Cyber threat is the possible danger associated with electronic data available on the computer systems, internet or other network devices that might breach security. It can cause considerable financial and reputational damages to an organization or individual. Since these cyber threats know no boundaries, with every evolving threat the companies all around world are continuously redefining their measures of security. Some of the most common cyber threats are virus, phishing, sql injection etc.
Yes, it’s true that cyber security and the related threats are the most significant topic of discussion in the IT industry today. All thanks to the incidents and breaches taking place every now and then. A real attacker has the potential to break any kind of defense.
There are various cyber threats like the malware threats, network threats, web application threats, database threats and other evolving threats which has been discussed below along with its sub-classifications.
What is a Cyber threat?
A threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm. To make it simpler we can say it is the possibility of malicious or fraudulent attempt to disrupt or damage computer, computer systems and network infrastructure.
Types of Cyber threat
You might have heard of cyber threat like virus, phishing, sql injection etc. These threats can be broadly classified as malware threats, network threats, cryptographic threats, database threats, wireless security threats and Bluetooth device threats.
The term malware refers to any computer program that is designed to do things that are harmful to or unwanted by a computer’s legitimate user-meaning “you”. It includes trojans, logic bombs, adwares and viruses.
It is a type of malware that is often disguised as legitimate software. A Trojan horse is employed by the cyber-thieves and hackers trying to gain access to user’s systems. Users are typically tricked by some form of social engineering into loading and executing Trojans on their systems.
They have the ability to delete data, block data, modify data, copy data and disrupt the performance of computers. Eg. Backdoor, Trojan-banker, Trojan-downloader, Trojan-ransom.
Also known as a slag code, it is a programming code inserted intentionally that is designed to execute under circumstances such as the lapse of a certain amount of time or the failure of a program user to respond to a program command. E.g. the logic bomb attack against South Korea on 20 March, 2013.
It is a kind of malicious software which presents unwanted advertisements to the user of a computer. The advertisements are in the form of a pop-up or unclosable window.
Virus is the most common type of cyber threat where a hacker injects a malicious piece of code to the computer system or network. It is a program written to change the operations of a computer, without the knowledge or the permission of a user. Types of Virus include:
These viruses infect the files created using some applications or programs that contain macros such as doc, pps, xls and mdb. They automatically infect the file with macros and also templates and documents that are contained in the file. They hide in the documents shared through emails and networks. E.g. Relax, bablas.
Memory Resident Viruses
They usually fix themselves inside the computer memory. They get activated every time the OS runs and end up infecting other opened files. They hide in the RAM. E.g. CMJ, meve, randex.
These type of viruses delete any information in a file they infect leaving them partially or completely useless once they are infected. Once in the computer, they replace all the file content but the file size does not change. E.g. Trj.Reboot, way.
Direct Action Viruses
These viruses mainly replicate or take action once they are executed. When a certain condition is met, the viruses will act by infecting the files in the directory or the folder specified in the AUTOEXEC.BAT. The viruses are generally found in the hard disk’s root directory, but they keep on changing location. E.g. Vienna virus.
They infect the computer’s directory by changing the path indicating file location. They are usually located in the disk but affect the entire directory. E.g. dir-2 virus.
Web Scripting Virus
Most web pages include some complex codes in order to create an interactive and interesting content. Such a code is often exploited to cause certain undesirable actions. They mostly originate from the infected web pages or browsers. E.g. JS Fortnight.
These type of viruses spread in many different ways. Their actions vary depending on the OS installed and presence of certain files. They tend to hide in the computer’s memory but do not infect the hard disk. E.g. flip, invader.
These viruses attack the file allocation table (FAT) which is the disc part used to store every information about the available space, location of files, unusable space etc. E.g. link virus.
They encode or encrypt themselves in a different way every time they infect your computer. They use different encryption and algorithms. This makes it difficult for the antivirus software to locate them using signature or string searches. E.g. Marburg, elkern.
It is a very complex type of virus designed to make it’s examination much more difficult than in case of traditional viruses. By using various methods armored viruses can protect itself from antivirus software.
It fools the antivirus it into believing that the virus location is somewhere else than the real location. This makes the detection and removal process more difficult. E.g. Whale.
Some of the network threats include botnet, phishing, packet sniffing.
A “bot” is a type of malware that allows an attacker to take control over an affected computer. Also known as “web robots”, bots are usually part of a network of infected machines, known as a “botnet”.
In simpler words a botnet is an interconnected network of computers infected with malware without the user’s knowledge and controlled by cyber-criminals. They are used to send spam mails, transmit viruses and engage in other acts of cyber crime.
The goal of phishing attempt is to trick the recipient into taking the attacker’s desired action, such as providing login credentials or other sensitive information.
A packet sniffer or for particular networks an Ethernet sniffer or wireless sniffer is a computer program or piece of computer hardware that can intercept and log traffic that passes over a digital network or part of a network.
This kind of cyber threat can be achieved by attacking the algorithm or by attacking the key or mathematical functions. Known plaintext attacks, chosen plaintext attacks and various other cryptographic attacks are mentioned below.
Known Plaintext Attacks
A block of plaintext and a block of cipher text corresponding to the former is in possession of the attacker in this type of attack. The main aim is to discover the cryptographic key and also the encryption algorithm from the known plaintext. The encryption algorithm once known, can be used for message decryption.
Chosen plaintext attack
In this type of attack, a cryptanalyst encrypts some chosen data blocks without having the knowledge of which block is being encrypted. The data block once encrypted can be used to create a result later on.
Cipher text-only attack
It is an attack model for cryptanalysis where the attacker is assumed to have access only to a set of cipher texts. Frequency analysis can be used to know the plaintext.
Differential Fault Analysis
This attack works only on the hardware cryptographic systems. The internal state of the device that is the algorithm can be discovered by analyzing the faults which have occurred in the system.
Differential Power Analysis
This type of attack normally is a hardware cryptographic attack which is particularly carried out in smart cards. The structure of the secret key inscribed in a smart card can be discovered and then attack can be carried out easily.
It includes cyber threat related to the database like excessive privilege abuse, SQL injection etc.
Excessive Privilege Abuse
When users or applications are granted database privileges that exceed the requirements of their job function, these privileges may be used to gain access to confidential information.
Legitimate Privilege Abuse
Abuse of legitimate privileges can be considered a database vulnerability, if the malicious user misuses their database access privileges.
It is a code injection technique used to attack data-driven applications in which malicious SQL statements are inserted into an entry field for execution. For eg. To dump the database contents to the attacker.
Web Application threats
This cyber threat relating to the web usage includes spoofing, tampering, repudiation, etc.
It is when a malicious party impersonates another device or user on a network in order to launch attacks against network hosts, steal data, spread malware or bypass access controls. Some of the most common methods include IP address spoofing attacks, ARP spoofing attacks and DNS server spoofing attacks.
It means changing or deleting a resource without authorization. Parameter tampering is a form of web-based attack in which certain parameters in the URL or Web page form field data entered by a user are changed without that user’s authorization. This points the browser to a link, page or site other than the one the user intends.
A repudiation threat involves carrying out a transaction in such a way that there is no proof of the principals after a transaction has occurred. In a web application, this can mean impersonating an innocent user’s credentials.
It simply means stealing or revealing information that is supposed to be private. A typical example is stealing passwords, but information disclosure can involve access to an file or resource on the server.
Wireless security threats
Given that wireless network has become quite popular these days because of the convenience it offers, wireless security has become of paramount importance. Wireless security threats are one of the most difficult threats to handle. Some of the wireless security threat includes rogue access point, DoS attack, DDoS attack, etc.
Rogue Access Point
Also known as rogue AP, is any Wi-Fi access point that is installed on a network but is not authorized for operation on that network, and is not under the management of the network administrator.
It is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspect services of a host connected to the Internet.
It is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.
Simple configuration problems are often the cause of many vulnerabilities. Other potential issues with configuration include weak paraphrases, weak security deployment etc.
It is performed by simply getting within the range of wireless LAN and then listening and capturing data. This information can be used to do a variety of things including attempting to break existing security settings and analyzing non-secured traffic.
It is impossible to prevent such attacks because it is wireless in nature, the implementation of high security standards with complex parameters can at least reduce it.
Bluetooth device threats
Threats relating to Bluetooth devices include blue jacking, blue snarfing, etc.
It is a hacking methodology that allows an individual to send anonymous messages to Bluetooth-enabled devices within a certain radius. First the hacker scans his surroundings using Bluetooth and then it sends unsolicited messages to the detected devices.
It is unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops and PDAs. This exploits somebody’s Bluetooth connection without their knowledge. It is the theft of information from the target information from target device.
The hacker gains complete access and control of the phone. This makes it capable for them to access all information including photos, apps., contacts, etc. It is a much harder form of hacking than the previous two.
Over to you on Cyber threat
In cyber world, a cyber threat is a possible danger, which may exploit a vulnerability in your system to breach security and therefore can cause harm. One should always maintain a backup and keep their secret details safe in encrypted form. Keeping the system up to date with latest security systems and software acts as an effective arm against cyber attacks and compromises. Since these cyber threats know no boundaries, with every evolving threat the companies have to redefine their measures of security. It is important to be aware of all these various kind of threats and be safe!!