Understanding Cyber Threats and Their Impact

According to the National Institute of Standards and Technology (NIST), a cyber threat is any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the country through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

In other words, a cyber threat is when bad actors attempt to use technology to do bad things.

The 5 most common types of cyber threats are malware, social engineering, man-in-the-middle (MitM) attacks, denial-of-service (DoS) attacks, and Internet of Things (IoT) attacks.

Malware

Malicious software, commonly known as malware, refers to any intrusive software developed to steal data and damage or destroy computers and computer systems. Examples of common malware include viruses, worms, Trojans, spyware, adware, and ransomware. Malware breaches a network through a vulnerability, typically when a user clicks a dangerous link or email attachment that then installs risky software. Once inside the system, malware can wreak havoc by:

• Disrupting, corrupting, or blocking access to key network components, sometimes demanding a ransom in exchange for restoring access (ransomware)

• Installing malware or additional harmful software

• Stealing data like passwords, sensitive documents, and private communications (spyware)

• Destroying computer systems and damaging network infrastructure

• Hijacking system resources to run botnets, cryptomining programs (cryptojacking), or send spam emails

Social Engineering

Social engineering accounts for about 98% of all cyberattacks. It is all about the psychology of persuasion. In a typical social engineering attack, bad actors impersonate a trusted individual or organization in an attempt to gain the trust of targets. The goal is to get the targets to lower their guard, and then trick them into taking unsafe actions such as divulging personal information, clicking on nefarious web links, or opening malicious attachments.

Social engineering attacks generally occur by establishing trusted communication between attackers and victims. The attacker prompts and motivates the target into compromising sensitive information, rather than explicitly employing a brute force attack for breaching the target’s data. Attackers accomplish this using the social engineering life cycle, a simple 4-step process that malicious actors use to easily deceive the target.

Step 1. Investigation: The attacker conducts research to collect information about the target, including the target’s name, personal details, and background information. This is usually not sensitive information. Instead, it is public information that will be used to select how to approach the target. Attackers often use social media, telephone calls, email, text messages, the dark web, and any other publicly available sources to conduct their investigation.​

Step 2. Hook: The attacker pretends to be a trusted contact or authority and engages the target with a false story that would be convincing, based on the information collected in the first step. The goal of the attacker here is to gain the target’s trust.

Step 3. Play: The attacker persuades the target to provide sensitive information such as account credentials or payment account details. This persuasion is often subtle, involving a link, an attachment, a website, or even a social media quiz. ​

Step 4. Exit: The attacker stops communicating with the target, attempts to cover their tracks, and disappears. The goal is to avoid any detection or suspicion.

​Phishing is the most common type of cyberattack. It leverages email, phone (vishing), SMS (smishing), social media or other form of personal communication to entice users to click a malicious link, download infected files, or reveal personal information, such as passwords, account numbers, credit card info, or login credentials. Phishing attacks are so effective because they typically look like they are from a legitimate source.

Because social engineering attacks rely on human error, there are simple ways to protect against them:

• Don’t click email links: If an email sender claims to be from an official business, don’t click the link and authenticate. Instead, type the official domain into the browser.

• Beware of strange behavior from friends: Attackers use stolen accounts to trick users, so be suspicious if a friend sends an email with a link to a website with little other communication, or if they ask you to do something that is uncharacteristic of your relationship (like send money or account info). If you are unsure of a sender’s validity, call them and get verbal confirmation that the communication is legitimate.

• Don’t download files: If an email requests to urgently download files, ignore the request or ask for assistance to ensure that the request is legitimate.

• Check the validity of the source. Pay close attention to the email header and check that it matches with previous emails from the same sender. Look out for spelling and grammar mistakes, as this is a common sign of a scam.

• Only access URLs that begin with HTTPS. Using links that feature secure browsing minimizes the likelihood that you are accessing a malicious or spoofed webpage.

• Never share your personal information, including account numbers, passwords, or credit card details.

According to the Federal Bureau of Investigations, social engineering costs organizations $1.6 billion globally, with organizations paying an average of $11.7 million annually for cybersecurity crimes.

MitM attacks

In an MitM attack, a cybercriminal exploits weak web-based protocols to insert themselves between entities in a communication channel either to eavesdrop or to impersonate one of the parties. The goal of an an MitM attack is to steal sensitive data, such as login credentials, account details and credit card numbers. Typically, MitM attacks are carried out silently, without the victims ever noticing that they were compromised. These attacks may be in the form of a bot generating believable text messages, impersonating a person's voice on a call, or spoofing an entire communications system to scrape data the attacker thinks is important from targets' devices. Targets are typically the users of financial applications, SaaS businesses, e-commerce sites and other websites where logging in is required. Information obtained during an attack could be used for many purposes, including identity theft, unapproved fund transfers, or an illicit password change.

Enterprises face increased risks due to business mobility, remote workers, IoT device vulnerability, increased mobile device use, and the danger of using unsecured Wi-Fi connections. Cybercrime Magazine, reported $6 trillion in damage caused by cybercrime in 2021, a figure that is expected to reach $10 trillion annually by 2025.

DoS attacks

A DoS attack occurs when a malicious actor floods a targeted device or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users. Services affected may include email, websites, online accounts (e.g., banking), or other services that rely on the affected computer or network.

A distributed DoS (DDoS) attack occurs when multiple machines work together to attack a single target. These large-scale attacks are typically carried out using a botnet — a group of hijacked internet-connected devices. Attackers take advantage of security vulnerabilities or device weaknesses to control numerous devices using command and control software. Once in control, an attacker can command their botnet to conduct DDoS on a target. In this case, the infected devices are also victims of the attack. Botnets are particularly destructive because they allow for exponentially more requests to be sent to the target, therefore increasing the attack power. It also makes it harder to distinguish attacker traffic from legitimate traffic, which makes it more difficult to analyze, defend, and recover from the attack. Botnets are also rented out to other attackers, often made available to “attack-for-hire” services, which allow unskilled users to launch DDoS attacks.

are often rented out to other potential attackers.

DoS attacks can cost an organization both time and money while their resources and services are inaccessible. For an organization, an unavailable public-facing website can have a significant impact on an organization’s productivity if it affects business-critical functions. This could include loss of sales, or employees unable to work. This is the case even if an attack is temporary, with no effect on data confidentiality or integrity. The overall impact depends on what is targeted, how long the attack lasts and the effectiveness of your organizational response plan.

IoT attacks

IoT refers to a network of physical devices, vehicles, appliances, and other physical objects that are embedded with sensors, software, and network connectivity, allowing them to collect and share data and perform various tasks autonomously. IoT devices can range from simple “smart home” devices like smart thermostats, to wearables like smartwatches and RFID-enabled clothing, to complex industrial machinery and transportation systems. IoT enables these smart devices to communicate with each other and with other internet-enabled devices.

IoT devices often use default passwords and do not have sound security postures, making them vulnerable to compromise and exploitation. Infection of IoT devices often goes unnoticed by users, and an attacker could easily compromise hundreds of thousands of these devices to conduct a high-scale attack without the device owners’ knowledge.

IoT devices are vulnerable largely because these devices lack the necessary built-in security to counter threats. Aside from the technical aspects, users also contribute to the devices’ vulnerability to threats. Here are some of the reasons these smart devices remain vulnerable:

• Limited computational abilities and hardware limitations. These devices have specific functions that warrant only limited computational abilities, leaving little room for robust security mechanisms and data protection.

• Heterogeneous transmission technology. Devices often use a variety of transmission technology. This can make it difficult to establish standard protection methods and protocols.

• Components of the device are vulnerable. Vulnerable basic components affect millions of deployed smart devices.

• Users lacking security awareness. Lack of user security awareness could expose smart devices to vulnerabilities and attack openings. Users often can’t or don’t change their devices’ weak, guessable, and sometimes hardcoded passwords.

Attacks on IoT devices can have a severe impact on their users. Threat actors can use vulnerable devices for lateral movement, allowing them to reach critical targets. Attackers can also use vulnerabilities to target devices themselves, creating botnets and weaponizing them for larger campaigns or using them to spread malware to the network.

From a business perspective, IoT devices further blur the distinction between the necessary security of businesses and homes, especially in work-from-home scenarios. Introducing IoT devices to the household can open new entry points in an environment that might have weak security, exposing employees to malware and attacks that could slip into a company’s network. It’s a significant consideration when allowing employees to use their own devices and when allowing for work-from-home arrangements.

The potential for unpredictable cascading effects of vulnerabilities and poor security in the IoT greatly affects the overall security of the internet. Ensuring that these devices are secure is a shared responsibility. IoT device manufacturers need to address known vulnerabilities in succeeding products, release patches for existing ones, and report the end of support for older products. IoT device manufacturers also need to consider security right from the design phase, then conduct penetration tests to ensure that there are no unforeseen openings for a system and device in production. Users must also gain a better comprehension of the security risks that come with connecting these devices and their role in securing them. Proactive actions such as changing default passwords, updating firmware, and choosing secure settings can mitigate the risks.

Case Studies

A successful cyber attack can have cause widespread devastation, which can have lingering effects long after the threat has been contained. Here are some examples:

• The Melissa Virus (1999)
  In 1999, a programmer named David Lee Smith hijacked an America Online (AOL) account and used it to post a file on an Internet newsgroup named “alt.sex.” The posting promised dozens of free passwords to fee-based websites with adult content. When users took the bait, downloading the document and then opening it with Microsoft Word, the Melissa virus was unleashed on their computers. It started by taking over victims’ Microsoft Word program. It then used a macro to hijack their Microsoft Outlook email system and send messages to the first 50 addresses in their mailing lists. Those messages, in turn, tempted recipients to open a virus-laden attachment by giving it such names as “sexxxy.jpg” or “naked wife” or by deceitfully asserting, “Here is the document you requested ... don’t show anyone else ;-).” With the help of some devious social engineering, the virus operated like a sinister, automated chain letter. It began spreading like wildfire across the Internet. The Melissa virus wreaked havoc on email servers at more than 300 corporations and government agencies worldwide. The email servers became overloaded, and some had to be shut down entirely, including at Microsoft. Approximately one million email accounts were disrupted, and Internet traffic in some locations slowed to a crawl.
  
  While the Melissa virus did lead to enhancements in online security, it also served as inspiration for a wave of even more costly and potent cyberattacks to come.

• Yahoo Data Breach (2014)
  The Yahoo data breach began with a spear-phishing email sent in early 2014 to a Yahoo company employee. It’s unclear how many employees were targeted and how many emails were sent, but it only takes one person to take the bait. Once an employee clicked the link, he unwittingly granted Russian hackers entry into the Yahoo network. The hackers quickly accessed Yahoo’s user database and the Account Management Tool used to edit the database. The database contained names, phone numbers, password challenge questions and answers and, crucially, password recovery emails and a cryptographic value unique to each account. The hackers used this information to target and gain free access to the email accounts of certain users requested by Russian spies.
  
  All 3 billion Yahoo user accounts were compromised, and the Russian spies were granted access to approximately 6,500 targeted accounts. In addition to millions of dollars in remediation expenses, the data breach devalued Yahoo by $1 billion.

• Google and Facebook Spear Phishing Scam (2015)

  The biggest social engineering attack to date was perpetrated against two of the world’s biggest companies: Google and Facebook. A foreign national and his team set up a fake company, pretending to be a computer manufacturer that worked with Google and Facebook. They also set up bank accounts in the company’s name. The scammers then sent phishing emails to specific Google and Facebook employees, invoicing them for goods and services that the manufacturer had genuinely provided — but directing them to deposit money into their fraudulent accounts.
  
  Between 2013 and 2015, the scammers took $98 million from Facebook and $23 million from Google.

• The Mirai Botnet Attack (2016)
  The Mirai botnet attack of 2016 was a massive cyber-attack that affected millions of devices connected to the IoT. The attack was carried out by a malware called Mirai, which was initially created by 3 teens for the purpose knocking rival Minecraft servers offline. Mirai targeted vulnerable IoT devices and turned them into bots that could be used for DDoS attacks. After Mirai’s first large-scale attack, one of the botnet authors released the source code on a popular hacker forum, most likely to obfuscate their identity and avoid being arrested for the attack. Soon after the source code was released, other hackers began using Mirai for their own malicious purposes and the attacks could no longer be tied back to a single user or group. The number of DDoS attacks multiplied, and hackers began adding new and more destructive components, drastically increasing both the number of infections and the speed at which Mirai spread.
  
  The Mirai botnet attack disrupted access to major websites, causing inconvenience to millions of users and causing significant economic loss to businesses that rely on online services. It also damaged the reputation of the affected businesses and raised concerns about their ability to protect customer data. The attack raised serious concerns about the security of IoT devices and critical infrastructure and the potential impact of cyberattacks on public safety.

• Tesla MitM Attack (2023)
  In early 2023, a group of researchers published a paper entitled “Access Your Tesla without Your Awareness: Compromising Keyless Entry System of Model 3”. In the paper, researchers described how they were able to successfully launch an MitM attack on Tesla Model 3 vehicles. The researchers performed a detailed security analysis of Tesla Key Cards and Phone Keys. By reverse engineering the mobile application and sniffing the communication data, they were able to reestablish Bluetooth pairing and authentication protocols that allowed an unofficial Key Card to work as an official one. The researchers demonstrated that they could break into a Tesla Model 3 and drive it away without the car owner’s knowledge.
  
  While this attack was done as part of a research project and was not used for nefarious purposes, it is important to note the potentially devastating impact of this attack if used by bad actors .