Top ten lists are pretty popular, but this one is a bit more serious than most. Cyber security threats in the year 2022 are a major concern. Many of these attack methodologies have been witnessed in record numbers over the past two years. A good CISO or CISM needs to know how to respond to them.
You don’t need to be an expert in every type… in fact that’s damn near impossible without 20+ years of experience and constant retraining. In a large organization, cover three or four main types yourself, and make sure that the people you hire are experts in the other types.
We’ve compiled a list of potential cyber security threats that you can use to assess your knowledge gaps as an entire organization. With that in mind, here are the top ten most common types of cyber security threats.
Number 1 – Backdoors
Backdoors are ways that unauthorized individuals can secretly gain access to a system. They might have been installed during the testing process to quickly change the parameters of an environment, but for one reason or another they never got removed.Certain governments (of the manufacturing or hosting country for that particular piece of hardware or software) demand the installation of backdoors for authoritarian monitoring. In any case, if the backdoor isn’t patched before the system is put into use, it becomes an instant access point for those in the know.
Number 2 – Phishing
Phishing is a method of trickery that invites users to give away their personal information or security details. It can be a completely remote and fully automated procedure. Phishing is often conducted via E-mail, web forms, disguised apps, or trap websites. When the user fills out the forms or otherwise provides sensitive information, the attacker can use what was entered to gain access to restricted systems. The specifically targeted version of this technique is called ‘spear phishing’.
Number 3 – DNS Tunneling
DNS tunneling is a secondary attack method used to exfiltrate stolen data that has been collected through other hacks. It sends other kinds of traffic over port 53, posing as legitimate queries to the DNS server. Hackers use this trickery to bypass normal firewall restrictions and fool network monitoring systems. This technique is also used as a command and control channel for malware infected computers and botnets.
Number 4 – Device fingerprinting
Device fingerprinting refers to the techniques used to gather identifying information from hardware and software on an individual computing device in order to track and recognize it. Things like device type, operating system version, browser, language settings, screen resolution, installed fonts, plugins, hardware identifiers and more can create a unique digital fingerprint for that device. This allows websites, advertisers and other third parties to identify, monitor and target individual devices over time without the user’s consent. Since device fingerprints rely more on hardware and system level attributes, they are very difficult to mask or change. The persistence of device fingerprinting poses a growing cyber security and privacy threat as more of our daily activities involve internet-connected devices. Our devices can broadcast data about us wherever we go online, allowing the potential for extensive user profiling and fraudulent activities through data collection without our permission or knowledge. Privacy apps like Hoody can mask a device configuration to the visited website and efficiently prevent device fingerprinting.
Number 5 – SQL Injection
SQL injection uses the underlying code that makes up Structured Query Language in order to attack a server hosting or using relational databases. By inserting code that is commonly ignored by basic database permissions, SQL injection makes the server reveal information that would normally only be accessible to admins. Some forms of SQL injection submit strings of malicious code via a website’s forms, via the search box or another database-connected field.
Number 6 – Malware
Malware and some viruses are attempts to hide executable code on a system. This code will secretly install things and monitor the network using the operator’s permissions. Malware is commonly downloaded and installed when a user attempts to grab pirated software, try out brand new apps, or open code executing documents. The malware installs itself right alongside the other contents of the download. Once running, it can spy on the user’s actions, explore the network, execute crowdsourced computing like crypto mining or brute force computation, attempt to infect more systems, or even add the system to a botnet for later use.
Number 7 – Social Engineering
Social engineering is the use of guile or trickery to gain access to restricted areas and systems. The term covers anything that fools someone into aiding or committing a security breach unwittingly. Social engineering also covers common ways to collect security information that has been mishandled. Dumpster diving (searching for old hardware or password information in the trash or recycling) or E-Bay recovery (buying a company’s old harddrives or USB storage and then scouring it for juicy data).
Number 8 – Man-In-The-Middle
Man-in-the-middle attacks position the hacker somewhere in between the victim and the server that they’re trying to use. If the attacker is in a position to see the data stream unencrypted, so much the better. Some examples include the person in charge of a network resource like an ISP promiscuously snooping traffic, or hackers pretending to be an access point such as a public wi-fi hotspot or a mobile phone tower.
Number 9 – Zero-Day Exploits
Zero-day exploits are vulnerabilities that were discovered and acted upon before a patch could even be considered. Sometimes these hardware, software, or firmware flaws have been part of the core system for years, but simply never saw the light of day. The goal of the hacker is to get as much done as possible before anyone knows how to deal with this brand new threat. Dealing with these types of cyber security threats often requires broad, heavy handed countermeasures until a more sophisticated solution is developed.
Number 10 – Denial of Service
Denial of service (DoS) is one of the most common types of cyber security threats. It overwhelms network and computing resources with a consistent, high volume stream of traffic. The goal is either to force something offline (such as a popular or newsworthy website) by consuming all of the target’s bandwidth, or to cause the security to crack under the stress, leaving a system open for access. Distributed denial of service (DDoS) attacks are performed by botnets to magnify this effect.
Number 11 – Brute Force Attacks
Brute force attacks attempt to break encryption by trying every possible key. These attacks usually only have a chance against weaker, outdated forms of encryption. It can also work against people who use Small key spaces, or against flawed random number generation methods. Modern encryption methods can effectively increase the brute force time of entire distributed computing networks to several lifetimes, making such an attack impractical. Quantum computing is effective in brute forcing certain types of encryption, however. The future of brute force attacks will rely on the power of the qubit.
Now You’re Ready
Whether you’re looking at potential classes to improve your response to cyber security threats, or you’re just brushing up for an interview, we hope that this list helps to prepare you for what’s to come.