Cyber threats are evolving all the time, becoming more prevalent and increasingly sophisticated. Alarmingly, Gartner predicts a threefold increase in the number of organizations worldwide that will experience attacks on their software supply chains by 2025, compared to 2021. The impact of a security breach could be business critical, causing untold financial and reputational damage. Therefore, it’s vital to know which threats to watch out for. Here’s a run-down of the top five most common cyber threats today: Show
1. Social engineering attacks (or phishing)Most security breaches are due to social engineering — where criminals trick people into giving out confidential information, clicking on malicious links, or providing entry to secure systems. Approaches can be made via email or telephone, sometimes even using voice impersonation software to make it more convincing. Mark Gendein, Principal Architect at Thomson Reuters, says, “These scams are becoming more effective, which is concerning, as you might expect growing awareness to make them less so.” 2. RansomwareThis is where criminals use malware to hold an organization’s data for ransom, either by blocking access to it or threatening to publish it. Typically, ransomware is downloaded and installed when users open malicious email attachments, click on infected links, or visit infected websites. It’s an extremely widespread type of cybercrime because it is so profitable. Along with the costs of recovering what could be extremely sensitive information — especially for law firms — operational downtime, regulatory sanctions, and potential loss of business could also cost firms dearly. 3. Mobile security attacksMore than six billion people worldwide use smartphones and many often use the same device for professional and personal use. Fake apps that look like genuine apps are infiltrating the App Store and can con users into granting permissions or infect the phone with viruses and malware, enabling criminals to take over accounts and gain access to sensitive data. 4. Remote working risksNow that more people than ever are working remotely, there are potentially far more weaknesses in employers’ systems. Staff may be using out-of-date routers in their homes, working on their own vulnerable devices, or connecting to unsecured wi-fi networks in cafés. According to Jesse Mrasek, Senior Cloud Solutions Architect at Microsoft®, “Very few people know how to patch home routers effectively to update them against threats and it may not even be possible if the routers are old. Carrying out device management at scale is a significant logistical challenge for businesses.” Organizations may need to create, review, and strengthen “bring-your-own-device” policies. 5. Identity-based cloud security threatsBeing “in the cloud” can be more secure than hosting everything on premises, given that major service providers like Microsoft spend billions on security and have teams of experts constantly chasing down threats. However, it does depend on what you are doing. Weak spots can occur, especially where some elements are self-hosted in the cloud. Gendein says, “There are some great tools out there to help you manage security in the cloud, but you have to know how to use them.” As noted above, technology may not be enough to protect you. Typically, attacks will target the identity holder — the firm rather than the service provider — and phish for staff to provide access to log-in details or other data. Usually, these criminals aren’t chancers; they are highly organized and clever, running their operations like a business. They know exactly how to get what they want. The risks for firms are ever present and ever changing, so there’s always more that can be done to minimize vulnerabilities and strengthen defenses. Learn more about how to do so in “Three key ways to make your firm more cybersecure.” Cybersecurity threats continue to grow and evolve in frequency, vector, and complexity. Get a quick, up-to-date review of 21 cybersecurity threats and how to gain the information you need to prevent data breaches and bolster your information security. This is part of an extensive series of guides about cybersecurity. In this article: What are information security threats? The MITRE threat modelCybersecurity threats reflect the risk of experiencing a cyberattack. A cyberattack is an intentional and malicious effort by an organization or an individual to breach the systems of another organization or individual. The attacker’s motives may include information theft, financial gain, espionage, or sabotage. Because the number of cyberthreats is growing rapidly, it is impossible for organizations to prepare for all of them. To help prioritize cybersecurity efforts, MITRE developed its Threat Assessment and Remediation Analysis (TARA) with a very clear Tactics, Techniques, and Procedure (TTP) analysis. Whichever way you model your cybersecurity threats and start to model, the impact or risk is the same calculation as used for all project and program management: Risk = Likelihood + Impact Consider the likelihood of a cyberthreat — how easy is it for attackers to carry out an attack? (This can also relate to scores in the Common Vulnerability Scoring System (CVSS) rankings released by vendors when they announce a vulnerability.) Does it take a skilled adversary or is there an easy buy in or download to launch attacks? If skills are required, are there many attackers out there with the relevant skills or are there threat actor groups that organize to execute attacks for profit? But most important, you must ask your team and your experts locally how likely are you to detect and mitigate the threat? In addition, consider the impact of the threat — how sensitive are the systems likely to be affected, how valuable and sensitive is the data that may be lost, and in general, what would the financial or reputation impact of an attack be? By combining the likelihood with impact, you can identify threats that are significant to your organization and ensure you are protected. What are the main types of cybersecurity threats?The main types of information security threats are: We cover each of these threats in more detail below. 1. Malware attackAttacks use many methods to get malware into a user’s device, most often social engineering. Users may be asked to take an action, such as clicking a link or opening an attachment. In other cases, malware uses vulnerabilities in browsers or operating systems to install themselves without the user’s knowledge or consent. Once malware is installed, it can monitor user activities, send confidential data to the attacker, assist the attacker in penetrating other targets within the network, and even cause the user’s device to participate in a botnet leveraged by the attacker for malicious intent. Malware attacks include:
Social engineering attacks work by psychologically manipulating users into performing actions desirable to an attacker, or divulging sensitive information. Social engineering attacks include:
3. Software supply chain attacksA software supply chain attack is a cyber attack against an organization that targets weak links in its trusted software update and supply chain. A supply chain is the network of all individuals, organizations, resources, activities, and technologies involved in the creation and sale of a product. A software supply chain attack exploits the trust that organizations have in their third-party vendors, particularly in updates and patching. This is especially true for network monitoring tools, industrial control systems, “smart” machines, and other network-enabled systems with service accounts. An attack can be made in many places against the vendor continuous integration and continuous delivery (CI/CD) software lifecycle, or even against third-party libraries and components as seen via Apache and Spring. Types of software supply chain attacks:
4. Advanced persistent threats (APT)When an individual or group gains unauthorized access to a network and remains undiscovered for an extended period of time, attackers may exfiltrate sensitive data, deliberately avoiding detection by the organization’s security staff. APTs require sophisticated attackers and involve major efforts, so they are typically launched against nation states, large corporations, or other highly valuable targets. Common indicators of an APT presence include:
5. Distributed denial of service (DDoS)The objective of a denial of service (DoS) attack is to overwhelm the resources of a target system and cause it to stop functioning, denying access to its users. Distributed denial of service (DDoS) is a variant of DoS in which attackers compromise a large number of computers or other devices, and use them in a coordinated attack against the target system. DDoS attacks are often used in combination with other cyberthreats. These attacks may launch a denial of service to capture the attention of security staff and create confusion, while they carry out more subtle attacks aimed at stealing data or causing other damage. Methods of DDoS attacks include:
6. Man-in-the-middle attack (MitM)When users or devices access a remote system over the internet, they assume they are communicating directly with the server of the target system. In a MitM attack, attackers break this assumption, placing themselves in between the user and the target server. Once the attacker has intercepted communications, they may be able to compromise a user’s credentials, steal sensitive data, and return different responses to the user. MitM attacks include:
7. Password attacksA hacker can gain access to the password information of an individual by ‘sniffing’ the connection to the network, using social engineering, guessing, or gaining access to a password database. An attacker can ‘guess’ a password in a random or systematic way. Password attacks include:
Cyberthreat actors When you identify a cyberthreat, it’s important to understand who the threat actor is, as well as their tactics, techniques, and procedures (TTP). Common sources of cyberthreats include:
Emerging information security threats and challenges in 2022As technology evolves, so do the threats and issues that security teams face. Below are a few of the top trends and concerns in cybersecurity today. Use of artificial intelligence (AI) by attackersAI is a double-edged sword; it is improving security solutions but at the same time is leveraged by attackers to bypass those solutions. Part of the reason for this is the growing accessibility to AI. In the past, developing machine learning models was only possible if you had access to significant budgets and resources. Now, however, models can be developed on personal laptops. This accessibility makes AI a tool that has expanded from major digital arms races to everyday attacks. While security teams are using AI to try to detect suspicious behavior, criminals are using it to make bots that pass for human users and to dynamically change the characteristics and behaviors of malware. Cybersecurity skills gapThere is a constant concern over the cybersecurity skills gap. There are simply not enough cybersecurity experts to fill all of the positions needed. As more companies are created and others update their existing security strategies, this number increases. Modern threats, from cloned identities to deep fake campaigns, are getting harder to detect and stop. The security skills required to combat these threats go far beyond just understanding how to implement tools or configure encryptions. These threats require diverse knowledge of a wide variety of technologies, configurations, and environments. To obtain these skills, organizations must recruit high-level experts or dedicate the resources to training their own. Vehicle hacking and Internet of Things (IoT) threatsThe amount of data contained in a modern vehicle is huge. Even cars that are not autonomous are loaded with a variety of smart sensors. This includes GPS devices, built-in communications platforms, cameras, and AI controllers. Many people’s homes, workplaces, and communities are full of similar smart devices. For example, personal assistants embedded in speakers are smart devices. The data on these devices can provide sensitive information to criminals. This information includes private conversations, sensitive images, tracking information, and access to any accounts used with devices. These devices can be easily leveraged by attackers for blackmail or personal gain. For example, abusing financial information or selling information on the black market. With vehicles in particular, the threat of personal harm is also very real. When vehicles are partially or entirely controlled by computers, attackers have the opportunity to hack vehicles just like any other device. This could enable them to use vehicles as weapons against others or as a means to harm the driver or passengers. Threats facing mobile devicesEven if people haven’t fully embraced smart technologies, nearly everyone has a mobile device of some sort. Smartphones, laptops, and tablets are common. These devices are often multipurpose, used for both work and personal activities, and users may connect devices to multiple networks throughout the day. This abundance and widespread use make mobile devices an appealing target for attackers. Targeting is not new but the real challenge comes from security teams not having full control over devices. Bring your own device (BYOD) policies are common but these policies often do not include internal control or management. Often, security teams are only able to control what happens with these devices within the network perimeter. Devices may be out of date, already infected with malware, or have insufficient protections. The only way security teams may have to block these threats is to refuse connectivity, which isn’t practical. Cloud security threatsWith businesses moving to cloud resources daily, many environments are growing more complex. This is particularly true in the case of hybrid and multi-cloud environments, which require extensive monitoring and integration. With every cloud service and resource that is included in an environment, the number of endpoints and the chances for misconfiguration increase. Additionally, since resources are in the cloud, most, if not all endpoints are Internet-facing, granting access to attackers on a global scale. To secure these environments, cybersecurity teams need advanced, centralized tooling and often more resources. This includes resources for 24/7 protection and monitoring since resources are running and potentially vulnerable even when the workday is over. State-sponsored attacksThe Russia-Ukraine war and the new geopolitical situation has raised the stakes of state-sponsored attacks against Western nations and organizations. As more of the world moves to the digital realm, the number of large-scale and state-sponsored attacks are increasing. Networks of hackers can now be leveraged and bought by opposing nation-states and interest groups to cripple governmental and organizational systems. For some of these attacks, the results are readily apparent. For example, numerous attacks have been identified that involved tampering with elections. Others, however, may go unnoticed, silently gathering sensitive information, such as military strategies or business intelligence. In either case, the resources funding these attacks enables criminals to use advanced and distributed strategies that are difficult to detect and prevent. Using threat intelligence for threat preventionThreat intelligence is organized, pre-analyzed information about attacks that may threaten an organization. Threat intelligence helps organizations understand potential or current cyberthreats. The more information security staff have about threat actors, their capabilities, infrastructure, and motives, the better they can defend their organization. Threat intelligence systems are commonly used in combination with other security tools. When a security system identifies a threat, it can be cross-referenced with threat intelligence data to immediately understand the nature of the threat, its severity, and known methods for mitigating or containing the threat. In many cases, threat intelligence can help automatically block threats — for example, known bad IP addresses can be fed to a firewall, to automatically block traffic from compromised servers. Threat intelligence is typically provided in the form of feeds. There are free threat intelligence feeds, and others provided by commercial security research bodies. Several vendors provide threat intelligence platforms that come with numerous threat intelligence feeds and help manage threat data and integrate it with other security systems. Using UEBA and SOAR to mitigate information security threatsUser and Entity Behavior Analytics (UEBA) and Security Orchestration, Automation, and Response (SOAR) are technologies that aggregate threat activity data and automate processes related to its identification and analysis, increasing the effectiveness and efficiency of security teams. UEBAUEBA uses machine learning to construct a baseline of normal behavior for users or devices/entities within a network, which helps to detect deviations from the baseline behavior. Behavior models and machine learning assign various levels of risk depending on the type of behavior. The risk score of the user or device for an event is determined and is stitched with related events into a timeline to assess if these events pose a threat to an organization. By tying together the behaviors identified as anomalous, analysts can trace all the steps an attacker has taken and thus pin down the threat quickly. Unlike SIEM, UEBA solutions can detect threat activity over an extended period across multiple organizational systems. UEBA allows security teams to work more efficiently by narrowing down the number of threats they need to investigate, generating alerts, and providing information on breaches that occur. UEBA can help identify a variety of insider threats, data exfiltration, and lateral movement:
UEBA can also prioritize high-risk events and monitor large numbers of devices:
SOARSOAR tools collect data for security investigations from multiple sources, facilitate incident analysis and triage with machine assistance, define and direct threat response workflow, and enable automated incident response. Security teams can integrate SOAR tools with other security solutions to respond to incidents more effectively. They can use these solutions through a generic interface, eliminating the need for expert analysts specializing in each system. SOAR allows security teams to automate enforcement and status tracking or auditing tasks based on decision-making workflows as assigned. SOAR tools simplify incident management and collaboration by automatically generating incidents based on guidelines and including relevant contextual information. They provide a timeline of events for analysis and allow for the addition of evidence as it is found as well as assisting case management by accepting documentation of threats, responses, and outcomes. A comprehensive UEBA solution goes hand-in-hand with SOAR as an effective investigation tool, where the ultimate goal of SOC analysts is to reduce the time needed to detect threats and respond to incidents. Finally, SOAR tools aid security teams in effectively responding to security incidents by proactively enforcing processes to gather comprehensive evidence, seamlessly integrating with various third-party services and security vendors, and associating a timeline of events to pinpoint anomalous behavior. Learn More About Cybersecurity ThreatInformation Security Threats and Tools for Addressing Them The value of information today makes it a desirable commodity and a tempting target for theft and sabotage, putting those creating and using it at risk of attack. Criminals are constantly finding new ways of bypassing security tools and security developers are working to stay ahead by building more intelligent solutions. The loss of information can cause great harm to a company, but by taking the right precautions and using the appropriate tools, the risk can be greatly minimized. Read on to find out what types of information security threats you have to consider, including examples of common threats, and how you can mitigate your risks. Read more: Information Security Threats and Tools for Addressing Them Drive By Downloads: What They Are and How to Avoid Them Most people don’t think twice about the websites they visit, quickly clicking through and not paying much attention to whether a link will redirect them or if a secure protocol is being used. Often, this isn’t a problem but if you happen to visit a site that has been compromised, your system can be quickly infected by a drive by download. Here, we’ll look at what a drive by download is, the type of damage it can cause, and cover some strategies that your security operations center can use to minimize your risk. Read more: Drive By Downloads: What They Are and How to Avoid Them Cyber Crime: Types, Examples, and What Your Business Can Do Cyber crime is the flip side of cybersecurity — a huge spectrum of damaging and illegal activity carried out using computers and the Internet. This article will help you understand cyber crime and how to defend your organization against it. Read more: Cyber Crime: Types, Examples, and What Your Business Can Do What is MITRE ATT&CK: An Explainer MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations of cyberattacks. They’re displayed in matrices that are arranged by attack stages, from initial system access to data theft or machine control. There are matrices for common desktop platforms—Linux, macOS and Windows—as well as mobile platforms. Read more: What is MITRE ATT&CK: An Explainer What is MITRE ATT&CK: An Explainer The MITRE ATT&CK framework, model, and taxonomy provide a categorized and structured catalog of tactics (the “why” of an attack) and techniques (the “how” and sometimes the “what” of an attack). The relationship between tactics and techniques is organized and presented as the ATT&CK matrix. The philosophy of the ATT&CK model is that by focusing on and prioritizing your defense against documented threat behavior, you can understand, prevent, and mitigate these threats and attacks. Read more: Mitigating Security Threats with MITRE ATT&CK Defending Against Ransomware: Prevention, Protection, Removal A ransomware attack can be crippling for an organization. During an attack, cybercriminals will block access to your files or network, claiming that if you pay a ransom fee, your access will be restored. An effective ransomware defense strategy is essential to prevent extensive damage and must include three pillars: prevention, protection, and quick removal. Read more: Defending Against Ransomware: Prevention, Protection, Removal Top 5 Social Engineering Techniques and How to Prevent Them Social engineering takes advantage of the weakest link in our security chain — our human workforce — to gain access to corporate networks. Attackers use increasingly sophisticated trickery and emotional manipulation to cause employees, even senior staff, to surrender sensitive information. Learn about the stages of a social engineering attack, what are the top social engineering threats according to the InfoSec Institute, and best practices to defend against them. Read more: Top 5 Social Engineering Techniques and How to Prevent Them Privilege Escalation Detection: The Key to Preventing Advanced Attacks Attackers are becoming increasingly sophisticated, and organized groups of hackers are carrying out advanced attacks against attractive targets. A key component in almost all advanced attacks is privilege escalation — an attempt to compromise an account, and then expand the attacker’s privileges, either by gaining control of more accounts or increasing the privilege level of the compromised account. Read on to understand how privilege escalation works, how to detect it in your organization, and how to protect your systems and stop advanced attacks before they reach your most sensitive assets. Read more: Privilege Escalation Detection: The Key to Preventing Advanced Attacks SIEM Concepts: Security Incidents Security incidents indicate the failure of security measures or the breach of organizations’ systems or data. This includes any event that threatens the integrity, availability, or confidentiality of information. Causes of security incidents include perimeter breaches, cyber attacks, and insider threats. Incidents usually require an IT administrator to take action. Incident response (IR) is an organized process by which organizations defend themselves against security incidents. Read more: SIEM Concepts: Security Incidents See Our Additional Articles on Key Cybersecurity TopicsTogether with our content partners, we have authored in-depth guides on several other topics that can also be useful as you explore the world of Cybersecurity. What is PhishingLearn about phishing, a social engineering tactic used by attackers in a majority of cyber attacks. Security MisconfigurationAuthored by Bright Security Learn how security misconfigurations can expose sensitive systems and data to attackers. Cyber Security SolutionsAuthored by Imperva Learn how cyber security solutions like SIEM, WAF, and SASE are helping organizations improve their security posture. What are the most common threat to information systems devices and technology?1. Malware. Malware is malicious software such as spyware, ransomware, viruses and worms. Malware is activated when a user clicks on a malicious link or attachment, which leads to installing dangerous software.
What are the most common threats against information systems?Information Security threats can be many like Software attacks, theft of intellectual property, identity theft, theft of equipment or information, sabotage, and information extortion.
What is the most common threat to a user device?Top Mobile Security Threats. Malicious Apps and Websites. Like desktop computers, mobile devices have software and Internet access. ... . Mobile Ransomware. ... . Phishing. ... . Man-in-the-Middle (MitM) Attacks. ... . Advanced Jailbreaking and Rooting Techniques. ... . Device and OS exploits.. What are the three 3 threats to information security?The three most general categories are natural threats (such as earthquakes), physical security threats (such as power outages damaging equipment), and human threats (blackhat attackers who can be internal or external.)
|