COMPUTER SECURITY THREATS:

Computer security threats are potential threats to your computer’s efficient operation and
performance. These could be harmless adware or dangerous trojan infection. As the world becomes
more digital, computer security concerns are always developing. A threat in a computer system is a
potential danger that could jeopardize your data security. At times, the damage is irreversible.
Types of Threats:

A security threat is a threat that has the potential to harm computer systems and organizations. The
cause could be physical, such as a computer containing sensitive information being stolen. It’s also
possible that the cause isn’t physical, such as a viral attack.

1. Physical Threats: A physical danger to computer systems is a potential cause of an

 Internal: Short circuit, fire, non-stable supply of power, hardware failure due to excess
humidity, etc. cause it.

 External: Disasters such as floods, earthquakes, landscapes, etc. cause it.

2. Non-physical threats: A non-physical threat is a potential source of an incident that could result
in:

 Hampering of the business operations that depend on computer systems.

 Sensitive – data or information loss

 Keeping track of other’s computer system activities illegally.

 Hacking id & passwords of the users, etc.

The non-physical threads can be commonly caused by:

(i) Malware: Malware (“malicious software”) is a type of computer program that infiltrates and
damages systems without the users’ knowledge. Malware tries to go unnoticed by either hiding or not
letting the user know about its presence on the system. You may notice that your system is processing
at a slower rate than usual.

(ii) Virus: It is a program that replicates itself and infects your computer’s files and programs,
rendering them inoperable. It is a type of malware that spreads by inserting a copy of itself into and
becoming part of another program. It spreads with the help of software or documents. They are
embedded with software and documents and then transferred from one computer to another using the
network, a disk, file sharing, or infected e-mail. They usually appear as an executable file.

(iii) Spyware: Spyware is a type of computer program that tracks, records, and reports a user’s
activity (offline and online) without their permission for the purpose of profit or data theft. Spyware
can be acquired from a variety of sources, including websites, instant chats, and emails. A user may
also unwittingly obtain spyware by adopting a software program’s End User License Agreement.
Adware is a sort of spyware that is primarily utilized by advertising. When you go online, it keeps
track of your web browsing patterns in order to compile data on the types of websites you visit.

(iv) Worms: Computer worms are similar to viruses in that they replicate themselves and can inflict
similar damage. Unlike viruses, which spread by infecting a host file, worms are freestanding
programs that do not require a host program or human assistance to proliferate. Worms don’t change
programs; instead, they replicate themselves over and over. They just eat resources to make the
system down.

(v) Trojan: A Trojan horse is malicious software that is disguised as a useful host program. When the
host program is run, the Trojan performs a harmful/unwanted action. A Trojan horse, often known as
a Trojan, is malicious malware or software that appears to be legal yet has the ability to take control
of your computer. A Trojan is a computer program that is designed to disrupt, steal, or otherwise harm
your data or network.

(vi) Denial Of Service Attacks: A Denial of Service attack is one in which an attacker tries to
prohibit legitimate users from obtaining information or services. An attacker tries to make a system or
network resource unavailable to its intended users in this attack. The web servers of large
organizations such as banking, commerce, trading organizations, etc. are the victims.

(vii) Phishing: Phishing is a type of attack that is frequently used to obtain sensitive information from
users, such as login credentials and credit card details. They deceive users into giving critical
information, such as bank and credit card information, or access to personal accounts, by sending
spam, malicious Web sites, email messages, and instant chats.

(viii) Key-Loggers: Keyloggers can monitor a user’s computer activity in real-time. Keylogger is a
program that runs in the background and records every keystroke made by a user, then sends the data
to a hacker with the intent of stealing passwords and financial information.

How to make your system secure:

In order to keep your system data secure and safe, you should take the following measures:

1. Always keep a backup of your data.

2. Install firewall software and keep it updated every time.

3. Make use of strong and difficult to crack passwords (having capital & small alphabets, numbers,
and special characters).

4. Install antivirus/ anti-spyware and keep it updated every time.

5. Timely scan your complete system.

6. Before installing any program, check whether it is safe to install it (using Antivirus Software).

7. Take extra caution when reading emails that contain attachments.

8. Always keep your system updated.

What is a cyberattack?
A cyberattack is any intentional effort to steal, expose, alter, disable, or destroy data, applications, or other
assets through unauthorized access to a network, computer system or digital device.
Cyberattacks can disrupt, damage and even destroy businesses. The average cost of a data breach is USD 4.88
million. This price tag includes the costs of discovering and responding to the violation, downtime and lost
revenue, and the long-term reputational damage to a business and its brand.

What is a cyberattack?

A cyberattack is any intentional effort to steal, expose, alter, disable, or destroy data, applications, or other
assets through unauthorized access to a network, computer system or digital device.

Threat actors start cyberattacks for all sorts of reasons, from petty theft to acts of war. They use various tactics,
like malware attacks, social engineering scams, and password theft, to gain unauthorized access to their target
systems.

Cyberattacks can disrupt, damage and even destroy businesses. The average cost of a data breach is USD 4.88
million. This price tag includes the costs of discovering and responding to the violation, downtime and lost
revenue, and the long-term reputational damage to a business and its brand.
Why do cyberattacks happen?
The motivations behind cyberattacks can vary, but there are three main categories:

1. Criminal

2. Political

3. Personal

Criminally motivated attackers seek financial gain through monetary theft, data theft, or business disruption.
Cybercriminals may hack into a bank account to steal money directly or use social engineering scams to trick
people into sending money to them. Hackers may steal data and use it to commit identity theft or sell it on the
dark web or hold it for ransom.
Personally motivated attackers, such as disgruntled current or former employees, primarily seek retribution for
some perceived slight. They may take money, steal sensitive data, or disrupt a company's systems.

Politically motivated attackers are often associated with cyberwarfare, cyberterrorism, or "hacktivism." In
cyberwarfare, nation-state actors often target their enemies' government agencies or critical infrastructure. For
example, since the start of the Russia-Ukraine War, both countries have experienced a rash of cyberattacks
against vital institutions (link resides outside [Link]). Activist hackers, called "hacktivists," may not cause
extensive damage to their targets. Instead, they typically seek attention for their causes by making their attacks
known to the public.

What do cyberattacks target?

 Money

 Businesses' financial data

 Client lists

 Customer data, including personally identifiable information (PII) or other sensitive personal data

 Email addresses and login credentials

 Intellectual property, like trade secrets or product designs

What do cyberattacks target?

 Money

 Businesses' financial data

 Customer data, including personally identifiable information (PII) or other sensitive personal data

 Email addresses and login credentials

 Intellectual property, like trade secrets or product designs

In some cases, cyberattackers don’t want to steal anything at all. Rather, they merely want to disrupt information
systems or IT infrastructure to damage a business, government agency, or other target.

What effects do cyberattacks have on businesses?

If successful, cyberattacks can damage enterprises. They can cause downtime, data loss, and money loss. For
example:

 Hackers can use malware or denial-of-service attacks to cause system or server crashes. This downtime
can lead to major service interruptions and financial losses. According to the Cost of a Data
Breach report, the average breach results in USD 2.8 million in lost business.

 SQL injection attacks allow hackers to alter, delete, or steal data from a system.

 Phishing attacks allow hackers to trick people into sending money or sensitive information to them.

 Ransomware attacks can disable a system until the company pays the attacker a ransom. According
to one report (link resides outside [Link]), the average ransom payment is USD 812,360.

In addition to directly harming the target, cyberattacks can have a host of secondary costs and consequences
related to detecting, responding to, and remediating breaches. However, organizations that applied AI and
automation to security prevention saw the biggest impact in reducing the cost of a breach, saving an average
of USD 2.22 million over those organizations that didn’t deploy these technologies.

Cyberattacks can also have repercussions for victims beyond the immediate target. In 2021, the DarkSide
ransomware gang attacked the Colonial Pipeline, the largest refined oil pipeline system in the US. The attackers
entered the company’s network by using a compromised password (link resides outside [Link]). They shut
down the pipeline that carries 45% of the gas, diesel, and jet fuel supplied to the US East Coast, leading to
widespread fuel shortages.

The cybercriminals demanded a ransom of almost USD 5 million in bitcoin cryptocurrency, which Colonial
Pipeline paid (link resides outside [Link]). However, with help from the US government, the company
eventually recovered USD 2.3 million of the ransom.

What are the common types of cyberattacks?

Cybercriminals use many sophisticated tools and techniques to start cyberattacks against enterprise IT systems,
personal computers, and other targets. Some of the most common types of cyberattacks include:

 Malware
Malware is malicious software that can render infected systems inoperable. Malware can destroy data, steal
information, or even wipe files critical to the operating system’s ability to run. Malware comes in many forms,
including:
  Trojan horses disguise themselves as useful programs or hide within legitimate software to trick users
into installing them. A remote access Trojan (RAT) creates a secret back door on the victim’s device,
while a dropper Trojan installs additional malware once it has a foothold.

 Ransomware is sophisticated malware that uses strong encryption to hold data or systems hostage.
Cybercriminals then demand payment in exchange for releasing the system and restoring functionality.
According to IBM’s X-Force Threat Intelligence Index, ransomware is the second most common type
of cyberattack, accounting for 17% of attacks.

 Scareware uses fake messages to frighten victims into downloading malware or passing sensitive
information to a fraudster.

 Spyware is a type of malware that secretly gathers sensitive information, like usernames, passwords,
and credit card numbers. It then sends this information back to the hacker.

 Rootkits are malware packages that allow hackers to gain administrator-level access to a computer’s
operating system or other assets.

 Worms are self-replicating malicious code that can automatically spread between apps and devices.

Social engineering

Social engineering attacks manipulate people into doing things that they shouldn’t do, like sharing information
they shouldn’t share, downloading software they shouldn’t download, or sending money to criminals.

Phishing is one of the most pervasive social engineering attacks. According to the Cost of a Data Breach report,
it is the second most common cause of breaches. The most basic phishing scams use fake emails or text
messages to steal users’ credentials, exfiltrate sensitive data, or spread malware. Phishing messages are often
designed to look as though they’re coming from a legitimate source. They usually direct the victim to click a
hyperlink that takes them to a malicious website or open an email attachment that turns out to be malware.

Cybercriminals have also developed more sophisticated methods of phishing. Spear phishing is a highly
targeted attack that aims to manipulate a specific individual, often by using details from the victim’s public
social media profiles to make the ruse more convincing. Whale phishing is a type of spear phishing that
specifically targets high-level corporate officers. In a business email compromise (BEC) scam, cybercriminals
pose as executives, vendors, or other business associates to trick victims into wiring money or sharing sensitive
data.

Denial-of-service attacks

Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks flood a system's resources with
fraudulent traffic. This traffic overwhelms the system, preventing responses to legitimate requests and reducing
the system's ability to perform. A denial-of-service attack may be an end in itself or a setup for another attack.

The difference between DoS attacks and DDoS attacks is simply that DoS attacks use a single source to generate
fraudulent traffic, while DDoS attacks use multiple sources. DDoS attacks are often carried out with a botnet, a
network of internet-connected, malware-infected devices under a hacker's control. Botnets can include laptops,
smartphones, and Internet of Things (IoT) devices. Victims often don't know when a botnet has hijacked their
devices.
Preventing cyberattacks
Many organizations implement a threat management strategy to identify and protect their most important assets
and resources. Threat management may include policies and security solutions like:
 Identity and access management (IAM) platforms and policies, including least-privilege access,
multi-factor authentication, and strong password policies, can help ensure that only the right people
have access to the right resources. Companies may also require remote employees to use virtual private
networks (VPNs) when accessing sensitive resources over unsecured wifi.

 A comprehensive data security platform and data loss prevention (DLP) tools can encrypt
sensitive data, monitor its access and usage, and raise alerts when suspicious activity is detected.
Organizations can also make regular data backups to minimize damage if there is a breach.

 Firewalls can help block threat actors from entering the network in the first place. Firewalls can also
block malicious traffic flowing out of the network, such as malware attempting to communicate with a
command and control server.

 Security awareness training can help users identify and avoid some of the most common cyberattack
vectors, such as phishing and other social engineering attacks.

 Vulnerability management policies, including patch management schedules and regular penetration
testing, can help catch and close vulnerabilities before hackers can exploit them.

 Attack surface management (ASM) tools can identify, catalog, and remediate potentially vulnerable
assets before cyberattackers find them.

 Unified endpoint management (UEM) tools can enforce security policies and controls around all
endpoints on the corporate network, including laptops, desktops, and mobile devices.

Detecting cyberattacks
It is impossible to prevent cyberattack attempts entirely, so organizations may also use continuous security
monitoring and early detection processes to identify and flag cyberattacks in progress. Examples include:
 Security information and event management (SIEM) systems centralize and track alerts from
various internal cybersecurity tools, including intrusion detection systems (IDSs), endpoint detection
and response systems (EDRs), and other security solutions.

 Threat intelligence platforms enrich security alerts to help security teams understand the types of
cybersecurity threats they may face.

 Antivirus software can regularly scan computer systems for malicious programs and automatically
eradicate identified malware.

 Proactive threat hunting processes can track down cyberthreats secretly lurking in the network, such
as advanced persistent threats (APTs).