade secrets, gather blackmail material, or take other actions that might lead to a competitive edge.
- Insider threats. Employees, contractors, and other individuals with legitimate access to an organization’s network can also represent a threat to security, whether the individuals are malicious insiders who knowingly set out to cause harm or untrained workers who are careless with communications or system settings.
Clearly, there is no shortage of individuals or groups that might try to undermine an organization’s defenses, leaving IT and security teams under greater pressure than ever to protect their systems and data from both seen and unseen threats.
Types of cyberattacks
Threat actors use a wide range of cybersecurity attacks to access secure systems, and these attacks are continuously evolving and growing more intelligent and sophisticated by the day. Many of today’s cyberattacks fall into the following categories.
Malware is malicious software introduced into computer and network systems through various means. Malware can take many forms, including spyware, ransomware, trojans, viruses, worms, adware, and botnets. Once malware has been downloaded onto a system, it might change how the system behaves, monitor user behavior, steal information, or damage or lock data. It might also spread to other systems on the network.
Although any type of malware is a concern, the rise in ransomware in the past couple of years has been particularly chilling, with attackers gaining access to secure systems, encrypting critical data, and then demanding exorbitant ransoms to unlock the data. Even if an organization pays the ransom, there’s no guarantee that the data will be unlocked or that it won’t be locked again. The problem has grown even worse lately, with criminals now stealing the data along with locking it.
Threat actors use social engineering techniques to gain access to sensitive information by tricking users into taking actions that will somehow compromise their systems. For example, cybercriminals might send out an email that appears to its recipients to come from a legitimate source. The email might include an attachment that contains malware or a link to a rogue website where users enter their login credentials, believing they’re accessing the actual site.
This type of email represents a form of social engineering attack called phishing—one of the most common types of cyberattacks being carried out. Phishing is often used to get recipients to reveal sensitive information such as credit card numbers, login information, or sensitive PII. It is also used to get them to inadvertently load malware. In many cases, recipients don’t realize that they’ve been duped. More recently, there’s been a surge in spear phishing—a more targeted and sophisticated form of phishing.
Denial of service
A denial of service (DoS) attack attempts to overwhelm computer and network systems with a flood of traffic, overburdening resources and making it impossible for those systems to respond to legitimate requests. DoS attacks are primarily used to disrupt operations rather than get at sensitive data, although in some cases, they might be used to prepare the environment for another type of attack by making the systems more vulnerable.
One DoS variation that’s been growing in popularity is the distributed DoS (DDoS) attack, which is just like a basic DoS threat except that the attack is launched from multiple compromised devices, such as client computers on a network. The proliferation of Internet of Things (IoT) devices has significantly increased the risk of DDoS attacks.
Man-in-the-middle (MITM) attacks occur when hackers insert themselves into the communications between two parties, allowing them to steal sensitive data or filter the data and modify the responses. Such attacks might also be used to install malware on either party’s system, or they might be used simply to eavesdrop on conversations.
Communications across public Wi-Fi networks are particularly susceptible to MITM attacks, which are often used to hijack sessions between client and server systems. For example, an attacker might substitute the client’s Internet Protocol (IP) address in the middle of a trusted connection, making it possible for the attacker to access restricted server resources. Cybercriminals might use a similar strategy to spoof email addresses in an attempt to get users to reveal sensitive information.
Code injection refers to a type of attack in which malicious code is inserted into viable code. The most common type of code injection attack is SQL injection (all SQL language database systems), which occurs when an attacker inserts destructive code into queries that target SQL databases. A hacker could conceivably delete or modify data, update database permissions, or change the database structure by modifying the queries.
Domain Name Service
Attacks against a network’s Domain Name Service (DNS) is a common type of threat that target’s the DNS to exploit its vulnerabilities. For example, an attacker might redirect web traffic to a malicious website by taking advantage of DNS vulnerabilities without needing to hack into the website itself.
DNS attacks come in many variations, including specific forms of DoS and DDoS attacks, although there are other types of DNS attacks as well. For example, hackers might use DNS tunneling to hide data in DNS queries and carry out malicious commands, or they might use DNS spoofing to modify DNS records and alter a domain’s traffic. On the other hand, an attacker might use a fast flux DNS attack to obscure the origin of malicious sites in order to launch a botnet attack.
Plenty of other threats lurking out there
Although I’ve covered some of the more common cyberattacks being waged against today’s organizations, these are by no means the only ones out there. Threat actors are looking for any way possible to exploit known or newly discovered security vulnerabilities to carry their agendas:
- As more companies move to the cloud, cybercriminals are following suit, hijacking accounts, exploiting misconfigurations, looking for security holes in cloud platforms, or taking advantage of any other opportunities that arise.
- The proliferation of IoT devices also means a proliferation in network vulnerabilities, as an increasing number of connected devices offer access points for hackers to gain a foothold into secure systems.
- As long as vulnerable web applications are being deployed, threat actors will continue to exploit those vulnerabilities by injecting code, intercepting responses, tampering with parameters, or taking advantage of them however they can.
- Not all hardware, firmware, and software vulnerabilities are known or understood, and hackers from across the globe stand ready to carry out zero-day attacks as soon as they uncover new vulnerabilities.
- Password use still predominates, often without the benefit of multi-factor authentication, and attackers are more than happy to use social engineering, interception, brute-force methods, dictionary attacks, or any other means available to get those passwords for themselves.
- Cybercriminals are not above taking advantage of systems running unpatched or unsupported software containing known security vulnerabilities, especially when there are also well-publicized paths to exploitation.
In addition to these types of hazards, organizations must also remain vigilant for the assortment of emerging threats as attacks continue to grow more sophisticated and aggressive. We’re already seeing examples of what organizations are up against in attacks such as cryptojacking and wiper malware. Organizations will also have to contend with the growing number of threats against everything from firmware to IoT devices to supply chain networks. And there’s nothing to stop threat actors from taking advantage of the many advancements in artificial intelligence, machine learning, deep learning, and other AI technologies to wage their attacks.
Protecting against cybersecurity threats
The growing threat of cyberattacks will continue to put pressure on IT and security teams to safeguard their systems and data. It will also require due diligence from developers, administrators, knowledge workers, managers, and other key players to keep security at the forefront of their thinking. Any type of cyberattack can have far-reaching implications on an organization’s ability to operate, carry out business, and perhaps even survive.
But protecting against cyberattacks is no small matter. It requires a comprehensive plan that incorporates server, network, application, and endpoint security and ensures that data is protected throughout its lifespan, whether generated by IoT devices, stored in the cloud, accessed via smartphones, or managed by on-premises database systems. It also requires the use of cyber threat intelligence to effectively understand and respond to the threat landscape. Above all, organizations must understand the types of threats they’re up against now and in the foreseeable future and take whatever steps necessary to safeguard their systems and data against the onslaught of cybersecurity threats.
If you like this article, you might also like What to monitor for SQL Server security.