Threat is a potential risk that uses vulnerabilities to undermine security and may cause damage/interruption to information/services stored/provided on computer systems or through communication links.
When the confidentiality (to prevent exposure to unauthorized parties), integrity (not to be modified without authorization), and availability (provided upon request of authorized parties) of system information are affected, it will pose a threat to the computer system. Therefore, threats to computer systems can generally include any intentional, unintentional, or natural disasters that affect data loss/manipulation or physical damage to hardware.
Computerized Security Threats
Spoofing
Information gathering attacks
Password attack
The easiest way to gain control of the system or any user account is through a password attack. If the victim's personal and behavioral details are known, the attacker will start by guessing the password. Attackers typically use some form of social engineering to track and find passwords. Dictionary attacks are the next step in password attacks and are automated.
Malware
After gaining access to the system, the attacker obtains malware or malware support, which secretly harms the interests of computer users.
Virus
Computer viruses are the most common threat to computer users. Computer viruses are malicious software designed to spread from one computer to another through file transfers, the use of genuine operating systems and programs, or e-mail. E-mail attachments or content downloaded from specific websites can pollute computers and other computers in the contact list through communication networks. Viruses affect system security by changing settings, accessing confidential data, displaying unwanted advertisements, sending spam and controlling web browsers [2]. The virus is identified as an executable virus, boot sector virus, or email virus.
Worms
Computer worms are fragments of malicious software. They can be quickly copied and spread from one computer to another through their contacts, and then spread again to the contacts of these other computers, etc., and in a short period of time. Reach a large number of systems within time. The fascinating thing is that the worm is ready to spread by exploiting vulnerabilities in the software. The worm displays unwanted advertisements. It uses a lot of CPU time and network bandwidth in this process, denies access to the victim's system or network, causing confusion and trust issues in the communication network.
Trojan Horse Program
A Trojan Horse program is a program that looks completely real, but actually has a malicious part embedded in it. Trojan horses are usually spread through email attachments from trusted contacts and clicking on false advertisements. The Trojan payload is an executable file that will install a server program on the victim's system by opening a port and always listening on that port when the server is running on the attacker's system. Therefore, whenever the attacker wants to log in to the victim machine, he can do so by hiding its backdoor entry from the user.
Spyware and Adware
Spyware and adware are programs that have a common attribute, that is, collect personal information from users without their knowledge. The adware is designed to track user browsing behavior data and display pop-up windows and advertisements on this basis. The adware terms in the agreement during the installation process are often the least serious. On the other hand, spyware installs itself on the computer and collects information about the user's online activities without the user's knowledge. Spyware includes a keystroke recorder that records everything typed on the keyboard, making it insecure due to the high threat of identity theft.
Scareware
Scareware is another type of malware that misleads victims by displaying false alarms and forcing victims to purchase rogue protection software. The alert or pop-up message sounds like a warning message and appropriate protective measures, which can cause security problems if you follow these measures.
Rootkit
Rootkit is a set of software tools secretly assembled with some genuine software. Rootkit allows remote access and management control of the system. With these permissions, the rootkit will perform malicious activities, such as disabling antivirus, password sniffing, keylogging, etc.
Keylogger software can record keystrokes and capture screenshots and save them in an encrypted form to a log file. The Keylogger software can record all the information entered on the keyboard, including passwords, emails, and instant messages. The log file created by the keylogger is saved and mailed to the attacker on the remote machine, with the motivation to extract the password and bank details for financial fraud.
Ransomware
Ransomware is a type of malicious software that can block access to the computer or files on the computer. The computer may be locked or the file may be encrypted. Therefore, two common types of ransomware are lock screen ransomware and encryption ransomware. The victim will be asked for a ransom to lift the restriction, which will be displayed on the victim's system. There may also be a notice stating that the company has detected illegal activities on this computer and demanded a ransom to avoid prosecution.
Fake security software
Fake security software is another malicious program that misleads users into believing that malware is installed on their system or that the security measures are outdated, which causes concern. They provide installation or update of user security settings. Therefore, it is the real malware installed on the computer.
Botnet
A group of infected systems or bots act as a team of infected computers, remotely control and send synchronization attacks to the victim host under the control of the main bot. This army of robots, agents and robot masters constitutes a botnet. Botnets are used to send spam and are also used in distributed denial of service attacks.
Denial of Service Attacks
Denial of Service (DoS) attacks, as the name implies, deny users access to or use of services or systems. This is mainly done by overwhelming bandwidth, CPU or memory. In this case, the victim machine or the server providing the service is denied access to the network. Therefore, DoS attacks can disrupt the services of a computer or network system, making it inaccessible or performing poorly.
Distributed DoS
In a distributed DoS attack (DDoS), the victim is the target of a large number of single systems that are simultaneously attacked. DDoS attacks are generally carried out with the help of botnets. A botmaster is an attacker who uses robots or an army of zombies to indirectly attack the victim's machine. A DDoS attack occurs when a large number of infected systems act synchronously and coordinate under the attacker's control to completely drain their resources and force them to refuse to provide services to their real users. The increase in traffic loaded by a website or server makes the website or server appear slow.
Attacks based on the Internet of Things
In the last ten years, the use of the Internet of Things (IoT) has grown exponentially, the Internet of Things is a smart device used by homes, organizations and companies. The problem with these IoTs is their weak security, because these devices are often ignored when applying security patches. These patches provide clues for attackers to seize these devices to penetrate the network. An Internet of Things-based attack is any cyber attack that exploits the victim to use the Internet of Things to infiltrate malware into the network.
Session hijacking
In session hijacking, the hacker controls the session between two hosts. Session hijacking usually occurs in applications that use TCP and sequence number prediction. The attacker uses this sequence number to send TCP packets.
Combination attack
Combination attack is a software vulnerability exploit, which includes a combination of exploit techniques to attack and spread threats, such as viruses, worms, and Trojan horses.
Website Attacks
The target of website attacks is browser components. Even if the browser is patched, these components are at risk of being deleted. SQL injection attacks are designed to exploit security vulnerabilities in application software and target any website or web application that uses SQL databases (such as MySQL, Oracle, etc.). This attack is used to obtain and destroy the user's confidential data.
Mobile phone and VOIP threats
Malware targets mobile phones, VoIP systems, and IP PBXs because these devices have a large number of published vulnerabilities. There are free attack tools on the Internet, and the abuse of these vulnerabilities can make these attacks too common and simple, even for script kiddies.
WiFi spying
WiFi spying is an attack used by network attackers to obtain confidential information from the target system. This is the act of listening silently on an unencrypted WiFi network.
WPA2 handshake vulnerability
Key Reinstall Attack (KRACK) allows an attacker to decrypt network traffic on the WiFi router. All devices connected to WiFi, such as computers, smartphones, smart devices, and wearable devices, can be identified by hackers.
Internal attacks
One of the most common cybersecurity threats faced by any organization comes from its employees. The internal attacks were initiated by disgruntled employees at the center of the organization. Insiders often have some authority over the data and the systems and networks they attack, giving them an advantage over outside attackers. The firewall is the first level of defense and it is difficult to prevent these attacks.