A cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. These are the main cause behind the most cyber attacks. Cyber threats also refer to the possibility of a successful cyber attack that aims to gain unauthorized access, damage, disrupt, or steal an information technology asset, computer network, intellectual property or any other form of sensitive data. Cyber threats can come from within an organization by trusted users or from remote locations by unknown parties.

1. Phishing

In a phishing attack, a digital message is sent to fool people into clicking a link inside of it. There are several possibilities for malicious actors to use such campaigns. Depending on the intention of the actor, harmful malware is installed or sensitive data is exposed. Usually phishing attacks use fake communication, such as an email, to trick the receiver into opening it and carrying out the instructions inside, such as providing a credit card number. The emails looks so real that receiver clicks it and then gets in trouble.

2. Malware

Malware is the collective name for a number of malicious software variants. Examples of common malware include viruses, worms, Trojan viruses, spyware, adware, and ransomware. Recent malware attacks have exfiltrated data in mass amounts. Its is used in several ways. Malware is activated when a user clicks on a malicious link or attachment, which leads to installing dangerous software. Cisco reports that malware, once activated, it can do :

Block access to key network components (Ransomware)

• Install additional harmful software

• Covertly obtain information by transmitting data from the hard drive (Spyware)

• Disrupt individual parts, making the system inoperable and Unusable.

3. Man in the Middle

A man in the middle (MITM) attack is a general term for when a cyber criminal positions himself in a conversation between a user and an application, either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway. The primary goal of an attack is to steal personal information, such as login credentials, account details and credit card numbers. Targets persons are typically the users of financial applications, SaaS businesses, e-commerce sites and other websites where logging in is required. The Information obtained during an attack could be used for many purposes, including identity theft, unapproved fund transfers or an illicit password change of system.

4. Denial of Service

A denial of service (DoS) is a type of cyber attack that floods a computer or network with requests so users cant access the system. A distributed DoS (DDoS) does the same thing, but the attack originates from a computer network. It is more lethal. Cyber attackers often use a flood attack to disrupt the “handshake” process and carry out a DoS. Several other techniques may be used, and some cyber attackers use the time that a network is disabled to launch other attacks. A botnet is a type of DDoS in which millions of systems can be infected with malware and controlled by a hacker. Botnets, sometimes called zombie systems, target and overwhelm a target’s processing capabilities. Botnets are in different geographic locations and they are hard to trace.

5. SQL Injection

SQL Injection also known as SQLi is a type of an injection attack that makes it possible to execute malicious SQL statements. These statements control a database server behind a web application. Attackers can use SQL Injection vulnerabilities to bypass application security measures. They can go around authentication and authorization of a web page or web application and retrieve the content of the entire SQL database. They can also use SQL Injection to add, modify, and delete records in the database.

The impact SQL injection can have on a business is far-reaching. A successful attack may result in the unauthorized viewing of user lists, the deletion of entire tables and, in certain cases, the attacker gaining administrative rights to a database, all of which are highly detrimental to a business.

6. Social engineering

In a social engineering attack, an attacker uses human interaction skills to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

7. Password Attacks

Stolen, weak and reused passwords are the leading cause of hacking-related data breaches and a tried-and-true way of gaining access to your IT resources. A password attack is simply when a hacker tries to steal your password. Because passwords can only contain so many letters and numbers, passwords are becoming less safe. Hackers know that many passwords are poorly designed, so password attacks will remain a method of attack as long as passwords are being used.

Types of password Attack:

1. Brute Force Attack

2. Dictionary Attack

3. Man-In-the-Middle

4. Phishing

5. Traffic Interception