Cyber attacks have become a more important worry than ever before. In order to fight the lack of awareness and better understand what type of vulnerability might end up damaging our society’s top players in the business and political world, this short guide will illustrate the top current cyber threats. These are related to both internal and external phenomena.
Internet related common pieces of software such as Adobe Flash, Reader and Windows 8 are subject to this type of cyberattack, which infect computers automatically. Drive-by downloads are now one of the top threats on the Internet and some people define the problem as very worrying.
Is it possible to automate cybercrime? Unfortunately yes, thanks to pieces of software that can distribute malicious web content, allowing even unexperienced people to unleash digital attacks in a matter of hours. Exploit kits are becoming popular and can manipulate servers, social network accounts, email archives and much more.
Phishing & Spam
The practice of fraudulent email messages containing viruses and asking users to provide sensitive information such as credit card numbers, passwords and PINs is as old as the Internet. Although phishing sites dropped in the last few years, they seem to have started targeting mobile with SMS messages. Spamming is constantly growing (quadrupled volume in the last 3 years). Spam content faced an evolution, i.e. spammers now prefer a geotargeted approach to their “campaigns”, promotion of pharmaceutical products or adult sites.
Cyberweapons are often underrated, and this is risky for whoever is a victim of them. Malware, spearphishing and other types of direct cyber attacks have been steadily growing over the last few years and now exploit the increased use of online social platforms for business interests. What is the target of this type of attacks? Often data extraction, or permanent access to private accounts. Ciscom reports it can be fourty times worse than other types of security threat.
Attackers are able to control not only one computer, but an entire set of contaminated devices. So-called botnets are able to execute malicious actions towards other units in order to spam, infect and commit identity theft. A well know case is the Flashback botnet, which was recognized to be in control of more than half a million Apple Macs. As common in other types of cyberattacks, authors are now adapting to the mobile environment.
Rogueware is simply any type of fake software that lures people towards harmful content. The typical distribution channel is online fake warnings that prompt into clicks and downloads. With the help of ad hoc laws and a better understanding of this type of practices from the public, rogueware is in steep decline.
Worms & Trojans
What if software was able to replicate itself? So called “worms” are programmes which exploit the targeted device’s vulnerability to spread and infect others. With backdoor methods and credential theft, this threat represents one of the most common moneymaking practices in cybercrime.
Confidential Information & Identity Theft
Data breaches represent one of the top cyber threats for large scale companies and government bodies dealing with sensitive data. They happen not only because of targeted attacks and malware, but also due to negligence from the staff who accidentally exposes data via email and social networks. Studies report that more than 20% of the cases could have been easily prevented with the proper data protection best practices.
Code injection is used to perform user credential theft, data extraction and other cybercrimes. Using the SQL injection technique, well known hacktivist groups have taken down very important government and commercial websites.
Digital certificates are an important tool to define and establish trust on the internet. Rogue certificates are exploited by cyberattackers to encourage scam purchases, malware download et similia.
Abuse of Information Leakage
Information leakage has become a serious issue in the Information Age. With the increasing popularity of cloud sharing services and the diffusion of geolocation apps, a growing amount of information and sensitive data become available to cybercriminals.
Search Engine Poisoning
Black hat search engine optimisation (SEO) practices are often used to poison search results and direct users to malicious content. This is very common when global events (such as catastrophes) occur. Hackers can also manipulate search history and illegally attack the ranking of the websites they are trying to put down.
Any company or government agency who is serious about their security will invest in the security provisions required to combat the above security threats. Early warning is also essential if such a cyber attack is being planned. Massive’s launch of Strixus, a global online surveillance system, provides that warning so that strategies can be put into place to combat threats.