Top 10 Cyber Threat Analyst (Part II)

Top 10 Cyber Threat Analyst. We continue our educational post about the top cyber threats (Find Part I here). In this Part II, we will see the remaining five attacks from the list below:

6. Distributed Denial of Service (DDoS)
7. Identity Theft
8. Data Breach
9. Insider Threat
10. Botnets

So let’s explore and explain the above threats as simple as possible:

6. Distributed Denial of Service (DDoS)

An attack that targets the availability of the system is called Denial of Service (DoS). When a DoS attack is active on a system or service, users are unable to access the necessary data, services, or other resources. The way this attack works is that attackers try to overload the network infrastructure or service with malicious requests so that it cannot serve any benign requests. The difference between DoS and Distributed Denial of Service (DDoS) is the number of computers deployed in the attack. In DoS attack, usually a single source attacks a server while in DDoS, multiple computers flood the server.

Nowadays, attackers increased dramatically the number of attacks by targeting different sectors. It is also easier for someone to find in the web guides and tutorial on how to deploy a DDoS attack on a specific target. The most common attacks are SYN and UDP flood. In those attacks, malicious actors send special packets, called SYN packets, to initiate a connection to a server. However, they don’t finalize the connection and the server spends resources to keep the connection active. Activating millions of SYN connections results into resource exhaustion and the server stops responding.

7. Identity Theft

Data fraud or Identity Theft is the illegal utilization of a casualty’s Personal Identifiable Information (PII) by a faker to mimic that individual to gain financial benefits. There is an increasing trend of this attack as many data breaches occur everyday. The stolen data usually are sold to Dark web or other illegal places. The common way of delivering this attack is by using phishing emails to trick users.

8. Data breach

In this type of cyber threat, attackers access without authorization the information stored in a system with malicious intent. When data breach occurs, hackers usually sell the obtained data to dark web fοrums. The most common reason of data breach is usually the misconfiguration of specific services. According to researchers, it usually takes 206 days for an organization to discover a data breach. That means it would take longer to eradicate and recover from the attack. In addition, more and more organizations transfer critical data from on-premise into complex cloud environments. Without the proper knowledge and configurations, data breaches may continue to increase.

9. Insider Threat

Insider threat is another danger that all businesses should consider. In this attack, an employee or a group of individuals that are working with the victim take malicious activities against the victim. The result of this attack is mostly to damage an organization’s reputation and finances.

There are five reasons that a person can become an insider threat based on their goals:

1. Irresponsible employees who do not care about organization’s policies, and install malicious applications
2. Inside employees who are paid to steal data on behalf of outsiders
3. Unhappy employees that want to hurt their organization
4. Malicious actors who are employees and expose inside data for their personal satisfaction. Usually, they use their administrator privileges
5. Third-parties who find malicious ways to hack into organization’s systems

10. Botnets

One of the biggest threats to the internet is thought to be botnets. A botnet is referred as a group of compromised computers. A compromised computer acts as a bot. That means it has installed a harmful software that receives and sends commands to a master server.

A computer can get infected with a bot by visiting a malicious website, as mentioned in previous attacks, or when a virus installs the bot. Once the bot malware is installed on the computer, it has any privileges that the computer admin has. For example, it can read, write, execute any file or even reboot the computer. Attackers usually have a Control & Command (C&C) server to control the bots. Thus, commands such as spam attacks, DDoS attacks or any other illegal action may be sent from C&C to bots. Moreover, cyber-criminals may also rent their botnets to allow clients execute their own illegal activities.

Conclusion For Cyber Threat Analyst

Now, you should have a basic understanding of what are the top internet threats. Everyone should take some minutes to read and understand the importance of protection in the world o internet.

In our next posts we plan to explain some simple methods of defense. An average internet user should have in mind that as we try to protect ourselves in real life, the same we should do to protect our personal computer and life on the internet.