Cyber security threats | Cyber security

What are the different types of cyber threats and attacks?

Oftentimes, cyber criminals gain an advantage by exploiting vulnerabilities in code. As cyber criminals find new ways to access and exploit data, the landscape of cyber threats and vulnerabilities is constantly changing.

The most common types of cyber attacks today include malicious code and manipulation techniques to trick users into taking a specific action. This can be to provide confidential information, transfer money, and downloading harmful software, to mention a few. The criminals normally use fake emails, text messages, and websites in these attacks to lure their victims.

Social engineering

Social engineering is a manipulation technique that cyber criminals use to trick users into carrying out specific actions. This can be to transfer money, provide sensitive information, or download files that install malware on the computer.

The users are manipulated through voicemails, carefully designed emails, or text messages that exploit the human ability to be misled. There are many different types of social engineering fraud, including:

Baiting: An attack that tricks users into a trap with false promises—either online or physical.
Malware: Psychological manipulation that tricks users into believing that malware is installed on their device. It then demands them to pay a certain amount to remove it.
Pretexting: A false identity and fake scenario are used to trick victims into providing their private or sensitive information.
Tailgating: The act of following employees entering the physical workplace without access rights (for example access cards and codes).
Phishing: The use of tactics such as fake emails, websites, and text messages to steal information. These are not targeted to one person specifically but to thousands of people.
Smishing: The same tactic as phishing, but only through phone calls and SMS.
Spear Phishing: The same tactic as phishing but only targeted to a specific person or company. This is often the CEO or sometimes the whole company.
Vishing: The act of using a voice mail or phone call pretending to be someone else and urging employees to act quickly. More sophisticated scammers can use voice changers to conceal identity and change to either a female or male voice.

Phishing and Spear Phishing

Phishing is the most common type of cyber attack. Phishing is a manipulation technique that is used to steal information through fake emails, websites, and text messages. The attackers pretend to be someone they are not or a reputable source. They then use this trust to steal sensitive information such as login information or credit card numbers.

The more sophisticated form of phishing is where the attacker takes time to get to know the victim to better impersonate someone the victim knows and trusts. This is known as spear phishing.

Phishing attacks might also be performed through phone calls and SMS (smishing) or through voice mails and phone calls pretending to be someone else and urging people to act quickly (vishing).

Cyber attacks are becoming more sophisticated and advanced. Today's cyber criminals are using artificial intelligence, cloud technology, and machine learning to make their malicious attacks more effective. Here are some of the top cyber security threats that organisations will face in 2021 and the coming years:

Cloud vulnerability

More and more enterprises are leveraging cloud technology to store data about employees, customers, and business operations. This makes the cloud a tempting target for hackers. Tactics such as data breaches, malicious insider threats, DDoS, and exploitation of insecure APIs and interfaces are seen to be some of the top cloud security threats.

AI-enhanced cyber threats

Artificial intelligence can be used to identify and stop cyber attacks. However, it can also be used by hackers to perform sophisticated attacks through complex and adaptive malicious software.

AI fuzzing is one technique where cyber criminals can start, automate and accelerate so-called zero-day attacks. Zero-day attacks are a software security flaw that is known to the vendor but who doesn’t have a patch to fix the flaw. This means it can be exploited by cyber criminals.

This works because AI fuzzing integrates artificial intelligence with traditional fuzz testing techniques. This is done to create a tool that detects system vulnerabilities. Fuzz testing, also known as “fuzzing”, is an automated software testing technique. This involves providing unexpected, invalid, or random data input to a computer program. The automated testing then monitors the program to look for exceptions such as potential memory leaks, crashes, and so on.

Another type of AI-enhanced cyber threats is machine learning poisoning.

Machine learning poisoning (MI poisoning)

In machine learning poisoning, a hacker targets a machine learning model and injects instructions into it. This then makes the system vulnerable to attacks. Cyber criminals can introduce backdoors, trojans or malicious samples into the machine learning model. This is done to poison training sets and compromise the system.

Smart contract hacking

A smart contract is a contract, or agreement, between two people in the form of computer code. Smart contracts live in decentralised networks, and the transactions that happen in such a contract are processed by the blockchain. This means they can be sent automatically without a third party.

Smart contracts carry self-executing code. This code is intended to automatically execute, control, or document legally relevant actions and events that have been set in the contract terms.

Because smart contracts are computer code, developers are able to create the rules and processes that build a blockchain-based application. This makes it a target for criminals as many smart contracts are vulnerable to hacking due to poor coding.

Smart contracts is still a quite new field, and security researchers are still finding bugs in some of these codes. These vulnerabilities, therefore, make it quite easy for cyber criminals to hack into the contracts that typically handle business transactions.