Cyber Security - Part 1: How do Cyber Threats Really Work?

How do cyber threats really work?

Firstly, what are cyber threats? Cyber threats are activities used to compromise the security of a network, website, social media account or system, by gaining unauthorised access and making changes or accessing information. This is achieved by changing the integrity, confidentially or availability of that system, or the information presented.

As you would expect, these activities all take place online, with motives ranging from hacker to hacker. Usually the purpose is to cause damage or create disruption to individuals and organisations. Hackers aim to take advantage of vulnerabilities, especially by those with low cyber security awareness, hence the need to educate yourself, your employees and your company.

Having a good understanding of how cyber threats occur, is the first step to protecting yourself and those around you. One effective option is to train yourself or your IT team in Cyber Security, through Cyber Security courses.  

According to the National Cyber Security Centre there are two types or categories of cyber-attacks: targeted and un-targeted attacks.

Before we get started, if you're considering a career change, we have developed a series of helpful articles for career changers:

• How to write a CV
• How to write a cover letter
• What should be included in your first CV?
• How to prepare for an interview
• How to follow up after an interview

Let’s explore these two categories in more detail.

Targeted cyber attacks

Targeted cyber attacks take aim directly at your business, usually because, for some reason, the attacker has a specific interest in it, or has been hired to target your company directly. While finding the best way in can take months of planning and testing, the hard work all pays off if they manage to exploit your systems, users or processes. This type of attack is usually more damaging than an un-targeted attack and typical attacks include:

•    Spear-phishing – This is where an attacker sends emails to your businesses or staff, which typically includes a lick, which downloads malicious software, or has an attachment with malicious software
•    Deploying a botnet – This delivers Distributed Denial of Service (DDOS) attack
•    Subverting the supply chain – Here the purpose of the attack is to target and attack your software or equipment, delivered to your business

 Un-targeted cyber attacks

Unlike a targeted attack, un-targeted attacks pay no real attention to audience. Attacks are aimed at many devices, services and users as possible, to cause as much damage as possible. Hackers of this type of account don’t care who their victims are.

Typical attacks include:

•    Phishing – Arguably the most common and well-known form of attack. Emails are sent to a huge number of people, requesting sensitive information, like your bank account details. Sometimes these emails also try to get you to click on a link to a fake website.
•    Water holing – Visiting users are exploited by accessing a fake website or a legitimate website, which has been compromised.
•    Ransomware – Another well-known attack, which includes wide-spread, disk encrypting extortion malware
•    Scanning - Attacking the internet randomly, across a wide spread of people.

View our Cyber Security Job Academy Programme

Understanding the different stages of a cyber attack

No matter which type of attack you’re faced with, they’re be a few stages they have in common, some of which are repeatable stages.

Overall, an attacker is checking your defences for any weakness, which could help them hit their target. Being able to understand these stages better will ultimately help you defend yourself and your company from hackers.

There are four key stages present in most cyber-attacks. These are:

•    Survey – Identifying vulnerabilities by investigating and analysing information
•    Delivery – Working towards the stage where any vulnerability can be exploited
•    Breach – Gaining unauthorised access to your systems by exploiting vulnerabilities
•    Affect – Carrying out the necessary activities in a system to achieve a hacker’s goal

Let’s explore these four stages in more detail.

Stage 1 - Survey

A hacker will try any available means to find a technical, procedural or physical vulnerability, which they will attempt to exploit. This is achieved by using open source information, which often includes networking sites like Facebook or LinkedIn. Using commodity toolkits and techniques, they will store and review any information they can regarding your companies’ devices, security systems and staff.

Information can be gained from user errors, which can be used in attacks. There are a few common errors, which can include:

•    Releasing information about your companies’ network on a technical support forum
•    Failing to remove hidden properties from your company’s’ documentation, including name, software versions and file save locations

Stage 2 - Delivery

Here an attacker will try to position themselves in a way that allows them to exploit any vulnerabilities they’ve identified, or they think could potentially exist.

These can include:

•    Trying to access your organisation’s online services
•    Sending emails which contain attachments with malicious code, or a link to a malicious website
•    Handing out infected USB’s at trade shows
•    Creating fake websites

Stage 3 - Breach

The goal is to cause damage to your organisation and unauthorised access can allow hackers to:

•    Make unauthorised changes, to affect your system’s operation
•    Gain access to your online accounts
•    Have full control of staff members computers or devices

Stage 4 - Affect

Finally, an attacker will seek to expand access and explore your systems, to establish a persistent presence, which usually comes on the back of taking over a user’s account. All they’ll need now is administration access to one system and they’ll be able to install scanning tools, which will help them discover even more about your networks, or take control of other systems. 

A hacker’s end-goal could be to:

•    Retrieve sensitive information, including intellectual property or commercially sensitive information
•    Make changes to suit their plans, like putting payments into their own bank accounts
•    Disrupt your usual business operations

Helping your business protect themselves from cyber-attack is becoming more and more vital, to ensure regular, day-to-day processes remain undisturbed. One effective way to get yourself or your team upskilled in cyber security is through our Cyber Security Job Academy Programme. Contact us today to find out more.

Interested in a training course? To get started or discuss your requirements in more detail, call our Course Consultants on +44 (0) 20 3198 7700 or fill out our contact form and someone will be in touch with you to go through your training options.