This blog post was updated on Jul 29, 2024.
It was originally published on March 8, 2021.
To effectively defend your business against cyber threats, you need to take two crucial steps. First, identify your vulnerabilities through an IT Security Audit. Second, understand the threats that could exploit these vulnerabilities and potentially harm your business.
In this blog post, we introduce you to cyber threats and how they operate to help you identify the ones that are most relevant to your business, enabling you to better allocate your limited resources and effectively protect your business.
10 Of The Most Common Cyber Threats To Businesses
In the following sections, we will look at each of the first 7 threats listed above. In the second part of this blog, we will discuss Theft, Password Attacks, and Hacking in greater detail.
1. Malware
Malware is a blanket term for any malicious software designed to exploit or harm any device, network, or service. Malware is typically a piece of software used by cybercriminals to gain unauthorized access, steal data, disrupt the normal functioning of a device or software, and similar activities to leverage over victims for financial gain.
Malware is divided into three broad categories based on how they infect their targeted device or software and how they spread from one device to another.
The three malware categories are:
Virus
Just as a biological virus can only live inside the living cells of an organism, computer viruses also exist inside another standalone program. The virus inserts itself within the code of another program. When you execute the infected program, the virus forces it to take malicious actions, to replicate, and to spread itself.
Worm
A worm is a malware that does not need a host program. It is a standalone program that can run independently and actively carry out attacks. Since it does not depend on any host program, it is not restricted by the host program and can spread very rapidly.
Trojan
A trojan is a malware that misleads the user by posing as legitimate software. It tries to force the user into taking an action that looks legitimate but actually allows unauthorized access to the user’s account or device.
Understanding how computer viruses spread helps you formulate security measures necessary for containing the spread of the malware and isolating the infected machines.
Malware is also classified based on what they do. Here are the most common types of malware:
1. Ransomware
Ransomware is probably the most notorious and fearsome malware. It is a type of malware that encrypts the files or blocks access to your device. Ransomware attacks are usually accompanied by a demand to make a ransom payment in exchange for the decryption key or to restore access. The ransom demand usually comes with a deadline and if you fail to pay the ransom by that time, your files will be gone forever.
Ransomware has seen a significant increase with the advent of cryptocurrency, which makes it easy for cybercriminals to receive ransom payments while staying anonymous. Knowing how to deal with ransomware attacks is a critical toolkit that you should have in your arsenal.
2. Adware
Adware is a type of malware that displays rogue advertisements on your computer or hijacks your browsers taking you to unwarranted webpages or ads. The goal of adware is to earn their creators money by abusing the pay-per-click advertising system.
Adwares can inject code into legitimate websites to trigger annoyingly persistent pop-ups. They can also change your browser’s home page and inject spam results into your search page. Usually, they are more annoying than malicious. They waste your time and can be difficult to remove but aren’t known to harm your device or files. Because of them not being particularly harmful, they are often called potentially unwanted programs or applications (PUP/PUA).
Often the PUP/PUA comes bundled with “free” software or applications that are available online. Many freely available applications are often available for download on shady websites that bundle their adware along with the legitimate application. So, you should be careful where you download applications from.
3. Spyware
Spyware is a type of malware used for spying on a user. It is installed on a device without the knowledge of the user and is used to monitor your activities as you use the device. The spyware enables the creator to not only monitor but also to collect personal information, online activities, transaction history, and communications.
Spyware often finds use in political and corporate espionage. The end goal of the cybercriminal is usually to snoop and collect sensitive information for financial gain. You might be surprised to know that you don’t need to code your own spyware as they are available commercially.
A common type of spyware is a Keylogger, which covertly records the keys struck on the keyboard. The recorded keyboard actions are then transmitted to the hacker and deciphered to extract any sensitive information they may find. Keyloggers come in many forms including hardware keyloggers, which makes them difficult to deal with.
4. Rootkit
A rootkit is a program or collection of programs that can give a threat actor remote admin-level or “root” access to a computer or system. Using the admin-level access, the threat actors hide the malware and can operate without being detected by antivirus software. Rootkits can be operating system-based or firmware-based, each equally adept not only at evading detection but also at evading common cleaning processes.
Rootkit malware can be used for stealing data or resources, or for surveilling communications. Although it is not a common threat, it can be extremely harmful to businesses because it can persist over long periods. For example, the rootkit-based spyware called Zacinlo was operating since 2012 but came to light only in 2018.
2. Botnet
A botnet, short for ‘robot network’, is a network of devices that are under the control of a third party without the knowledge of the device owners. Botnets usually consist of internet-connected devices such as computers, smartphones, and IoT devices. Each device in the botnet, known as a ‘bot’, is created by infecting that device with malware, which breaches security and cedes control of the device to a third party.
A botnet malware is not very different from any other malware, the only difference being the scale of the infection because of which it is very difficult to deal with. The typical signs of a botnet infection are the same as any other malware, which steals computing resources, such as the computer running slowly or the fan starting up suddenly when the computer is idle. However, the main threat for businesses is not so much from a botnet infection, as from a botnet attack.
The creators of botnets use the network of infected devices to send spam, spread malware, or stage DDoS attacks. Botnets are even known to be rented out for carrying out large scale network attacks. The Mirai botnet, which has hundreds of thousands of bots in its network, is probably today's most widespread IoT malware strain. One of the most notorious botnets of the past decade, the Emotet botnet was recently taken down by the combined action of 8 countries.
3. Zero-Day Vulnerability
A zero-day or 0-day is a vulnerability in a software that was discovered recently for which an official patch or update to fix the vulnerability hasn’t been released yet. An attack using the zero-day vulnerability is called a zero-day exploit, or zero-day attack.
For a vulnerability that has just been discovered, the software developers have zero days to fix it and hence the name. If the vulnerability is left unaddressed, cybercriminals can exploit it to hack into programs, gain unauthorized access to data, devices, or networks. So when a vendor learns of the vulnerability in their software, they create patches or advise workarounds to mitigate the vulnerability.
Zero-day vulnerabilities pose serious security risks to businesses as they leave you susceptible to zero-day attacks that can do untold damage to your systems and data. Also, they are a fairly common occurrence; here’s a recent example of Apple releasing security patches for iOS 14. It is likely that hackers may manage to exploit the vulnerability before a security patch is released.
Therefore, your IT security team needs to be highly vigilant so that they take proactive as well as reactive countermeasures as soon as any zero-day vulnerabilities are discovered in your systems.
4. Social Engineering
Social engineering is the process of using deception to manipulate individuals into performing actions or disclosing confidential, sensitive, or personal information that may be used by the attacker for financial gain. Social engineering is often one of many steps involved in a complex scam or fraud.
For instance, social engineering techniques are commonly used in phishing emails to force you to click on the link or attachment that downloads and installs malware on your computer. But social engineering isn’t restricted to emails. They can be done in person, via email, phone call, social media, etc. These techniques are effective at psychological manipulations as they utilize the knowledge of cognitive biases in human decision-making.
Social engineering attempts often employ scare tactics by posing as a member of law enforcement, bank, tax authority, or tech support. They try to create a sense of urgency so that the users don’t get time to think rationally. This is common in spear-phishing attacks that are targeted at businesses.
The main defense against social engineering is to create a cybersecurity conscious culture that encourages employees to be aware of security threats and engages in behaviors that mitigate potential threats.
5. Phishing
Phishing is a social engineering attack that targets you through email, text messages, voice calls, or social media messages. The perpetrators of such attacks usually pose as legitimate individuals or representatives of institutions such as banks, tax authorities, tech support, etc. Unsuspecting users are persuaded into providing sensitive data such as personal information, passwords, banking details, credit card information, etc. The gathered information is used to access accounts or for identity theft.
We have written extensively about phishing attacks and countermeasures. We recommend reading the following articles to learn more about phishing:
6. Denial Of Service (DoS & DDoS)
A Denial of Service (DoS) is a type of cyberattack that aims to make a network resource or service unavailable to its intended users. Such attacks flood the target with fake or spam traffic, or send it requests or information in an attempt to overload the system and trigger a crash. The ultimate goal of a DoS attack is to prevent legitimate users from accessing the targeted resource, service, or website.
Distributed Denial of Service (DDoS) attacks are those DoS attacks that utilize a network of compromised computers or IoT (Internet of Things) devices, i.e. a botnet as a source of attack traffic. Cybercriminals use DDoS attacks against websites or services hosted on web servers such as banks or credit card payment gateways causing disruption in services and loss of revenue for the organization. Ransomware gangs have also been known to use DDoS attacks to force their victims to pay.
DoS attacks have existed for a long time and security systems are available to defend against them. However, DDoS attacks are still difficult to deal with because of their unique characteristic. Therefore, DDoS is a complex security challenge especially for organizations whose service depends on high availability.
7. Internal Threats
Internal threats are behind 30% of security breaches. This figure certainly supports the thought that your employees are the weakest link in your security system. Although most of such breaches may not be caused out of malice, yet the number is high enough to warrant considerable concern. The common forms of internal threats are:
Misconfigurations
Errors
Privilege Misuse
Information Leakage
Small and medium-sized businesses are particularly vulnerable to internal security threats because they usually don’t have sophisticated intrusion detection and monitoring systems. Also, security often takes a backseat with security reports being reviewed monthly or even quarterly instead of real-time reporting.
A basic form of safeguard against internal threats is to implement security procedures for employee onboarding and offboarding, access control management, and a clear policy on the usage of storage media such as USB thumb drives.
That’s all we have in the first part of this blog post. In the next part, we’ll talk about the remaining three threats which include Theft, Password Attacks, and Hacking.
If you need assistance in protecting your business against any or all of the above cyber threats, or if you would like to review and improve your security posture, feel free to reach out to us by clicking the button below.
If you liked the blog, please share it with your friends