Threat and Attack Types

Overview

Threats come in many different shapes and sizes. From well-known security gaps to zero-day challenges, organizations are faced with thousands of threats that security professionals must understand. A threat can also be intentional, unintentional, or otherwise a circumstance, capability, action, or event. Understanding the various threat types is fundamental as this is how you begin to brainstorm and identify threats that may apply to the company.

After this lesson you’ll understand various threat types.

Intentional Attacks Against Technology

The most commonly known threat type are intentional threats against technology. Here are some examples:

• Denial of Service (DoS): Attacks that prevent authorized access to resources create delays in access, usually done by sending fake web traffic, for example, to overwhelm the resource.

• Distributed Denial of Service (DDoS): A denial of service technique that leverages several hosts to send traffic to the target host and overwhelm the resource.

• Password Attacks: Also know as password cracking, these attacks are used to recover passwords or authentication credentials.

• Spoofing: Impersonating a user or device by using a fake IP address to send a message and trick the user into trusting the fake sender.

• Man in the Middle: Intercepting a connection between two devices off users, and potentially changing the messages being sent.

• Malware: Software that includes malicious code that is harmful to computer resources.

• Ransomware: A variant of malware that encrypts the victims data, and threatens to hold the decryption key and data hostage until a payment is made.

• Zero-day is a flaw in software that is very new. It may refer to the software flaw, or an attack method that has zero days between the date the flaw is discovered and the date of the first attack.

• And countless others!

Intentional Attacks Against Humans

Human beings are also commonly targeted by cyber attackers. Most hack attempts require action from a person, in order for them to be successful. This is called social engineering.
Social Engineering: An attempt to trick someone into revealing information (e.g., a password) that can be used to attack systems or networks.

Examples of Social Engineering Tactics:

• Phishing: A technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person.

• Vishing: Phishing executed via voice call.

• Smishing: Phishing executed via SMS or text message.

• Spear phishing: A colloquial term that can be used to describe any highly targeted phishing attack.

• Whaling: A specific kind of phishing that targets high-ranking members of organizations.

Unintentional Threats

Threats are not always intentional. Unintentional threats can have detrimental impacts on business. Popular examples include:

Natural Disasters

• Fire

• Flood

• Earthquake

• Lightning

• Landslide or Mudslide

• Tornados or Severe Windstorms

• Hurricanes, Typhoons, and Tropical Depressions

• Tsunami

• Electrostatic Discharge (ESD)

• Dust Contamination

Human Error

• Social engineering victims

• Security unaware employees (sharing a password, leaving a computer unattended, etc.)

Resources

• Punjab National Bank Example
• Unitypoint Health Example