To adequately prepare, you need to understand the various types of cyberattacks threatening internet safety. Many attackers have the intention of stealing sensitive data and using it for monetary gain, as the vast majority — nearly 96% — of data breaches since 2015 have been financially motivated, according to the 2022 Data Breach Investigations Report. Attackers sell this information to other cybercriminals, who may then use it for fraudulent transactions, identity theft, extortion or other unethical purposes. In addition, “hacktivism” or espionage leaks are the second most common motive for cybercriminals, which accounts for 25% of cybercrimes since 2015.
For either motive, stolen information is the main focus and there are several ways to go about obtaining that information. This guide walks you through some of the most common cybersecurity threats.
Phishing, smishing and spear phishing
Phishing is a common form of spam intended to create a sense of urgency or incite fear in the recipient of an email, phone call or text message. The scammer wants the recipient to feel compelled to hand over sensitive information, such as login credentials or bank account numbers. This is done through intimidation tactics, such as alerting the consumer that they have broken some sort of policy and need to update their account immediately.
The message sent is always intentionally deceptive, sometimes even impersonating popular brands — or even simply area codes — that customers typically trust. This identity masking is called spoofing. If the sender is clearly pretending to be a trusted company, they are likely targeting customers of that specific company. There is usually a link within the email or text that leads you to a fake website of said company. This is called spear phishing.
Phishing efforts specifically done via spam texts are known as smishing. These messages are sent via Short Message Service (SMS), but they have the same basic makeup as phishing emails and phone calls. The scammers attempt to obtain sensitive information from you by pretending to be a legitimate company with an offer or “urgent” matter that needs your attention. If there is some sort of social engineering involved, scammers will use pretexting to communicate a bit and try to deceive you.
All of these phishing scams have some features that help make them easier to spot. Don’t click a link or divulge any sensitive info if you notice:
- Fake-looking phone numbers or URLs
- Misspellings and grammatical errors
- Unsolicited “prizes”
- Unusual urgency
If something seems off, it’s better to be safe than sorry. Legitimate companies typically don’t require immediate action or ask for sensitive information to be sent via insecure digital channels.
Malware is a type of software designed to harm your computer, thwart your ability to access your tech or gain access to your information. The prefix “mal” refers to “malicious” software, encompassing all types of computer viruses, bugs and software downloaded without your express permission or knowledge.
Some of the more common forms of malware include:
- Cryptojacking — Newer malware that allows hackers to mine cryptocurrency without the owner’s knowledge
- Ransomware — Malware that effectively holds your system for ransom, disabling it until you pay a sum of money
- Spyware — Malware that spies on your device’s activity without your knowledge
- Trojans — Malware that is enacted unknowingly by victims when downloaded and used under false pretenses due to social engineering in emails or texts
- Viruses — Forms of malware that attaches to a file on your device and then expands to other files to delete, corrupt or encrypt them
- Worms — Similar to viruses, worms are invasive but work to find places to exploit your system instead of attacking files
Regardless of the type of malicious attack, malware needs to exploit some sort of vulnerability in your system. This allows hackers to gain access to your device or server without your permission, wreaking havoc in a variety of ways.
Distributed denial of service (DDoS)
Distributed denial of service (DDoS) attacks inundate their target server, network, or website with a deluge of fake traffic, so it’s inaccessible to real users. The botnet — a network of devices used for a DDoS attack, including computers and IoT devices — may release several issues as a part of the attack, all to crash the web server. This may be done through overwhelming bot traffic or other scripts that flood the server with too many or conflicting requests. This increases your vulnerability and may be used to:
- Extort money from the target
- Make a political or socio-economic statement
- Thwart other businesses from participating in a sales event
- Serve as a smokescreen
With the smokescreen tactic, your systems will all be focused on getting the server back online. This distracts from possible exploitations that allow for other forms of cyberattacks. Regardless of the intent, DDoS attacks are a nuisance and can cost you or your business unnecessary time, resources and money. However, they can be easily addressed with a cloud-based mitigation service.
Conversely, a Telephony denial of service (TDoS) attack attempts to distract a phone service and prevent incoming and outgoing calls by overwhelming them with fake/scam calls. Luckily, this can be easily addressed with a layered approach to your voice security.
Man in the middle (MitM)
MitM attacks are also sometimes referred to as monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle or person-in-the-middle attacks. These all mean the same thing — that a cyber attacker is intercepting your communications. Typically, this happens when the intruder is trying to obtain sensitive information. At times, they can also alter the messages between two parties.
Advanced persistent threats (APTs)
If an organized group is particularly invested in hacking your company, they may use APTs. APTs are not one-and-done attacks — they are continuous efforts to compromise your systems over a period of time. Intruders who have long-term goals in mind typically implement these attacks, using various techniques to exploit your systems.
APTs can lead to:
Regardless of the goal, APTs are particularly insidious. Intruders may cause lasting, detrimental effects to you or your organization.