By: Divya Bora
July 30, 2020
Top Cyber Threats in 2020
By: Divya Bora
July 30, 2020
What is a cyber-threat?
You have probably heard the term cyber threat, as it is being used nowadays due to increased reliance on technology, but what does it actually mean?
Cyber-threat refers to a malicious act that seeks to damage data, steal data, or disrupt digital life in general; such as computer viruses, data breaches, Denial of Service (DoS) attacks, or other attack vectors.
Sources of Cyber-threats
Now, since we know what cyber-threats are, let us dive into the sources of these cyber-threats and learn where they emerge from.
According to a GAO report, the most commonly cited sources of cyber-threats are as follows:
1. Bot Network Operators A Bot network operator comprises a network of computers that have been compromised and are controlled by a common type of malware. The users are often unaware of their systems being compromised. The operator usually uses the bot network to perform malicious activities like DOS or DDOS attacks, phishing scams, etc. for personal gain.
2. Criminal Groups Criminal groups provide services that facilitate cybercrimes such as data/ identity documents, malware, distributed denial of service (DDoS) attacks, botnet services, keyloggers, phishing/spear-phishing tools, and online fraud, for the sole purpose of monetary extortion.
3. Hackers Hackers use online phishing scams to deliver malware to the user's computer so that the system gets compromised. Later, they can use the personal or financial information of the user to blackmail them and extort money or seek revenge for their gain. Usually, these kinds of activities are performed by black hat hackers.
4. Insiders Insiders in a company are disgruntled employees, contractors, and poorly trained employees. They have known confidential information about the company and may further take actions to risk that information, posing a threat to the company's reputation.
5. Nations Cyber espionage by nations has been increasing since the dawn of the internet. Cyber attacks are being incorporated by various nations to become more powerful and can take advantage of the internet by obtaining more intelligence about other nations.
6. Phishers Phishers are people who collect personal information about their targets by influencing them to click on some malicious link or website, or in some cases, download malicious files like malware.
7. Spammers Spammers are a group of people that send emails to huge masses of people, intending to either extort some money using their credentials or spread malicious files, through links in emails, to compromise the user's system.
8. Malware Authors Malware authors are people who create malicious code to infect and compromise the victim's system. They usually design spyware or malware that will disrupt the system's ability to function.
9. Terrorists Terrorists or cyberterrorists seek to destroy or exploit critical infrastructure to threaten national security, cause mass casualties, weaken the economy, and damage public morale and confidence.
Types of Cyber-threats
Cyber-threats are primarily found and divided into three categories:
1. Cyber Crime - This is a crime carried out by individuals/organizations/hackers to damage a computer network or networked device for financial gains.
2. Cyber Attack - This is an attack carried out by cybercriminals using one or more computers against a single or multiple computer networks to disable computers maliciously, unethically obtain data, or obtain a launch point for other attacks using a computer that was breached.
3. Cyber Terrorism - This is achieving political or ideological gains by conducting violent acts that threaten another's life using the Internet.
Let's discuss some common cyber-threats that are prevalent in the world in 2020:
1) Malware - Malware stands for "Malicious Software." The term malware represents any file or program that is intended to harm or disrupt a computer.
Malware includes the following:
- Botnet Software
A botnet software consists of millions of compromised systems that use a small amount of processing power, making it difficult to detect this type of malware even when it's running. It aims to infect as many internet-connected devices as possible.
- Ransomware Attack
In a ransomware attack, the attacker usually encrypts the victim's data/information and, in return, demands a ransom to decrypt the data. However, in this case, there is no guarantee that the data will be recovered after paying the attacker.
- Remote Access Trojans(RAT's)
RAT's are used by attackers to maliciously install back doors on targeted systems to give remote access and/or administrative control of the victim's system.
Rootkits comprise several malicious payloads, such as keyloggers, RATs, and viruses, allowing the attackers to access their target machines remotely.
Bootkits are a type of rootkit that can infect the start-up code in the software that loads before the operating system.
Spyware is malware that is used to monitor a user's computer activity illegally and harvest their personal information.
A trojan is malware that is disguised as trustworthy software but performs malicious activity when executed by the user or, in some cases, is automatically executed in the background.
A virus is a form of malicious program or code written to modify the working of a computer such that it spreads from one computer to another in a network of devices. A virus usually attaches itself to a legitimate document or source on the computer to execute it.
A Worm is something that spreads its copies from one computer to another as malicious code. There is no need to attach itself to any program to cause harm and doesn't need any human interaction to execute itself.
2) Backdoors - Backdoors are methods in which authorized or unauthorized users can bypass normal authentication and gain root-level privileges on a system.
4) Cryptojacking - Cryptojacking is the unauthorized use of a computer, tablet, mobile phone, or connected home device by cybercriminals to mine for a cryptocurrency(like Bitcoin, Litecoin, Ripple). Hackers usually do this by providing a malicious link in an email and getting the victim to click on it, which loads crypto mining code on the computer.
5) DDoS Attacks - DDoS (distributed denial-of-service) attacks attempt to disrupt a website/server's normal web traffic by taking targeted websites offline. This is done by flooding the systems, servers, or networks with more requests than they can handle, which are generally not legitimate, causing them to crash. DDoS attacks are performed using botnets, as they are used to send counterfeit requests to a target.
6) DNS Poisoning Attack - Domain Name Server (DNS) poisoning, also known as DNS spoofing attack, diverts the real traffic away from legitimate servers and directs it towards fake ones by exploiting system vulnerabilities in the domain name server.
Now that we are done discussing cyber threats, let's focus on some common cyber attacks prevalent in the world in 2020:
1. Botnets - Botnets are a network of compromised systems that use minimal processing power to perform illegal criminal activities like DDoS Attacks or phishing scams.
2. Drive-by downloads - Drive-by downloads install malware on the victim's system as soon as they visit a malicious or compromised website. It doesn't require any human interaction to infect the victim.
3. Exploits and exploit kits - An exploit is a piece of malicious code that can compromise a security vulnerability. These are usually developed by security services for testing purposes, but are stolen by hackers for malicious purposes.
4. Man-In-The-Middle (MITM) Attack - MITM is an attack in which a hacker inserts himself into a communication occurring between the server and the victim and often tampers with the requests and responses.
5. Phishing Attacks - Phishing is a type of social engineering that tricks people into giving sensitive or confidential information about themselves, often via email or login forms.
6. Social Engineering - Social engineering is obtaining information or gaining access to computers by deceiving and manipulating victims. This is done by tricking users into clicking malicious links or by physically gaining access to a computer through deception.
7. SQL Injection - A SQL (Structured Query Language) injection occurs when an attacker inserts malicious code or queries into a website's input parameter, which uses a SQL server.
Why is it necessary to protect against them?
Now that we know enough about the different types of cyber-threats and the harm they can inflict on us, we need to learn exactly why we need to protect them. This process of protecting systems against cyber-threats is called cybersecurity. According to Wikipedia, "Cybersecurity is the protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide."
Cybersecurity is important because these cyber-threats can risk our sensitive data, personally identifiable information, personal health information, and governmental/industry-specific information, which is enough for an attacker to misuse it and force the victim to do anything. These cyber-threats completely breach our data privacy. With an increase in global connectivity and cloud usage, our data privacy is at a higher risk.
How to protect and identify these cyber-threats?
Let us start with the identification of the cyber-threats mentioned earlier. According to Cisco's Midyear Cybersecurity Report, there are five signs to detect a cyber attack.
1. Identify Mysterious Emails Since email phishing is increasing day by day, the employees in a company/organization must practice safe email protocol. They should not click on links or give away sensitive data to an unknown sender. Most of the time, the sender pretends to be legitimate, but the email attachments shouldn't be downloaded or responded to.
2. Note unusual password activity It is a good practice for an employee to keep a strong password because nowadays, the weak passwords are compromised using brute force or dictionary attacks, often leading to the user being locked out of their system.
3. Identify suspicious pop-ups Employees should practice safe web browsing and increased security awareness. Employees shouldn't click on any pop-ups even to close them because they are embedded with malware, which may compromise the entire network.
4. Report a slower than normal network Employees should report a slow network to the IT department because a hacking attempt or malware infection leads to a slower network's spikes, resulting in a slower network than usual.
5. Keep software up to date Keeping software up to date helps the system to be in a better position to identify and detect potential cyber-attacks. Software updates reduce the likelihood of a malware attack.
Now let us come to the most important part, which is protecting the system from cyber-threats. The following should be implemented to protect the system from cyber-threats:
- Ensure that the system has the latest security patches by keeping the software and operating systems up to date.
- All employees should use strong passwords.
- Emails from unknown senders shouldn't be replied to by the employees, as it may be a phishing attempt by an attacker.
- Public places with free wifi should be avoided as they are unsecured.
- Anti-virus software and firewall should be used to detect and remove threats.
- Regular security checks should be performed to ensure the safety of the network.
- The security team should perform penetration testing and vulnerability scans monthly.
- Operational assessments should be performed by the security team to calculate the threat's potential and decide how to respond to threats.
Therefore, we learned about cyber-threats and the various types of cyber-threats through this article. Moreover, we got to know about the sources from where these cyber-threats emerge, and, most importantly, now we know how to identify and eliminate these threats.