In this lesson, we’ll cover:
-
What is a cybersecurity threat?
-
Why do malicious actors want to compromise data and IT systems?
-
What are the most common types of cybersecurity threats?
-
What is the MITRE ATT&CK framework?
-
Where can I keep up to date with the cybersecurity threat landscape?
A cybersecurity threat refers to any potential danger or risk that has the potential to compromise the confidentiality, integrity, or availability of data or IT systems. These threats are posed by malicious actors who attempt to exploit vulnerabilities in order to gain unauthorized access, steal sensitive information, disrupt operations, or cause harm to individuals, organizations, or even entire nations. Cybersecurity threats can take various forms and target different aspects of digital systems and data.
Malicious actors compromise data and IT systems for a variety of reasons, often driven by personal gain, ideological motives, or the desire to cause disruption. Understanding these motivations can help organizations and individuals better defend against cyber threats. Some common reasons why malicious actors engage in cyberattacks include:
-
Financial Gain: Many attacks are driven by the desire for financial profit. Malicious actors may steal sensitive information like credit card numbers, bank account details, or personal identification information to commit fraud, identity theft, hold an individual or organization to ransom or sell the stolen data on the dark web.
-
Espionage: Nation-states, competitors, or other entities may engage in cyber espionage to steal sensitive government, corporate, or research data for political, economic, or military advantage.
-
Disruption and Sabotage: Some attacks aim to disrupt critical infrastructure, services, or operations for political or ideological reasons. These attacks can cause widespread chaos, financial loss, and damage to reputation.
-
Ideological Motivations: Hacktivists and groups with ideological or political motivations may compromise systems to raise awareness about certain issues, promote their beliefs, or protest against specific actions or organizations.
-
Unintentional Actions: Not all malicious actions are deliberate; some individuals may unknowingly contribute to cyber threats by falling victim to social engineering or being part of a compromised network.
Ultimately, the motivations for compromising data and IT systems can vary widely, and the impact of these attacks can be severe. It's important for individuals, organizations, and governments to take cybersecurity seriously and implement measures to protect against these threats.
There are several common types of cybersecurity attacks that malicious actors use to compromise systems, steal data, and cause disruptions. Here are some of the most prevalent types at the time of writing
- Phishing:
Phishing involves sending deceptive emails or messages that appear to be from legitimate sources in order to trick recipients into revealing sensitive information, such as passwords, credit card numbers, or personal details. Phishing can also lead victims to malicious websites or to download malware.
- Malware:
Malware (malicious software) encompasses a range of malicious programs designed to infect systems, steal data, or cause damage. Types of malware include:
-
Ransomware: Encrypts files and demands a ransom for decryption.
-
Trojans: Disguised as legitimate software, they give attackers unauthorized access.
-
Viruses: Self-replicating programs that attach to files and spread.
-
Worms: Self-replicating programs that spread through networks.
- Denial of Service (DoS) and Distributed Denial of Service (DDoS):
DoS attacks overload a target system, rendering it unavailable to users. DDoS attacks involve using a network of compromised devices to flood a target with traffic, making it difficult for the system to function properly or they may stop the system working entirely.
- SQL Injection:
In this attack, attackers manipulate a web application's input fields to inject malicious SQL queries, potentially gaining unauthorized access to databases and sensitive data.
- Cross-Site Scripting (XSS):
Attackers inject malicious scripts into web applications, which are then executed by unsuspecting users' browsers. This can lead to the theft of user data and/or the spreading of malware.
- Social Engineering:
Social engineering exploits human psychology to manipulate individuals into divulging confidential information or performing actions that compromise security.
- Zero-Day (0day) Exploits:
These attacks target vulnerabilities in software or hardware that are not yet known to the vendor or public. Attackers take advantage of these vulnerabilities before patches are developed. Many organizations worry about zero-days as there is no patch for them but they are not as common as the other attacks on this list. When a zero-day is discovered, security researchers will work quickly to make a patch and hence zero-days are generally short lived.
- Credential Attacks:
These attacks include brute force attacks, where attackers repeatedly guess passwords, and credential stuffing attacks, where stolen credentials from one site are used to attempt access on other sites**.**
The MITRE ATT&CK framework (Adversarial Tactics, Techniques, and Common Knowledge) is a framework that catalogs and categorizes the tactics, techniques, and procedures (TTPs) that adversaries use during cyberattacks. The framework was created by MITRE Corporation, a not-for-profit organization that operates research and development centers for various government agencies.
The MITRE ATT&CK framework provides a standardized way to describe and analyze cyber threats, allowing cybersecurity professionals to better understand and defend against various attack techniques. It is widely used by security teams, threat hunters, and incident responders to:
-
Understand Adversarial Behavior: The framework documents real-world attack behaviors, outlining the steps attackers take from initial entry to achieving their objectives. It covers a broad range of attack techniques used by different threat groups.
-
Plan and Implement Defense Strategies: Security teams can use the framework to develop proactive defense strategies that align with the specific tactics and techniques adversaries might employ.
-
Incident Response and Threat Hunting: When investigating incidents or conducting threat hunting, security professionals can refer to the framework to identify and mitigate specific techniques used by attackers.
The MITRE ATT&CK framework is organized into matrices that group attack techniques based on specific platforms and environments, such as Windows, macOS, Linux, and cloud services. Each matrix is divided into tactics (high-level goals) and techniques (specific methods used to achieve those goals). For each technique, the framework provides information about how it works, potential mitigations, and relevant references to real-world threat actors that have used the technique.
The framework is continuously updated and expanded as new threat intelligence is gathered and as the cybersecurity landscape evolves. It's a valuable resource for enhancing an organization's cybersecurity posture by enabling a deeper understanding of how attackers operate and how to defend against their tactics.
There are many sources that can be used to keep up to date with cybersecurity threats, here are a selection:
- Open Web Application Security Project (OWASP) top 10 vulnerabilities
- Common Vulnerabilities and Exposures (CVEs)
- Microsoft Security Response Center blogs
- National Institute of Standards and Technology (NIST): NIST provides resources, alerts, and latest updates on potential cybersecurity threats.
- Cybersecurity and Infrastructure Security Agency (CISA): CISA provides cybersecurity resources and best practices for businesses, government agencies, and other organizations. CISA shares up-to-date information about high-impact types of security activity affecting the community at large and in-depth analysis on new and evolving cyber threats.
- National Cybersecurity Center of Excellence (NCCoE): NCCoE is a hub that provides practical cybersecurity solutions that can be applied in real-world situations.
- US-CERT:The United States Computer Emergency Readiness Team (US-CERT) provides a variety of cybersecurity resources, including alerts, tips, and more.
- Your country's Cyber Emergency Response Team (CERT)