The Complete Guide to Cyber Threats

Learn about the most pervasive cyber threats you, your family and your business face today, and how to get protected with Keeper®.

What Is a Cyber Threat?

A cyber threat, also known as a cybersecurity threat, is a term used to refer to the possibility of a cyber attack occurring. Any threat related to cybersecurity that has the potential to cause harm to a system, device, network, individual, family or organisation is considered a cyber threat.

It’s important to note that a cyber threat doesn’t need to result in an attack for it to be considered a threat, there just has to be a possibility that the attack could happen.

What Is a Cyber Threat?

Cyber Threat vs Cyber Attack: What’s the Difference?

The main difference between a cyber threat and a cyber attack is that a cyber threat refers to the possibility of a cyber attack happening, whereas the term cyber attack refers to the actual attack that happens.

A cyber attack by definition is an attack on devices, networks or systems by cybercriminals who aim to access or steal sensitive information for their benefit – which is usually monetary gain.

Cyber Threat vs Cyber Attack: What’s the Difference?

Types of Cyber Threats

Malware

Malware

Malware is malicious software that infects devices using various techniques. The main goal of malware is to steal sensitive data.

Ransomware Attacks

Ransomware Attacks

Ransomware is a type of malware that prevents victims from being able to access the stored data on their infected device until they have paid a ransom. However, paying the ransom doesn’t always guarantee regaining access to the data.

Spyware

Spyware

Spyware is a type of malware that is installed on a victim’s device without them knowing. Spyware is used to spy on victims to steal their sensitive information including login credentials and credit card numbers.

Keyloggers

Keyloggers

Keyloggers are a type of spyware that is used to track the keystrokes of victims as they type and then send the data back to a cybercriminal. Keylogging software is used by cybercriminals to determine a victim’s sensitive information as they type it, such as their password.

Phishing

Phishing

Phishing is a type of social engineering scam where the cybercriminal pretends to be someone the victim knows in an attempt to get them to reveal personal information. Phishing scams often display a sense of urgency so victims act without second-guessing themselves.

Smishing

Smishing

Smishing, also known as SMS phishing, is a type of phishing scam that’s executed through SMS text messages rather than through email or phone calls. The goal of a cybercriminal is to steal sensitive information or infect the victim’s device with malware.

Password Spraying

Password Spraying

Password spraying is when cybercriminals use a database of common passwords to access several accounts on a single domain. Cybercriminals use common weak passwords like ‘123456’ to gain access to several accounts at once with password spraying.

Brute Force

Brute Force

Brute force is when cybercriminals use trial and error methods to guess login credentials. To carry out a brute force attack, cybercriminals use software that inputs dictionary words and phrases, and commonly used passwords, until it finds a match.

Credential Stuffing

Credential Stuffing

Credential stuffing is when cybercriminals use one set of credentials to try to gain access to several accounts at the same time. Credential stuffing relies on individuals reusing their passwords across multiple accounts so they can gain access to all of them.

Dictionary Attack

Dictionary Attack

A dictionary attack is when cybercriminals use software to compromise user credentials that use common dictionary words and phrases. Cybercriminals often use a wordlist that the software will input so they can crack the password.

Pass-the-Hash

Pass-the-Hash

A pass-the-hash attack is a type of cyber attack where a password hash is stolen from administrators and used to gain unauthorised access across an organisation’s network. Using a pass-the-hash attack, cybercriminals don’t need to steal or crack a password, all they need is the password hash.

Spoofing Attack

Spoofing Attack

A spoofing attack is when cybercriminals disguise themselves to make it seem as though they are a trustworthy entity. For example, spoofed emails may look like they’re coming from a legitimate sender, but they’ve been spoofed to make it look like that.

Man-in-the-Middle Attacks

Man-in-the-Middle Attacks

A Man-in-the-Middle (MITM) attack is when a cybercriminal intercepts the data being sent between two individuals to steal it, eavesdrop or modify the data. During this attack, cybercriminals essentially act as “middlemen” between the sender and the receiver.

Supply Chain Attacks

Supply Chain Attacks

A supply chain attack is when cybercriminals use trusted third party vendors and services, known as the “supply chain”, to compromise a targeted organisation’s network. This type of cyber attack is also commonly referred to as a “value chain attack” or “third-party attack”.

Prevent Common Cyber Threats With Keeper

To prevent falling victim to a cyber attack, you must first understand the most common cyber threats and the steps you can take to protect yourself, your family and your organisation.

English (UK) Call Us