澳门天天彩开奖记录

Skip to Main Content Skip to bottom Skip to Chat, Email, Text

12 cybersecurity threats and how to avoid them

Michael Feder

Written by Michael Feder

Kathryn Uhles

Reviewed by聽Kathryn Uhles, MIS, MSP,聽Dean, College of Business and IT

Female cybersecurity professional stares at a bank of computer monitors

Cybersecurity concerns have grown as internet-connected devices and computer networks become a larger part of professional and private life. Cyber crime is currently one of the biggest threats in the business world. The firm Cybersecurity Ventures estimated that cyber crime . Many IT risk-management strategies focus exclusively on these problems.聽Technology experts can help protect organizations from Ransomware, DDoS and other forms of cyber attacks.聽

Mobile devices and the Internet of Things (IoT) have increased the number of targets for hackers and given rise to new cyber-attack strategies. Cyber crime has also opened the door to a new breed of computer specialists: cybersecurity experts. You can even pursue a Bachelor of Science in Cybersecurity if you are interested in this growing and challenging field. 聽

Professionals who have a more general Bachelor of Science in Information Technology degree can also specialize via an Advanced Cybersecurity Certificate or a Master of Science in Cybersecurity to bring their technical knowledge to serve organizations navigating the dynamic security ecosystem. These programs impart the necessary knowledge for understanding evolving cybersecurity threats. 聽

So, what are those threats exactly? Whether you choose a computer-related career in an organization or just want to ensure proper digital security in your everyday life, here are the different types of cybersecurity threats to be aware of.

Phishing

Phishing is an example of social engineering when hackers masquerade as a trusted entity and send digital messages, such as emails or texts, to manipulate individuals into helping them gain illegal access. These messages ask for secure information (like a password), or they have links that automatically install malware. The malicious programs can find and transmit sensitive data within your computer or incapacitate the entire network.

Cybercriminals will typically pretend to be reputable entities, such as well-known companies, so that you do not think twice before opening the link or entering your password. For example, a hacker might pretend to be from PayPal or Microsoft, and they may include official logos and other identifying marks on the email to make it seem legitimate. 聽

You can spot phishing emails because they often have odd or lengthy email addresses or links to misspelled domain names.聽聽Knowing this can help protect you or your organization from this security risk.

Malware

Malware is intrusive software designed to interfere with a computer or transmit information to a third party. Malware is a blanket term for programs that steal or disrupt. Examples of malware include:

  • Spyware, which gives a hacker access to your computer's files and data
  • Adware, which spams your computer with pop-up ads
  • Ransomware, which disables an entire network until you pay a ransom
  • Keystroke tracking, which logs your keystrokes, including passwords

Hackers can send malware via file transfers, file-sharing programs or phishing emails. Often, the user will not know their computer has been infected with malware.聽

Cryptojacking

occurs when a hacker secretly uses a victim鈥檚 computing power to generate cryptocurrency. Typically, the hacker gets the computer owner to download a malware file, which installs a special crypto-mining program on the computer or other internet-connected device. 聽

Since cryptojacking uses lots of memory, you may notice that your computer鈥檚 performance begins to lag. However, since the program runs undetected in the background, you will still be able to use the computer.聽

Man-in-the-middle attacks

A occurs when hackers insert themselves into a two-party transaction. For instance, they may intercept communication between users and their credit card websites.

The goal of MitM cybercriminals is to commit a data breach and steal information from an organization, such as login details or a credit card number. 聽

In some cases, the attack involves a hacker using a redirect or a pop-up when the victim is trying to get to an official site. Some attacks happen on unsecured public Wi-Fi networks, which allow the hacker to install malware or see data without having to get the victim to open a link or enter login details.聽

DNS tunneling

The Domain Name System (DNS) protocol, despite being one of the most widely used and trusted internet protocols, has a vulnerability that hackers seek to exploit. is a cyberattack that misuses the DNS protocol to sneak malicious traffic past firewalls and other security defenses. 聽

Because DNS is a well-established and trusted tool, many organizations do not examine their DNS traffic for malicious activity. Cybercriminals with the right technology knowledge can insert malware using DNS queries and then transmit data back and forth without being detected by antivirus tools.聽

IoT attacks

The Internet of Things includes smart devices with embedded computer systems connected to Wi-Fi. These items, such as smart refrigerators, home security cameras and car navigation systems, typically have lax security. 聽

Hackers can gain access to these devices and use them for denial-of-service attacks or cryptojacking. They can also access your network and see data and traffic details from other devices using the same connection.聽

SQL injection

is a common cyberattack technique involving malicious SQL code. (SQL, or structured query language, is a domain-specific computer-programming language.)

Basically, the hacker manipulates the code in the system to gain access to databases that contain sensitive information. An SQL injection is relatively straightforward for someone who knows the code and can get access to the backend of a computer system. 聽

They may modify the code to tell the system to display hidden data or trick the database application into retrieving sensitive data by changing the querying algorithms.聽

Denial-of-service attack

A is meant to shut down a computer system or website so that legitimate users cannot access it. A DoS attack can be carried out by flooding the servers with traffic. For example, if a site gets too many visitors, its servers will eventually slow down and stop. This type of attack can be difficult to stop because most websites are set up to attract traffic. 聽

A hacker can also use malware to crash a website or computer system from the inside by disabling necessary databases or backend features.聽

Zero-day exploit

A is a security flaw in a computer security system or device that has been discovered but has yet to be patched by software developers. A zero-day exploit occurs when a hacker takes advantage of this security flaw. Mobile devices can be particularly vulnerable to this type of attack because they receive frequent updates, while some apps are not updated with the necessary frequency. A hacker can gain access to the phone鈥檚 camera, location data and passwords in these situations.聽

Password attack

As its name suggests, a password attack is when hackers steal a password to gain access to an individual鈥檚 or organization鈥檚 computer systems and information. Hackers will often exploit legal means to gain unauthorized system access. For example, they may try recovering a user鈥檚 forgotten password. Usually, however, they steal passwords via phishing emails that request a victim log in or change their password using a spoofed 鈥渙fficial鈥 site. Some password thieves rely on malware with keystroke tracking.聽

Cross-site scripting

focuses on a security vulnerability in websites and applications. XSS enables attackers to create client-side scripts and put them on websites so that they can impersonate the victim. The site thinks the hacker is a legitimate user and gives them access to privileged information. 聽

Typically, XSS targets websites or a company鈥檚 secure computer system. After gaining access, the hacker can navigate the network like a legitimate user and steal data or information.聽

Rootkits

A rootkit is designed to enable access that is otherwise not permitted without proper authorization or credentials. For example, the malicious software can allow access to secure computers, password-protected drives within a computer or secure apps on a smartphone. 聽

because they mask their presence within an infected system. Furthermore, the software can help hide additional malware, such as keystroke tracking programs. 聽

Cybersecurity experts learn to protect against, detect, counteract and destroy malicious software. Through the right degree programs, they also develop a skill base that will allow them to create strategies for fighting future hacking methods.聽

Headshot of Michael Feder

ABOUT THE AUTHOR

A graduate of Johns Hopkins University and its Writing Seminars program and winner of the Stephen A. Dixon Literary Prize, Michael Feder brings an eye for detail and a passion for research to every article he writes. His academic and professional background includes experience in marketing, content development, script writing and SEO. Today, he works as a multimedia specialist at 澳门天天彩开奖记录 where he covers a variety of topics ranging from healthcare to IT.

Headshot of Kathryn Uhles

ABOUT THE REVIEWER

Currently Dean of the College of Business and Information Technology,聽Kathryn Uhles has served 澳门天天彩开奖记录 in a variety of roles since 2006. Prior to joining 澳门天天彩开奖记录, Kathryn taught fifth grade to underprivileged youth in Phoenix.

checkmark

This article has been vetted by 澳门天天彩开奖记录's editorial advisory committee.聽
Read more about our editorial process.

Read more articles like this: