Guide to Cyber Threats

Cyberthreat Landscape

Of late, there have been many changes in the cyber-threat landscape. Motives and tactics of cyber criminals have included monetization as a motive (crypto-jacking) and state-sponsored activities appear to have shifted to low profile social engineering attacks.   Mail and phishing messages have become the primary malware infection vector. State-sponsored agents increasingly target banks by using attack-vectors utilised in cyber-crime. The emergence of Internet of Things (IoT) environments will remain a concern due to missing protection mechanisms in low-end IoT devices and services. The need for generic IoT protection architectures/good practices will remain pressing.

Below you will find a general description for most threats out there. Bear in mind the potential for internal (i.e. human) factors becoming your biggest threat.


‘Malware’ (‘malicious software’) – the general term covering threats such as viruses, spyware, worms and trojans. These attackers have various nefarious motives – including demanding a ransom, while others more recently, to get your employees to mine cryptocurrency. As defences strengthen, attackers up their game. File-less attacks are emerging – these obviate the need for placing malicious executables on the file system. Mobile malware is also on the increase. Think of mobile banking and the potential for harm there.


Ransomware attacks have been committed against a vast variety of organisations every year by financially motivated attackers for more than a decade. The ransomware attacker gains ownership of files and/or various devices and blocks the real owner from accessing them. To return the ownership the attacker demands a ransom in cryptocurrency.


Spam is the abusive use of email and messaging technologies to flood users with unsolicited messages. Spam dates back to the beginning of the Internet and is mainly distributed by large spam botnets. Although it is continuously reducing in volume, spam is still one of the major attack vectors observed in the wild. During the last years spam has evolved, (i.e. spam via social media and messengers) and it is assessed that it will continue to be used. Spam is regarded a threat because of its low cost to send messages while it is time consuming and costly for spam recipients and service providers in terms of network bandwidth and storage.

Denial-of-Service (DoS)

A denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.


A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allows the attacker to access the device and its connection.

Man-in-the-Middle (MitM)

A hacker inserts itself between two places such as a Wi-Fi network and a victim’s PC and gains access without the victim knowing. Information can then be stolen or malicious software can be installed to carry out a malware attack.


Phishing is the practice of disguising message sources and content as being authentic, luring the recipient to ‘take the bait’. More specifically, phishers try to lure the recipients of phishing emails and messages to open a malicious attachment, click on an unsafe URL, hand over their credentials via legitimate looking phishing pages, wire money, etc.

Drive-by Download

A common method of spreading malware as cybercriminals look for insecure web sites to plant a malicious script into HTTP or PHP code on one of the pages. This script may install malware directly onto the computer of someone who visits the site, or it may take the form of an IFRAME that re-directs the victim to a site controlled by the cybercriminals.

Wi-Fi Eavesdropping

When a user is connected to a public Wi-Fi network, hackers can intercept communication and steal usernames, passwords and other unencrypted confidential information sent while connected to the Wi-Fi network. A trusted VPN service should be used when connecting to public Wi-Fi networks.


A hacker loads malicious code onto an e-commerce site and steals credit card details from the checkout pages. Small to mid-sized retailers are usually their biggest targets, although Ticketmaster and British Airways were also compromised in this manner.


A hacker hears about a network, app or system insecurity and exploits it before a patch or update has been issued.

SQL Injection

Is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker)

Cross-site Scripting (XSS)

A type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

Brute Force

A hacker uses trial-and-error to guess a username or password, trying repeatedly with various combinations until eventually gaining access. This is an old attack method that’s surprisingly effective and still popular with hackers.

Malicious URL’s

URL’s created with malicious purposes, among them, to download any type of malware to the affected systems, which can be contained in spam or phishing messages, or even improve its position in search engines using Blackhat SEO techniques.


A malware attack in which the attacker observes the websites often visited by a victim or a particular group and infects those sites with malware.

Content Management System (CMS) Compromise.

This type of compromise usually refers to plugins and functionalities on vulnerable systems. Vulnerabilities that are subsequently exploited to deliver malicious content/malware to the victim directly or indirectly by redirecting the victim to malicious content.

Orphan routes and APIs representing security blind spots.

‘Dead code’, also known as orphan routes/APIs are deprecated or abandoned parts of (web) applications with zero business purpose or value, in other words: “blind spots”. Thus, the increase in usage of APIs and the business interconnectivity concepts affects the attack surface (cause by blind spots) to rise exponentially.

Insider Threat

The insider threat may exist within every company or organisation. Any current or former employee, partner or contractor that has or used to have access to the organisation’s digital assets, may intentionally or unintentionally abuse this access. The three most common types of insider threats are the - malicious insider - who acts intentionally - the negligent insider - who is just sloppy or does not comply with the policies and security instructions and the - compromised insider - who acts unintentionally as the means for the true attacker. All these three types of insider threats must be studied in depth, as the acknowledgement of their existence and their modus operandi should define the organisation’s strategy for security and data protection.

Information Leakage

Information leakage is one of the significant cyberthreats covering a wide variety of compromised information, from personal data collected by internet enterprises and online services to business data stored in IT infrastructures. A recent report illustrates that unintended disclosure is the profound reason for information leakage in 2018. The most reported reasons for information leakage are hacking and malware, however, device losses still count for 50% of all breaches. Human error is the most crucial factor for data disclosure.

Identity Theft

Identity theft is the fraud committed from the theft of personal information strengthened by the massive digitisation of people’s personal data which most of the times, include information related to their legal and civil substance. Nowadays, bank accounts, home addresses, accounting records, health records and a slew of other personal information stored in own devices or organisation’s/companies’ databases and, they are, thus, vulnerable to cybercriminal activity.

The content herein is provided for your convenience and does not constitute legal advice.

Compliance Technology Solutions B.V. 2018

Russell is the author of this solution article.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.