The Complete Guide to Cyber Threats
Learn about the most pervasive cyber threats you, your family and your business face today, and how to get protected with Keeper®.
What Is a Cyber Threat?
A cyber threat, also known as a cybersecurity threat, is a term used to refer to the possibility of a cyber attack occurring. Any threat related to cybersecurity that has the potential to cause harm to a system, device, network, individual, family or organisation is considered a cyber threat.
It’s important to note that a cyber threat doesn’t need to result in an attack for it to be considered a threat, there just has to be a possibility that the attack could happen.
Cyber Threat vs Cyber Attack: What’s the Difference?
The main difference between a cyber threat and a cyber attack is that a cyber threat refers to the possibility of a cyber attack happening, whereas the term cyber attack refers to the actual attack that happens.
A cyber attack by definition is an attack on devices, networks or systems by cybercriminals who aim to access or steal sensitive information for their benefit – which is usually monetary gain.
Types of Cyber Threats
Malware
Malware is malicious software that infects devices using various techniques. The main goal of malware is to steal sensitive data.
Ransomware Attacks
Ransomware is a type of malware that prevents victims from being able to access the stored data on their infected device until they have paid a ransom. However, paying the ransom doesn’t always guarantee regaining access to the data.
Spyware
Spyware is a type of malware that is installed on a victim’s device without them knowing. Spyware is used to spy on victims to steal their sensitive information including login credentials and credit card numbers.
Keyloggers
Keyloggers are a type of spyware that is used to track the keystrokes of victims as they type and then send the data back to a cybercriminal. Keylogging software is used by cybercriminals to determine a victim’s sensitive information as they type it, such as their password.
Phishing
Phishing is a type of social engineering scam where the cybercriminal pretends to be someone the victim knows in an attempt to get them to reveal personal information. Phishing scams often display a sense of urgency so victims act without second-guessing themselves.
Smishing
Smishing, also known as SMS phishing, is a type of phishing scam that’s executed through SMS text messages rather than through email or phone calls. The goal of a cybercriminal is to steal sensitive information or infect the victim’s device with malware.
Password Spraying
Password spraying is when cybercriminals use a database of common passwords to access several accounts on a single domain. Cybercriminals use common weak passwords like ‘123456’ to gain access to several accounts at once with password spraying.
Brute Force
Brute force is when cybercriminals use trial and error methods to guess login credentials. To carry out a brute force attack, cybercriminals use software that inputs dictionary words and phrases, and commonly used passwords, until it finds a match.
Credential Stuffing
Credential stuffing is when cybercriminals use one set of credentials to try to gain access to several accounts at the same time. Credential stuffing relies on individuals reusing their passwords across multiple accounts so they can gain access to all of them.
Dictionary Attack
A dictionary attack is when cybercriminals use software to compromise user credentials that use common dictionary words and phrases. Cybercriminals often use a wordlist that the software will input so they can crack the password.
Pass-the-Hash
A pass-the-hash attack is a type of cyber attack where a password hash is stolen from administrators and used to gain unauthorised access across an organisation’s network. Using a pass-the-hash attack, cybercriminals don’t need to steal or crack a password, all they need is the password hash.
Spoofing Attack
A spoofing attack is when cybercriminals disguise themselves to make it seem as though they are a trustworthy entity. For example, spoofed emails may look like they’re coming from a legitimate sender, but they’ve been spoofed to make it look like that.
Man-in-the-Middle Attacks
A Man-in-the-Middle (MITM) attack is when a cybercriminal intercepts the data being sent between two individuals to steal it, eavesdrop or modify the data. During this attack, cybercriminals essentially act as “middlemen” between the sender and the receiver.
Supply Chain Attacks
A supply chain attack is when cybercriminals use trusted third party vendors and services, known as the “supply chain”, to compromise a targeted organisation’s network. This type of cyber attack is also commonly referred to as a “value chain attack” or “third-party attack”.
Prevent Common Cyber Threats With Keeper
To prevent falling victim to a cyber attack, you must first understand the most common cyber threats and the steps you can take to protect yourself, your family and your organisation.