Common Cyber Security Threats You Must Know

Last updated on March 4, 2021

As the masses bask in an array of convenience, cyber security threats are abound. In 2021, there’s no excuse for not knowing basic security. On the other hand, there are those, that refuse to take precautions.

Many baby boomers for instance firmly believe there are simply no alternatives to mainstream technologies. Others are too busy staring at mindless social media screens. We are in the age of information warfare. Class warfare; encroaching on societal collapse. Technological knowledge is perhaps more important than any other area. Below is a list of cyber security threats to be aware of.

These are however for educational purposes only. I am by no means responsible for the illicit use of this information.

Common Cyber Security Threats

Dictionary Attack

Dictionary attacks are common among cyber security threats. They use millions of likely possibilities found in dictionaries. They’re popular and successful because of commonly used, ordinary words. Adding special characters or punctuation will make you less vulnerable.

DNS Spoofing

DNS is the domain name that’s converted to an IP address. These cyber security threats modify the aforementioned. These are changed so users are redirected upon visiting a URL. A cybercriminal may use DNS spoofing to send all website traffic to another site. The spread of malware may be the goal at hand. Or perhaps, capturing personal information.

Email redirection falls under DNS spoofing too. Therefore, all the emails sent to one address would go elsewhere. DNS spoofing is clearly problematic for site owners/users. Keep an eye out for this by looking at the URL. Check for https/green lock icons in the search bar. Or variations.

Evil Twin

An illegitimate Wi-Fi point set up to eavesdrop on users’ communication. Akin to phishing, it’s not what seems to be. Objectives are to steal login credentials or by phishing in itself. Also known as a Waterhole Attack. They’re fraudulent Wi-Fi access points.

Keylogger Cyber Security Threat

Basic software that does what you think—records every key stroke. Adobe tries to do this. Yes, Adobe— the makers of Photoshop. Blue chip companies are beginning to do this for additional data collection. iOS will catch this and present a warning pop-up. Windows may not. Tails and Qubes will shoot it down immediately. Regardless, key loggers are the reason financial institutions present users with virtual keyboards. Key loggers have been known to exist in USB drives. Are your USBs made in China?

Denial of Service

Owners of high traffic sites may become targets of nefarious cyber security threats. If users are unable to access your site during traffic spikes, a denial of service may be in progress. Cybercriminals overload a site with requests. Making it impossible for anyone to get through.

Bait and Switch

This occurs in paid advertising. It’s a common method of luring victims to one of several attack types. Upon clicking the advert, malware is immediately installed. Perhaps ransomware. Or they’re lured into a phishing scam.

Cookie Theft

Occurs when a hacker gains access to a third parties cookies. Upon which, they can authenticate themselves as the owner of the stolen cookies. This enables hackers to access accounts without login credentials.

Clickjacking

Occurs when a link to download/view something is hidden or changed. If a user’s on a page, then prompted to do something else. This, something else, link is tampered with.

Man in the Middle

Among the creepiest of cyber security threats. Takes place when communication between two or more people is intercepted. I’m communicating with you. A criminal speaks on your behalf without your knowledge. Maybe they take over the customer chat session. I’m led to believe their response is your response. This could be carried out on an unencrypted wireless network.

Brute Force Attack

Brute force attacks are vicious cyber security threats. They bombard networks with passwords looking for a potential match. Thousands of words and phrases are searched. Trying each one systematically. This type of attack may be used as a last resort. Password length and complexity play big roles here.

Prevent WiFi Cyber Security Threats

Wireless networks open the door to an array of cyber security threats. They’re typically comprised of one internet access point—the router. A breach can occur due to poor client/router configuration or poor encryption.

Due to the simplicity of the setup, security is either bypassed entirely or inadequate. Routers using default credentials possess low security.

In the case of a network attack, the attacker can see pages you’ve visited. They can see links you’ve clicked and everything you’ve posted. Streams of data can be captured. Basic steps to avoid attacks entail:

• Only visiting https sites
• Privatize file sharing
• Use different passwords
• Use a VPN
• Virus protection
• Or use a system scan like Bitdefender
• Log out when finished

Tools Used

Kali Linux is a suite of testing programs. All of which can be used from a CD, USB, or virtual machine. Making them discreet and flexible. These programs are used by dignified security specialists. They’re also used for an array of cyber security threats. These programs may be used for exploiting networks and apps, network discovery, and IP address scanning.

Aircrack-ng is one such program. Users have access to a WiFi scanner that shows networks by strength. They also provide in depth information on such networks. Scanning is usually untraceable.

A packet sniffer is a program that intercepts and logs traffic. Packets are pieces of data that travel from one location to the next. Think back to Charlie and the Chocolate Factory when the cowboy kid jumps on the platform. He’s zapped into millions of tiny particles, then reassembled upon delivery. This is what happens on the web. Those particles are packets. Packet sniffers capture data packets.

John the Ripper is another resource for cyber security threats. Carrying a robust password cracking engine, it’s among the most popular. And it’s free too. It offers an impressive dictionary attack mode. It can cycle through text files or previously cracked passwords. Or calculate variations of words. The brute force mode is a powerful and flexible system. It uses algorithms that can run for long periods.

Kismet offers packet sniffing and intrusion detection. Intrusion detection monitors networks for malicious activity. It can also be configured to look for policy infringements. It detects and maps routers with their devices. It seems to save data packets in a unique format. Perhaps encrypting them from potential attacks. Less of a cyber security threats resource. More-so for WiFi monitoring.

Cyber Security Threats via Machine Learning

Automation, aka machine learning, is software that evolves from data. It’s on its way to cornering the security market. Automated systems will soon analyze networks and traffic.

Criminals can use the same technologies to extract user data from social media platforms. It could learn to finding vulnerabilities in other software. AI could very well create its own forms of malware. And launch these cyber security threats from moving targets.

Bluetooth

Cyber security threats can take advantage of lingering bluetooth connections. Tampering with bluetooth differs from other forms. Hackers need to be within 30 feet. In turn, key-logger software can be installed.

Bluebugging is a type of bluetooth attack where the criminal creates a false connection emulating the real one. Upon which the device is sabotaged. Bluesnarfing is a method of taking control of a device. Data is then dowloaded. Bluejacking is when a device is taken over to send and receive data.

Cyber Security Threats via SQL Injection

SQL is an utterly basic language used in databases. It’s near English speak can say things like, select this table. Or, give me everything on the name John Doe. SQL Injection is illegal to use without written approval from the website owner.

Injection is a common flaw when sending values to a database. Someone with SQL knowledge can extract confidential records.

Instead of querying a database for content, criminals can ask for login credentials. This can be done through entry forms like questionnaires or directly at the login page.

Unless your site has monitoring or a daily scan, the threat will go unnoticed. Website platforms sometimes discover vulnerabilities and patch them right away. This is why updates should be done regularly.

Vehicle and Drone Cyber Security Threats

Systems like On Star utilize a cell phone number. The same number can be used to take over vehicle functionality. Hackers can gain access to a vehicles command center, rewriting software. Wipers can be turned on remotely. Radios can be tuned to a channel you’ve never visited. Gas and break pedals can even be tinkered with.

Auto manufacturers duplicate key codes embedded in modern key fobs. There’s been cases of people driving through parking lots being able to randomly open other vehicles. Without sign of break in, insurance companies step aside. Key fob manipulation is done through freely available software.

Hacking drones is done by software that takes over other drones. Once attacked, it can be landed, crashed, infected, or stolen. This gives the odious pilot full control over an attacked drone. The software bumps the intended user from their network, entirely disconnecting them. Hacking pilots are able to search a network for existing drones, similar to WiFi signals. The target is then de-authenticated. Enabling protections from the get-go can deflect an attacker.

Cyber Security Threats via JavaScript

JavaScript is an extremely powerful language. I use it daily. It’s probably the most ubiquitous language on the web. It can also be used to steal or leak information.

One of the most sneaky uses of JavaScript is cross-site scripting (XSS). Simply put, XSS is a vulnerability that allows hackers to embed malicious JavaScript code into a legitimate website, which is ultimately executed in the users browser.

If this happens on a website that handles sensitive user information, such as financial data, the malicious code could potentially snoop and steal that information. Taken one step further, XSS can be used to reproduce viruses and malware, which is what happened when Twitter was infected with the StalkDaily worm.

How Companies Are Hacked via Malicious Javascript Code?

JS can track status updates and comments. It can record activity on a webpage even without submitting information. Scrolling, mouse movements, and keystrokes can all be tracked and recorded without the users knowledge. By means of cookies, JS can retrieve the browser you’re on, location and a variety of other metrics.

Cyber Security Threats via Phishing

Phishing is a term used to describe planned, widespread methods of obtaining online data. Maybe you receive an email from a friend containing a link. That link was malicious and the senders email account compromised. The trail may begin with an attacker seeing your social media friends or connections. Copy their emails thus targeting everyone in their network.

By clicking on a malicious link, you may trigger key logger software that installs a virus.

Maybe it’s a notification about a compromised account. A target then calls the fake bank or account holder and divulges their identity details.

An attacker may send an email followed by a phone call. Companies that operate these services are highly efficient. They have a hierarchical structure just like any other business. Employees, call centers, and normal business hours; even todays robust AI powered spam filters don’t catch every attempt.

They fish for information. Ultimately stealing full names, social security numbers, maiden names, and login credentials. An easy method of acquiring this is by emailing a target, posing as a familiar business, friend or family member. This method makes it easy to attack hundreds of thousands of targets simultaneously.

As filters have advanced, links are being sent via text message and live on social media.

Hacking Awareness

If you have investments, property, good credit, digital or tangible assets, or perhaps a desirable Twitter handle, you may be a target.

“Your personal information is a valuable commodity, no matter who you are. There will always be people interested in having it. This applies to law-abiding citizens as well as criminals. Whether someone wants to find you or just steal your identity, that person is willing to pay big bucks for the ability to do it.”

How To Disappear by Frank M. Ahearn

• Public WiFi or networks without a password are hacking hotspots.
• Unless you’re using a VPN, refrain from conducting financial transactions or logging into an account.
• Don’t use ‘remember password’ features.
• Secure your phone with Touch ID or a 6 digit alphanumeric password.
• Set the phone to wipe after n number of failed attempts.
• Use a privacy browser window whenever possible.
• Clear history and website data regularly.
• Block tracking and remove cookies.
• Disable location services where it’s not needed.
• Use prepaid cards for misc online transactions.

Many ATM cash machines run on Windows. Making them susceptible to attacks. While the internet of things ramps up, consumers will leave manufactured default passwords on IoT devices. Cybercriminals will find access to A/C units, garage doors, door locks and alarm systems. Longterm use of default passwords are commonplace now, and will no doubt continue. Passwords like 1234, ABCD, or 1234ABCD, are also very common. And easy to crack.

Security Tips

If you see an app you didn’t install, remove it. It’s more difficult to remove an unfamiliar icon from a laptop because there’s support files nested in multiple directories. If your phone battery is draining faster than usual, a nefarious app may be running in the background. If a device becomes warm when you’re not using it, an app is working too hard. Same for a laptop. If the fan kicks in, check which programs/documents have been recently opened. Check the Activity Monitory too. Quit the browser. Disconnect the router. Restore the device to factory settings. Red flags to look for:

• Passwords not working.
• Files missing/deleted.
• Frequent web page redirection.
• Slow performance even with basic computer operations.
• Increase in social media contacts.
• Programs open/close/flicker.
• Printer/drone/vehicle acts in ways it’s not supposed to.
• Data surge.
• Irregular pop ups.
• Sending/receiving bizarre messages.
• Noises during calls.
• Inability to make calls or repeated dropped calls.

• If a device reboots on its own or won’t turn off, you may have a security problem.
• Vile apps can be remotely installed that track texts, calls, and GPS.
• If traditional apps stop working as expected, malware may be the culprit.
• Unknown people in your call list may be a sign someone’s making international calls on your tab.

Conclusion

Hacking tutorials are in abundance. Medium has an article titled, ‘How I hacked into my neighbor’s WiFi and harvested login credentials’. There’s PDFs floating around providing in depth code samples.

Check out my in depth post for online privacy and security best practices.

• records our device apps
• records browser bookmarks and web history
• retrieves a list of running apps and other nefarious information
• gets a full list of device accounts
• records contacts and calendars
• they can even send emails to your contact list w/out our knowledge

What are other companies doing? And what happens when this information gets into the wrong hands? How will it impact us when criminals gain access to the same tools used for data collection?

As we bask in convenience, security concerns shoot through the roof. Familiarizing yourself with cyber security threats will make you less of a target.