CYBER THREATS OVERVIEW

    |    Cybersecurity Association    |    Cyber Threats

WHAT IS A CYBER THREAT?

A cyber threat is any malicious act that causes us damage electronically. From the disruption of our computer operations to the theft or destruction of our personal data to financial damage. The motivation and goals of the attackers are very diverse and so are the types of cyber threats.

In the following, we would like to give you an overview of the threat landscape and which methods can be used to discover the various cyber threats.

TYPES OF CYBER THREATS

Cyber Threats - Malware Icon

MALWARE

Malware is the generic term for program code that is written to perform malicious acts on a computer. As soon as the malware has been smuggled into a computer system, it starts automatically and carries out the malicious actions that the attacker intended. The different categories of malware serve their purpose in different ways, pursue different goals and have different effects on the computer system.

Cyber Threats - Network Attack Icon

NETWORK ATTACK

The term “network attack” encompasses all cyber threats that are carried out at the network level. The targets of these attacks are very diverse and range from the disruption of services to the theft of data and identities to manipulation, espionage and blackmail. This affects not only corporate but also home networks and the starting point can be on the Internet, but also on your own network or in the immediate vicinity.

Cyber Threats - Social Engineering Icon

SOCIAL ENGINEERING

Social engineering describes a category of cyber threats that use an interaction with the computer user. The attacker’s goal is to induce certain behavior on the part of his victim, such as visiting a certain website, opening an email attachment, buying products, providing information, paying money and much more. The interaction can take place impersonally, e.g. via emails or phone calls, but also personally.

Cyber Threats - Targeted Attack Icon

TARGETED ATTACK

In a targeted attack, the attacker focuses on a specific target rather than the crowd. In addition to special attack techniques that are only used in this case, cyber threats from other categories are also used, but in a tailor-made form. For example, only a specific company is to be attacked, for which purpose special malware is developed and only employees of the specified company are addressed with individual social engineering.

An Advanced Persistent Threat (APT) is a long-term attack against a specific company. The aim is to gain unnoticed access to data and information and steal it. The attack is typically carried out in four stages: 1) The attacker spies on the company and obtains detailed information for the intrusion. 2) The first computer is infected, whereby methods of Social Engineering and tailor-made Malware can be used to give the attacker a door into the network. 3) Starting from the first computer, the attacker works his way through the network until he has reached his desired target system. Existing tools are usually used for this to avoid alarming a security system. 4) Once the attacker has reached his target system, he extracts the desired data and transfers it to an external system. The entire process for an APT can take weeks or several months.

Detectable with

Behavior Analysis

Adware is malicious code that displays unwanted advertisements. In addition, Adware can redirect your search queries to advertising websites and collect usage data from your surfing behavior in order to display targeted advertising.

Detectable with

File Analysis

Registry Analysis

Web Analysis

Network Analysis

An Archive Bomb is a specially prepared archive file, such as ZIP or RAR, which has an extremely high level of nesting. If this is unpacked, it can take on a multiple of its size, require a lot of resources and send the unpacking process into an endless loop. The aim is usually to overload the engine of an anti-virus program that unpacks the archives during the investigation.

Detectable with

File Analysis

A Backdoor is malicious code that enables an external attacker to access a computer remotely. Often times, this form of Malware is combined with a Rootkit to disguise the existence of the Backdoor.

Detectable with

File Analysis

Rootkit Analysis

Network Analysis

Bloatware is not directly malicious code, but the automatic installation of unwanted additional software. This provides unnecessary additional functions and often slows down the computer. The term is also often used for unwanted additional software that is preinstalled when you buy a new device (computer, smartphone).

Detectable with

File Analysis

Registry Analysis

A Bot is special malware that connects the computer to a network of other Bots (Botnet). The Bot then receives commands from so-called Command & Control servers and enforces them. Such Botnets are used to carry out large-scale network attacks such as DDoS or Spam campaigns and your computer automatically participates in these attacks on command.

Detectable with

File Analysis

Network Analysis

A Brute Force attack is used to guess the username and password of an access control. For this purpose, a wide variety of combinations are automatically tried out in quick succession until a suitable combination is found. The method can also be used, for example, to track down hidden websites or to guess the encryption key of a message.

Detectable with

Network Analysis

Behavior Analysis

Crimeware is the term used to describe the types of Malware that are used to carry out cybercrime. The stealing of identities, money and intellectual property are in the foreground here. In addition to the use of malicious code, Social Engineering methods are also used for this purpose.

Detectable with

File Analysis

Web Analysis

Network Analysis

Email Analysis

Awareness

A Crypto Miner is malicious code that is used illegally to mine crypto currencies (new creation of crypto coins) without the consent of the user. Since this process is very computationally intensive, this Malware variant is used to steal computing capacity and thus extremely affects a computer.

Detectable with

File Analysis

Registry Analysis

Web Analysis

Network Analysis

Email Analysis

Exploit Analysis

Script Analysis

Behavior Analysis

Awareness

We speak of a data breach if it can be proven that unauthorized persons have gained access to sensitive data, these have been copied or destroyed or activities have taken place to circumvent security measures. A data breach is therefore not an attack in the strict sense of the word, but the result of an attack.

Detectable with

Behavior Analysis

Dialer is a type of malicious code that unintentionally tries to call expensive premium rate numbers and thus causes high costs. With the extinction of modem connections, this type of threat has become obsolete, but attackers are again successfully using it on smartphones.

Detectable with

File Analysis

Registry Analysis

Web Analysis

DNS tunneling is the improper use of the DNS protocol. This is responsible for name resolution, e.g. for surfing the Internet in order to translate URLs into the appropriate IP addresses. However, attackers can misuse this protocol to extract data or to conduct hidden communication with their Command & Control servers.

Detectable with

Network Analysis

Behavior Analysis

A Denial of Service attack (DoS) is the massive sending of requests to a specific service, e.g. a website or an online shop. The aim of the attack is to overload the respective service so that it is no longer available. If the requests are sent from a few senders, one speaks of a DoS attack. However, if the requests come from a large number of senders, e.g. from a Bot network, it is referred to as a Distributed Denial of Service attack (DDoS).

Detectable with

Network Analysis

Dropper is a malicious code that is used to deliver other malicious code. Similar to a Trojan, the user is supposed to be seduced into starting the file. The Dropper can have integrated the actual malicious code (Payload) itself or it downloads it from the Internet in order to execute it afterwards.

Detectable with

File Analysis

Web Analysis

Email Analysis

A very personal variant of Social Engineering is Dumpster Diving. The attacker tries to rummage through his victim’s rubbish. It searches for helpful information such as credit card statements, bank statements and other personal data in order to be able to use them against the person later, e.g. in the event of Spear Phishing.

Detectable with

With software, there are always security weaknesses (Vulnerabilities) that are either discovered by the respective manufacturers or actively sought by attackers. For this, both parties also use automatisms such as AI fuzzing. An exploit is, in turn, malicious code that is used by an attacker to exploit a specific vulnerability and infect a computer. The actually malicious action of an exploit is called the payload and can contain any malware variant. Zero-day exploits are particularly dangerous. These are vulnerabilities that are either completely unknown to the manufacturer or so new that no security patch is available yet. Exploit serves as a generic term and can be further specified depending on the type of infection route.

Detectable with

File Analysis

Web Analysis

Exploit Analysis

Fileless Malware is a term for a special type of malicious code. Compared to many other variants, this one works without the use of malicious files. Instead, registry keys, macros or other existing components are used to execute the malicious code directly in memory. As a result, no file-based evidence of the threat can be found.

Detectable with

Registry Analysis

Script Analysis

Memory Analysis

Behavior Analysis

Govware refers to those variants of malicious code that are officially developed or used by government agencies. Govware is occasionally used on target persons to support law enforcement, e.g. by secret services in the fight against terrorism.

Detectable with

File Analysis

Network Analysis

Exploit Analysis

Behavior Analysis

The term Grayware is used to summarize malicious code that does not cause any direct damage to the computer system. Instead, the actions are limited to the unintentional collection of usage data, as described, for example, for Adware and Spyware. This term can also include other unwanted programs that, although not directly dangerous, can negatively affect the performance of the computer.

Detectable with

File Analysis

Registry Analysis

Web Analysis

Network Analysis

A Hoax is a fake news that is spread via any communication channels such as emails, messengers or social networks. Due to the high level of sensation, such news spread very quickly and in large numbers. The high degree of prevalence is particularly interesting for an attacker in order to spread Malware or to carry out Phishing actions with the help of a Hoax.

Detectable with

Awareness

An Injector is a modification of a Dropper. This is also a malicious code that is supposed to deliver other malicious code (Payload). The difference to a Dropper, however, is that it does not save the Payload on a file basis, but loads it directly into the computer’s memory. This makes it more difficult to find.

Detectable with

File Analysis

Web Analysis

Email Analysis

Memory Analysis

Behavior Analysis

A targeted attack against a company does not always have to come from an external attacker. Dissatisfied or former employees, business partners or other groups of people, who have inside information, can also pose a risk. In these cases, it is referred to as an Insider Threat, because internal knowledge is used against a company. The aim of such an attack ranges from theft to sabotage, whereby it must be noted that it is not always malicious. Even an employee who unintentionally makes a mistake can cause comparable damage to his own company and is also viewed as an Insider Threat.

Detectable with

Behavior Analysis

A Keylogger is a malicious code that is used to record keystrokes. To do this, the code switches between the operating system and the keyboard, records the keystrokes and can also upload the resulting log to the attacker’s server on the Internet. The aim is to get to passwords and other secrets.

Detectable with

File Analysis

Web Analysis

Network Analysis

Email Analysis

Artificial intelligence is only as good as its training. The training data from machine and deep learning algorithms are therefore a potential target. If an attacker succeeds in gaining access to this data, he can manipulate it for his own purposes. This would teach the artificial intelligence something wrong or an exception that he can later exploit. For example, the machine learning algorithm of a security provider could be incorrectly taught to evaluate certain malicious code as benign.

Detectable with

With a Man in the Middle attack (MitM) an attacker tries to follow a data transmission unnoticed. To do this, he positions himself between the sender and receiver in order to spy on or even manipulate the transmissions. Possible methods for this are manipulating the ARP table, setting up a fake WiFi hotspot or a fake DHCP server, manipulating a router or the Host file, as well as DNS cache poisoning.

Detectable with

Network Analysis

Behavior Analysis

Similar to an Injector, Packer refers to malicious code that is used to deliver another malicious code (Payload). A Packer is a self-extracting archive that loads the code directly into the computer’s memory when it is executed.

Detectable with

File Analysis

Memory Analysis

As with Phising, Pharming is about fake emails designed to trick the recipient into revealing sensitive information. The specialty here is a manipulation of the name resolution (DNS), which is carried out beforehand e.g. through the use of Malware. As a result, the recipient sees a correct URL in the email, but when it is accessed, the connection is redirected to a fake website.

Detectable with

Network Analysis

Email Analysis

Behavior Analysis

Awareness

Phishing is a form of spam with the aim of obtaining credentials and other sensitive information from the recipients. For this purpose, the appearance of these e-mails is mimicked that of official authorities, banks and other companies. This is intended to mislead the recipient and comply with the request to reveal his or her data such as passwords and the like. Specially prepared websites are often used for this purpose, with which the impression of legality is to be additionally supported.

Detectable with

Email Analysis

Awareness

Pornware is malicious code that shows the user unwanted pornographic content. The goal is usually to advertise paid porn sites, but it can also be used to install additional malicious code.

Detectable with

File Analysis

Registry Analysis

Web Analysis

Email Analysis

Ransomware is malicious code that automatically encrypts data, making them unusable. Some variants only encrypt local files on your computer, others target central network drives and in some cases the Ransomware automatically spreads to other computers on the network. After successful encryption, the attacker demands money from you in exchange for decrypting the data.

Detectable with

File Analysis

Registry Analysis

Web Analysis

Network Analysis

Email Analysis

Exploit Analysis

Script Analysis

Behavior Analysis

Riskware is software that was not designed as malicious code. However, these are computer programs that offer functions that could cause harm if used by the wrong people or for the wrong reasons. For example, to terminate running processes or to remotely control the computer.

Detectable with

File Analysis

Registry Analysis

Behavior Analysis

Awareness

Rogueware is a term used to describe counterfeit security software. With this malicious code, the user is shown a message about an alleged virus infection and asks money to remove it.

Detectable with

File Analysis

Registry Analysis

Web Analysis

Email Analysis

Exploit Analysis

A Rootkit is a form of malicious code with the task of hiding other malicious code. To do this, it manipulates components of the operating system (e.g. APIs) so that they do not output certain processes and files. In addition to the manipulation of the operating system and camouflage, the real danger is the malicious code hidden by the Rootkit. In many cases these are Backdoors, but many other Malware variants can also be used in this combination.

Detectable with

File Analysis

Rootkit Analysis

Memory Analysis

Behavior Analysis

Similar to Rogueware, Scareware also shows the user fake messages. However, these are not only limited to fake security software, but can also include fake messages from the operating system, government agencies and similar reputable institutions. The goal is to scare the user, to convince him that he has a problem and to ask for money to solve the supposed problem.

Detectable with

File Analysis

Registry Analysis

Web Analysis

Email Analysis

Awareness

A Smart Contract is an intelligent, digital contract based on Blockchain technology between two parties. Compared to conventional contracts, Smart Contracts have the option of defining an automatic mechanism based on occurring events. For example, an automatic payment should be made when specified contractual conditions have been met. As a result, the various service providers have a large number of Smart Contracts that have secured payments and these represent an attractive target. The classic Smart Contract hack exploits weak points in the systems used, initiates the payment and redirects the money to the attacker.

Detectable with

SmiShing uses the same principle as Phising. However, in this case it is not fake emails but SMS messages that are sent. With these, the recipient should in turn be made to reveal sensitive information such as PINs, passwords or access data.

Detectable with

Web Analysis

Awareness

Spam describes e-mails that are delivered without consent and usually with undesired content. So-called Spammers send these messages en masse and thus pursue different goals. Some of these e-mails are harmless and serve advertising purposes. Increasingly, however, Spam is also used to spread Malware or to carry out fraudulent actions by manipulating the recipient.

Detectable with

Email Analysis

Awareness

Spear Phishing is a special form of Phishing. In this case, however, the emails are not sent en masse, but to employees of a selected company. The appearance and content of the fraudulent messages are specially adapted to the respective company in order to offer a particularly credible context. As with Phishing, the aim is to manipulate the recipient in order to induce them to reveal sensitive information.

Detectable with

Email Analysis

Awareness

Spyware is malicious code that, like Adware, collects data from the computer and its users and transmits it to an external server. The data is mostly about activities and interests of the user that are unauthorizedly evaluated for the purpose of better advertising.

Detectable with

File Analysis

Registry Analysis

Web Analysis

Network Analysis

The direct attack on a company is often difficult and costly. That is why attackers sometimes take a detour and do not attack the company itself, but rather its suppliers and partners. With these, the security measures are sometimes less pronounced and, due to the special relationship of trust with the actual company, represent an attractive attack path. Classic methods of a Supply Chain Attack are manipulation of hardware and software that are to be delivered and in which, for example, Backdoors or other malicious functions are hidden. Official senders from well-known suppliers are also ideal in terms of Social Engineering.

Detectable with

File Analysis

Network Analysis

Behavior Analysis

Awareness

A Trojan (Trojan horse) gives the impression of a legitimate file, but it contains malicious code. When the file is started, the malicious code it contains is also executed, which in turn can install a form of Malware. As a result, deleting the Trojan has no effect on the code that has already been started. Trojans also serve as a generic term and can be specified in more detail depending on the objective and the malicious code it contains.

Detectable with

File Analysis

Registry Analysis

Web Analysis

Email Analysis

Behavior Analysis

USB Drop’s tactics target people’s curiosity. For this purpose, USB sticks are prepared and placed “randomly”. Whether in the elevator, in the stairwell, on the street or distributed as a free giveaway in front of the company building, there are many possibilities. If curiosity wins and an employee connects the found USB stick to his computer, it can unfold its harmful effect. This method can be used to distribute malware in a targeted manner and to launch an APT attack.

Detectable with

File Analysis

Behavior Analysis

Awareness

The peculiarity of a Virus is its own reproducibility. The malicious code automatically propagates in other files, the memory, the boot sector and other areas. The goals of the code can vary, but are mostly designed to destroy. The term Virus serves as a generic term and can be further specified depending on the objective, reproductive function and other properties.

Detectable with

File Analysis

Registry Analysis

Script Analysis

Vishing stands for “Voice Phishing” and is the telephone form of Phishing. The attacker calls people either indiscriminately or specifically, often in automatic form, pretends to be an official authority, bank or company and tries to obtain interesting information by talking to them. Sometimes prepared emails are sent beforehand and the recipient is made to open the dangerous email attachment or visit the prepared website during the phone call. Phone numbers can also be integrated into Phishing emails so that the recipient actively call the number.

Detectable with

Awareness

A Watering Hole Attack relies on fortune The attacker observes which websites are often visited by employees of a certain company. These websites are then specifically infected. If an employee of the specified company then visits the website (recognizable e.g. via the IP address), his computer is supplied with the intended malicious code. With this method, Malware can be distributed to a specific group of people and an APT attack can be started.

Detectable with

Web Analysis

Wiper is a type of malicious code whose aim is to format the local hard drive of the infected computer. This form of malware can also occur in combination with other malicious code variants and may delete only specific files instead of the entire hard disk.

Detectable with

File Analysis

Web Analysis

Network Analysis

Similar to a virus, a Worm is able to spread by itself. The difference is that a Worm tries to actively spread itself via the network or removable media or to send itself via email. The Worm does not need a host file for this and no further actions by the user after the code has been started. The aim of this malicious code can be manipulation of data and the operating system, up to and including complete takeover of computer control. The term Worm serves as a generic term and, depending on how it is spread, can be classified in more detail.

Detectable with

File Analysis

Network Analysis

Email Analysis

YOUR ATTACK SURFACE FOR CYBER THREATS

Cyber threats come in many different forms, but how do you become a victim? That depends on the so-called attack surface that you offer. This describes the possible ways in which you can be attacked. It depends on many factors: Are you a company or a private person? What applications do you use? Which networks are you connected to? What is your typical user behavior? What security measures are in place already? Depending on these and similar questions, there is an individual attack surface for everyone, which you should be aware of. This is also the first step for your own cybersecurity. Below, we’ll show you the most common ways cyber threats can haunt you.

Cyber threats come in many different forms, but how do you become a victim? That depends on the so-called attack surface that you offer. This describes the possible ways in which you can be attacked. It depends on many factors: Are you a company or a private person? What applications do you use? Which networks are you connected to? What is your typical user behavior? What security measures are in place already? Depending on these and similar questions, there is an individual attack surface for everyone, which you should be aware of. This is also the first step for your own cybersecurity. Below, we’ll show you the most common ways cyber threats can haunt you.

E-MAIL

The receipt of emails is one of the largest gateways for cyber threats. Whether for the direct delivery of Malware or for the practice of Social Engineering, the attacker has many options with this communication channel to achieve his goals. In the case of a company, the danger comes not only from the company’s own email communication, but also from the employees who check their private emails using company devices.

Cyber Threat Attack Surface

WEB

Surfing the Internet is one of the most frequent activities of a user, both professionally and privately, and is at the same time another major gateway for cyber threats. Visiting a website, either directly or indirectly, can consciously or unconsciously result in the transmission of Malware (e.g. drive-by downloads) or induce the user to disclose sensitive information (e.g. fake website). In general, these network protocols enable a wide range of data transmissions, which in various forms can lead to security incidents.

NETWORK

In the course of technical progress, the networking of computers, devices and companies is of great importance. A large number of different network protocols are used, not just web and email, which attackers can misuse for their own purposes. The problem here is unwanted network communication that is mostly invisible to the user and that takes place in and out and can result in a wide variety of cyber threats.

USER

The computer user himself represents a security risk. This is based on conscious or unconscious actions to which he is authorized. This also includes all facilities that are made available to a user, e.g. access data that can be used and manipulated by attackers in order to carry out malicious actions.

DEVICES

Connecting and using external devices on a computer can be another gateway for cyber threats. A distinction is made between removable media and plug & play devices. Removable storage media, e.g. USB sticks, enable direct data exchange, which can transfer Malware. Plug & Play devices, e.g. USB printers, smartphones, etc., can be manipulated devices that are disguised as promotional gifts, for example, and when connected open backdoors or perform similar harmful functions.

ADDITIONAL INFORMATION

Collective Defence in Cybersecurity
Agile Cybersecurity Operation
Collaborative Security Solutions

COLLECTIVE CYBER DEFENCE

The evolution of cyber threats creates a threat landscape that is steadily increasing in size, complexity and diversity. It has thus become impossible for a single security company to identify and prevent all global threats in good time. One of the main tasks of the association is therefore the technical cooperation of security providers to enable a collective cyber defence. Find out here how the interaction of independent security technologies can help you with cybersecurity.

AGILE CYBERSECURITY OPERATION

Not only cyber threats, but also the protective measures to be taken pose ever greater challenges for companies. From planning to implementation to ongoing operations, cybersecurity became a complex issue. Tabidus Technology therefore offers the use of security companies in an agile form. Find out here how the new way of dealing with security technologies works, how you can enforce your strategic decisions on click and how that simplifies operations.

COLLABORATIVE SECURITY SOLUTIONS

Collaborative security solutions are the new way to protect against cyber threats. They allow the flexible activation and combination of security companies on click, within a joint security product. This operating mode provides a new way of dealing with security technologies and new perspectives for designing cyber defence. Get to know the first collaborative systems and convince yourself of their efficiency.

Read more

Read more

Explore Products

Go to Top