Articles > Cybersecurity >ÌýCommon cybersecurity threats and how to avoid them
Common cybersecurity threats and how to avoid them
Written by Michael Feder
Reviewed byÌýKathryn Uhles, MIS, MSP,ÌýDean, College of Business and IT
Concerns over cybersecurity threats have grown as internet-connected devices and computer networks become a larger part of professional and private life. Cybercrime is currently one of the biggest menaces in the business world, where companies are prioritizing measures to protect themselves. The firm Cybersecurity Ventures predicts that cybercrime could . Get to know the most common types of these threats.
Why are cybersecurity threats so prevalent?
Mobile devices and the Internet of Things (IoT) have increased the number of targets for hackers and led to new cybersecurity threat strategies. Cybercrime has also opened the door to a new breed of computer specialists: cybersecurity experts.
Many IT risk-management strategies focus exclusively on these threats.ÌýTechnology experts can help protect organizations from such threats as ransomware, DDoS and other forms of cyber attacks.
What are the most common types of cybersecurity threats?
So, what are those threats exactly? Whether it's for a computer-related career in an organization or personal digital security, here are the different types of threats to be aware of.
Phishing
Phishing is an example of social engineering when hackers masquerade as a trusted entity and send digital messages, such as emails or texts, to manipulate individuals into helping them gain illegal access. These messages ask for secure information (like a password), or they have links that automatically install malware. The malicious programs can find and transmit sensitive data within a computer or incapacitate the entire network.
Cybercriminals typically pose as reputable entities, such as well-known companies, soÌýusers don't think twice before opening the link or entering their password. For example, a hacker might pretend to be from PayPal or Microsoft and include official logos and other identifying marks in the email to make it seem legitimate. Ìý
Phishing emails will often have odd or lengthy email addresses or links to misspelled domain names.ÌýÌýKnowing this can help protect an organization or person from this security risk.
Malware?
Malware is intrusive software designed to interfere with a computer or transmit information to a third party. Malware is a blanket term for programs that steal or disrupt. Examples of malware include:
- Spyware, which gives a hacker access to a computer's files and data
- Adware, which spams a computer with pop-up ads
- Ransomware, which disables an entire network until a ransom is paid
- Keystroke tracking, which logs keystrokes, including passwords
Hackers can send malware via file transfers, file-sharing programs or phishing emails. Often, the user will not know their computer has been infected with this cybersecurity threat.Ìý
Cryptojacking
occurs when a hacker secretly uses a victim’s computing power to generate cryptocurrency. Typically, the hacker gets the computer owner to download a malware file, which installs a special crypto-mining program on the computer or other internet-connected device. Ìý
Since cryptojacking uses a lot of memory, users may notice their computer’s performance begins to lag. This type of cybersecurity threat can be particularly insidious since the program runs undetected in the background, and users can typically still be able to use the computer.Ìý
Man-in-the-middle attacks
A man-in-the-middle (MitM) attack occurs when hackers insert themselves into a two-party transaction. For instance, they may intercept communication between users and their credit card websites.
The goal of MitM cybercriminals is to commit a data breach and steal information from an organization, such as login details or a credit card number. Ìý
In some cases, the attack involves a hacker using a redirect or a pop-up when the victim is trying to get to an official site. Some attacks happen on unsecured public Wi-Fi networks, which allow the hacker to install malware or see data without having to get the victim to open a link or enter login details.Ìý
DNS tunneling
Despite being one of the most widely used and trusted internet protocols, the Domain Name System (DNS) protocol, has a vulnerability that hackers seek to exploit. DNS tunneling is a cyberattack that misuses the DNS protocol to sneak malicious traffic past firewalls and other security defenses. Ìý
Because DNS is a well-established and trusted tool, many organizations do not examine their DNS traffic for cybersecurity threats. Yet, cybercriminals with the right tech knowledge can insert malware using DNS queries and then transmit data back and forth without being detected by antivirus tools.Ìý
IoT attacks
The Internet of Things includes smart devices with embedded computer systems connected to Wi-Fi. These items, such as smart refrigerators, home security cameras and car navigation systems, typically have lax security. Ìý
Hackers can gain access to these devices and use them for denial-of-service attacks or cryptojacking. They can also access a network and see data and traffic details from other devices using the same connection.Ìý
SQL injection
SQL injection is a common cyberattack technique involving malicious SQL code. (SQL, or structured query language, is a domain-specific computer-programming language.)
Basically, the hacker manipulates the code in the system to gain access to databases that contain sensitive information. An SQL injection is relatively straightforward for someone who knows the code and can get access to the backend of a computer system. Ìý
They may modify the code to tell the system to display hidden data or trick the database application into retrieving sensitive data by changing the querying algorithms.Ìý
Denial-of-service attack
A denial-of-service (DoS) attack is meant to shut down a computer system or website so that legitimate users cannot access it. This type of cybersecurity threat can be carried out by flooding the servers with traffic. For example, if a site gets too many visitors, its servers will eventually slow down and stop. This type of attack can be difficult to stop because most websites are set up to attract traffic. Ìý
A hacker can also use malware to crash a website or computer system from the inside by disabling necessary databases or backend features.Ìý
Zero-day exploit
A zero-day vulnerability is a security flaw in a computer or other device's security system or device that has been discovered but has yet to be patched by software developers. A zero-day exploit occurs when a hacker takes advantage of this security flaw. Mobile devices can be particularly vulnerable to this type of attack because they receive frequent updates, while some apps are not updated with the necessary frequency. A hacker can gain access to the phone’s camera, location data and passwords in these situations.Ìý
Password attack
As its name suggests, a password attack is when hackers steal a password to gain access to an individual’s or organization’s computer systems and information. Hackers will often exploit legal means to gain unauthorized system access. For example, they may try recovering a user’s forgotten password. Usually, however, they steal passwords via phishing emails that request a victim's login or they'll change a password using a spoofed “official†site. Some password thieves rely on malware with keystroke tracking.Ìý
Cross-site scripting
Cross-site scripting (XSS) focuses on a security vulnerability in websites and applications. This cybersecurity threat enables attackers to create client-side scripts and put them on websites so that they can impersonate the victim. The site thinks the hacker is a legitimate user and gives them access to privileged information. Ìý
Typically, XSS targets websites or a company’s secure computer system. After gaining access, the hacker can navigate the network like a legitimate user and steal data or information.Ìý
Rootkits
A rootkit is designed to enable access that is otherwise not permitted without proper authorization or credentials. For example, this malicious software can allow access to secure computers, password-protected drives within a computer or secure apps on a smartphone. Ìý
Rootkits are particularly hard to detect because they mask their presence within an infected system. Furthermore, the software can help hide additional malware, such as keystroke tracking programs. Ìý
Cybersecurity experts learn to protect against, detect, counteract and destroy malicious software. Through the right degree programs, they also develop a skill base that will allow them to create strategies for fighting future hacking methods.Ìý
What education is needed to work in cybersecurity to mitigate these threats?
The prevalence of cybersecurity attacks has increased the need for professionals in this field. A degree or certificate in cybersecurity is an advantage for anyone thinking about this field.
Professionals with a more general Bachelor of Science in Information Technology degree can also specialize through an Advanced Cybersecurity Certificate or a Master of Science in Cybersecurity to bring their technical knowledge to bear as organizations navigate the dynamic security ecosystem.Ìý
Learn more about counteracting cybersecurity threats
Cybersecurity experts learn to protect against, detect and destroy malicious software that harbors cybersecurity threats. °®¶¹´«Ã½ offersÌýseveral cybersecurity certificate and degree programs:
- An advanced cybersecurity certificate
- An online associate of science in cybersecurity
- ´¡²ÔÌýonline bachelor's in cybersecurity
- A cyber and network defense certificate (for undergraduates)
These are all available at °®¶¹´«Ã½. Request informationÌýto learn more.
Ìý
WatchÌý
ABOUT THE AUTHOR
A graduate of Johns Hopkins University and its Writing Seminars program and winner of the Stephen A. Dixon Literary Prize, Michael Feder brings an eye for detail and a passion for research to every article he writes. His academic and professional background includes experience in marketing, content development, script writing and SEO. Today, he works as a multimedia specialist at °®¶¹´«Ã½ where he covers a variety of topics ranging from healthcare to IT.
ABOUT THE REVIEWER
Currently Dean of the College of Business and Information Technology,ÌýKathryn Uhles has served °®¶¹´«Ã½ in a variety of roles since 2006. Prior to joining °®¶¹´«Ã½, Kathryn taught fifth grade to underprivileged youth in Phoenix.
This article has been vetted by °®¶¹´«Ã½'s editorial advisory committee.Ìý
Read more about our editorial process.
FREE IT Programs Guide
Learn how 100% of our IT degree and certificate programs align with career-relevant skills.
Thank you
Download your pdf guide now. Or access the link in our email.