A-Z Guide to Cyber Security Threats
From Adware to a Worm, discover all the cyber security threats that are prevalent in our tech world these days. It's not uncommon to hear of a different breach each day, the impact of which can be measured in loss of reputation, loss of customers and bad publicity. Terms like denial-of-service attack or ransomware are ubiquitous, but what do they really mean and where do they come from? We've compiled this guide so you can learn about the threats that are commonplace, and so you know the difference between adware, malware and malvertising and where these threats could be waiting for you or your team.
Adware |
Adware is not always negative. It refers to software that displays relevant advertising to a user. However, it can also be used to describe malware which presents itself as unwanted advertisements such as a pop-up or an un-closable window. |
APT |
This stands for Advanced Persistent Threat and is a set of continuous computer hacking processes which are usually carried out by threat actors targeting an organisation or other specific entity such as a country. The processes are usually carried out stealthily over a long period of time and with a high degree of sophistication; they use a number of techniques and constantly monitor and extract data from the target. |
Backdoors |
A method of bypassing a normal authentication procedure like a password or pin, usually over the internet. Once in to the network or computer, other backdoors can be created which are invisible to the user. There are a number of ways backdoors can be installed including by Trojan horses and worms. There has never been reliable verification of the rumour that computer manufacturers pre-install backdoors on their systems to provide technical support for customers. |
Botnet |
“A botnet is a number of Internet-connected computers communicating with other similar machines in which components located on networked computers communicate and coordinate their actions by command and control (C&C) or by passing messages to one another (C&C might be built into the botnet as P2P). Botnets have been used many times to send spam email or participate in distributed denial-of-service attacks. The word botnet is a combination of the words robot and network. The term is usually used with a negative or malicious connotation.” – Wikipedia. |
Clickjacking |
This involves tricking a web user into clicking on something disguised as something else. This method can be used to take control of a computer or potentially reveal confidential information. |
Clone phishing |
A type of phishing attacks that takes a previously sent legitimate email and clones it. The clone will alter attachments or links and replace them with malicious content and send it from a spoofed email address that looks like the original sender. |
Crimeware |
This type of malware automates cyber crime such as gaining access to a computer user’s financial accounts for the purpose of stealing funds, or confidential or sensitive information. This is a growing area in information security with the rise of stealing confidential information for identity fraud. |
Cryptovirology |
This field of study uses cryptography to design malicious software. Once called “cryptoviral extortion” it now usually refers to ransomware attacks. |
Cursorjacking |
Not dissimilar to clickjacking, this technique changes the location the user perceives their mouse to be, sometimes leading to use the webcam to spy or the execution of malware. |
Cybersquatting |
This is when someone uses a domain name with the intent to profit from the reputation of another company or trademark. The cybersquatter will inflate the price to sell it to the owner of the trademark or company. This is also known as domain squatting. |
Denial-of-service |
This type of attack seeks to make a computer, network or website unavailable to the user(s). Revenge, blackmail or activism can motivate these types of attacks. |
DNS hijacking |
Best explained on Wikipedia as “the practice of subverting the resolution of Domain Name System (DNS) queries. This can be achieved by malware that overrides a computer’s TCP/IP configuration to point to a rogue DNS server so that it does not comply with internet standards.” |
Drive-by download |
This refers to any software that is unintentionally downloaded by a user. It can refer to software that a user authorises but does not know what they are downloading; or any download that occurs without a users consent such as spyware or malware. |
Grayware |
These are unwanted applications or files that can compromise the performance of a computer that are not considered malware but may cause a security risk. Examples include spyware and joke programs. |
Keystroke logging |
This is the (usually covert) recording of keys struck on a keyboard and is also known as keylogging or keyboard capturing. Keylogging can be performed by hardware, software and acoustic analysis. |
Leakware |
This type of attack threatens to publish stolen information unless a ransom is paid. The information is stolen via malware. |
Likejacking |
This refers specifically to tricking users into liking a facebook page they did not mean to like. |
Malvertising |
This stands for malicious advertising, it uses online advertising to spread malware. The infected ads are usually found on legitimate online advertising networks and webpages. They appear in pop-ups, in-content ads, hidden iframes, banners and more. |
Malware |
Malicious software, more commonly known as a ‘computer virus’ and is so defined by its intent. It’s any software that is used to disrupt computer operations, gain access to private networks or to display unwanted advertising. Malware can be used to perform a number of actions such as stealing information, spying, causing harm or used to extort payment. The term is an umbrella term and can be used to cover many terms on this list. |
Pharming |
The intention of pharming is to redirect a website’s traffic to a fake version of a legitimate website. Once your computer is infected with malware you will continue to be redirected to the fake site even if you enter the genuine URL into your browser or click an old bookmark. |
Phishing |
The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information such as passwords and credit card numbers online; phishing is a type of social engineering. |
Ransomware |
Malware that covertly installs on a computer and demands a ransom to reverse it’s affects. There are different types of ransomware, some lock files, others encrypt and lock files or an entire hard drive; thus making it a denial-of-service attack. To get the decryption key or to gain access to the files again, a ransom is demanded. The use of ransomware software is steadily growing. CryptoLocker, TorrentLocker and CrytoWall are all forms of ransomware. |
Riskware |
This type of software poses a possible risk to the host computer. Some normal programs can fall into this category if they are modifiable for another purpose and thus able to be used against the user. |
Scareware |
Uses social engineering to manipulate users into buying unwanted software. A common example is a pop-up advertisement such as “Your computer may be infected with harmful software. To scan, click ‘yes’ below.” Scareware will suggest you pay for and download fake antivirus software to remove the “harmful files”. The software is packaged to look genuine. |
Social engineering |
In the context of cyber security social engineering refers to the psychological manipulation that leads people to share confidential information or perform an action such as following a link or opening an attachment. Phishing attacks are a type of social engineering. |
Spyware |
This software is covertly installed on a computer to gather information about the user or organisation. Spyware may send information to another party or may gain control of the computer without the users knowledge. Whilst most spyware is simply used to monitor a system, tracking and storing Internet users’ movements and serving relevant pop-up ads; other spyware is malicious. Spyware is mostly classified as the following types: system monitors, Trojans, adware and tracking cookies. |
Threat actor |
A threat actor or malicious actor is an entity that is partially or wholly responsible for an incident that impacts, or has the potential to impact an organisation security. Generally they are categorised as external, internal or partner. |
Trojan horse |
Like the Ancient Greek story, a Trojan Horse misrepresents itself in order for a victim to install it. Trojans are most commonly spread through social engineering and are not easily detectable. |
Typosquatting |
This relies on a user making a typo when entering a URL into a browser (leaving the ‘m’ off a .com is an example). The incorrect URL could take them to a malicious website. This is also referred to as URL hijacking, a sting site or a fake URL and is a form of cybersquatting. |
Whaling |
A phishing attack that specifically targets senior executives at a company. These types of emails are falsified to suit their audience and will often pretend to be a critical business email such as an escalated customer complaint. |
Worm |
A malware computer program designed to replicate itself to spread to other computers. A worm does not need to attach itself to an existing program or file and are usually spread via a network. Many worms are created simply to spread and don’t cause actual harm although residual harm can occur in the form of consuming bandwidth for example. |
Make sure your business is protected against these threats. See a full list of our security offerings here.
Author
The Missing Link