A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include computer viruses, data breaches, Denial of Service (DoS) attacks and other attack vectors.
Cyber threats also refer to the possibility of a successful cyber attack that aims to gain unauthorized access, damage, disrupt, or steal an information technology asset, computer network, intellectual property or any other form of sensitive data. Cyber threats can come from within an organization by trusted users or from remote locations by unknown parties.
Where do cyber threats come from?
Cyber threats come from numerous threat actors including:
- Hostile nation-states: National cyber warfare programs provide emerging cyber threats ranging from propaganda, website defacement, espionage, disruption of key infrastructure to loss of life. Government-sponsored programs are increasingly sophisticated and pose advanced threats when compared to other threat actors. Their developing capabilities could cause widespread, long-term damages to the national security of many countries including the United States. Hostile nation-states pose the highest risk due to their ability to effectively employ technology and tools against the most difficult targets like classified networks and critical infrastructure like electricity grids and gas control valves.
- Terrorist groups: Terrorist groups are increasingly using cyber attacks to damage national interests. They are less developed in cyber attacks and have a lower propensity to pursue cyber means than nation-states. It is likely that terrorist groups will present substantial cyber threats as more technically competent generations join their ranks.
- Corporate spies and organized crime organizations: Corporate spies and organized crime organizations pose a risk due to their ability to conduct industrial espionage to steal trade secrets or large-scale monetary theft. Generally, these parties are interested in profit based activities, either making a profit or disrupting a business’s ability to make a profit by attacking key infrastructure of competitors, stealing trade secrets, or gaining access and blackmail material.
- Hacktivists: Hacktivists activities range across political ideals and issues. Most hacktivist groups are concerned with spreading propaganda rather than damaging infrastructure or disrupting services. Their goal is to support their political agenda rather than cause maximum damage to an organization.
- Disgruntled insiders: Disgruntled insiders are a common source of cyber crime. Insiders often don’t need a high degree of computer knowledge to expose sensitive data because they may be authorized to access the data. Insider threats also include third-party vendors and employees who may accidentally introduce malware into systems or may log into a secure S3 bucket, download its contents and share it online resulting in a data breach. Check your S3 permissions or someone else will.
- Hackers: Malicious intruders could take advantage of a zero-day exploit to gain unauthorized access to data. Hackers may break into information systems for a challenge or bragging rights. In the past, this required a high level of skill. Today, automated attack scripts and protocols can be downloaded from the Internet, making sophisticated attacks simple.
- Natural disasters: Natural disasters represent a cyber threat because they can disrupt your key infrastructure just like a cyber attack could.
- Accidental actions of authorized users: An authorized user may forget to correctly configure S3 security, causing a potential data leak. Some of the biggest data breaches have been caused by poor configuration rather than hackers or disgruntled insiders.
What are examples of cyber threats?
Common cyber threats include:
- Malware: Malware is software that does malicious tasks on a device or network such as corrupting data or taking control of a system.
- Spyware: Spyware is a form of malware that hides on a device providing real-time information sharing to its host, enabling them to steal data like bank details and passwords.
- Phishing attacks: Phishing is when a cybercriminal attempts to lure individuals into providing sensitive data such as personally identifiable information (PII), banking and credit card details and passwords.
- Distributed denial of service (DDoS) attacks: Distributed denial of service attacks aim to disrupt a computer network by flooding the network with superfluous requests to overload the system and prevent legitimate requests being fulfilled.
- Ransomware: Ransomware is a type of malware that denies access to a computer system or data until a ransom is paid.
- Zero-day exploits: A zero-day exploit is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching the flaw.
- Advanced persistent threats: An advanced persistent threat is when an unauthorized user gains access to a system or network and remains there without being detected for an extended period of time.
- Trojans: A trojan creates a backdoor in your system, allowing the attacker to gain control of your computer or access confidential information.
- Wiper attacks: A wiper attack is a form of malware whose intention is to wipe the hard drive of the computer it infects.
- Intellectual property theft: Intellectual property theft is stealing or using someone else’s intellectual property without permission.
- Theft of money: Cyber attacks may gain access to credit card numbers or bank accounts to steal money.
- Data manipulation: Data manipulation is a form of cyber attack that doesn’t steal data but aims to change the data to make it harder for an organization to operate.
- Data destruction: Data destruction is when a cyber attacker attempts to delete data.
- Man-in-the-middle attack (MITM attack): A MITM attack is when an attack relays and possibly alters the communication between two parties who believe they are communicating with each other.
- Drive-by downloads: A drive-by download attack is a download that happens without a person’s knowledge often installing a computer virus, spyware or malware.
- Malvertising: Malvertising is the use of online advertising to spread malware.
- Rogue software: Rogue software is malware that is disguised as real software.
- Unpatched software: Unpatched software is software that has a known security weakness that has been fixed in a later release but not yet updated.
- Data centre disrupted by natural disaster: The data centre your software is housed on could be disrupted by a natural disaster like flooding.