Cyberthreats

Malware, social engineering espionage and combined techniques.

Security threats come from hackers or teams of them that often use software that automate the production of attacks that become massive.

Hackers and parastatal organisations act via three principal angles: the expert management of harmful applications, known as malware; the use of social engineering techniques and the mass-operation of combined techniques that include the two aforementioned or even applying techniques of conventional espionage.

To explain it simply, here are the types of the most well known cyber attacks and cybernetic threats:

Access to Security Cameras

Intrusions in installations of corporate or domestic security cameras which are remotely controlled by the internet. There have been cases of places on the internet when images are released without the owners’ knowledge.

Access to mobile devices

Communication and content breaches of mobile phones including photographs and emails.

Password attacks

Attacks based on programs capable of deciphering passwords in order to enter a user’s applications.

Passive Attack

A cyber attack committed by a hostile agent whose objective is to use a system’s information, but without wishing to alter its operation. If this is not detected, the user is unaware that he/she is being spied upon.

Advanced Persistent Attack

Massive orchestrated attacks such as a cyber attack planned and executed by major criminal entities, parastatal or with state support. Combining advanced cyber knowledge and language, open source intelligence, with conventional espionage techniques. They tend to respond to informational needs within countries conventional intelligence plans. Their sophistication is greater where there is a higher informative interest: industry, pharmacy, biotechnology, governmental, weapons systems.

Cyber weapons

Secret state development software theoretically capable of destroying or disabling complex weapons or infrastructure systems.

Bogus emails or spoofs

Spam, phishing. This is based on mass-mailing of emails to users, a percentage of which can believe in its veracity. The most sophisticated impersonate the identity of organisations or people of trust in order to gain unauthorised access to personal details, bank account details.

Denial of Service Attacks (DOS)

Massive orchestrated attacks from numerous infected computers (in many cases without the owner’s knowledge) that saturate web services with massive requests.

Unintentional downloads

These are generally produced through visiting websites or opening emails with self-running programs.

Breach of IP voice Systems

Breaches or abuse of configuration with the end result of calling various phone numbers which incur high rates which assume costs for the organisation.

Wifi Breach

Activating free wifi spots or breaching through decrypting routers passwords. This is a very effective type of attack.

SQL Injection

Introducing malicious code exploiting programming vulnerabilities which introduce an invasive SQL code (malware) with a specific hostile aim. This fundamentally affects databases and servers.

Keyloggers

Penetration of spy software (or hardware) which has the capacity to register everything that a user keys, including passwords.

Malvertising

False, infected advertisements which download malicious code or capture information when a user pushes a button or activates an action. On some occasions these malicious advertisements that are sent are almost perfect replicas of websites of the most popular brands.

Malvertising

Macro Virus

This is a type of malicious code which attaches itself to documents and uses macro-programming capacities of the actual document to run, replicate or to automatically spread.

Man in the Middle

Double identity theft which consists of intermediating between a client and an organisation (banking) to carry out unauthorised operations. It generally does so with a client’s email and a trusted person within the company.

False web pages

Electronic business web pages with very competitive prices designed to cheat buyers. They may also be web pages with downloads containing infected programs.

Infected programs

Programs to download or patches with the appearance of being legitimate, but are actually infected.

Infected Security Programs

Free downloads of security programs such as antiviruses and firewalls that are actually infected and that facilitate the invasion of hostile agents.

Ransomware

System attack and penetration to obtain the encryption of information from an organisation, to later request recovery/assistance to decrypt it. It can be extremely harmful for the operation and interests of the organisation.

Personal Details Sniffer

Automated web tracking systems to obtain email addresses, phone numbers or interesting data for mass use at a later date.

Social Network Tracker

Automated web tracking systems of information and photographs of social network users for fraudulent purposes. There are also automated programs that enter personal accounts and use them for malicious purposes.

Rootkits

A very sophisticated kind of attack in which a series of malicious software tools obtains access to an operating system. It is designed to hide in plain sight and maintain access without being detected.

Identity theft/impersonation

Spoofing. It simulates the identity of an email sender to gain access to a system. If it is combined with social engineering it can be very effective at obtaining information from a receptor without being noticed.

Web page Impersonation

Malicious replicas of web pages of well-known brands that manage to obtain information or cheat users.

Viruses, Trojans and Worms

Malware programs, sometimes those which appear legitimate, that infect computer equipment to perform operations inside the system and the networks.

Zero Day Exploits

Attacks which benefit from weaknesses discovered in programs that are used frequently, sometimes those which are outdated. They are called “zero day” because the fast elimination of this vulnerability (patch) is required in the shortest possible time.

Cyberthreats

RedTeam CyberWarFare

Latest news from ENISA

Cyberthreats

RedTeam CyberWarFare

Latest news from ENISA

Uso de cookies