You will be surprised to know that some of the most exploited security weaknesses are not even technical. Yes.
Cybercriminals count on the fact that human errors are bound to happen because of many reasons, mainly lack of awareness of the most common cyber threats.
They leverage this to orchestrate social engineering attacks that bypass automated scanners and give them access to credentials and sensitive information they can further exploit. In this edition of SharkStriker Journal, we will explore some of the most common cyber attacks that everyone must be aware of.
What are some of the most common cyber threats?
Here are some of the common cyber threats:
Social engineering
It occurs when a cybercriminal manipulates his victims into divulging sensitive information like credentials, financial information, etc. Phishing is a common type of social engineering. What makes social engineering dangerous is that it passes through automated threat scanners.
Human error
Human error is any cyber security risk arising due to human negligence, lack of awareness, fallibility, etc. Any form of misconfiguration in security, absence of periodical security testing, and lack of cybersecurity hygiene are human errors that can pose a severe cyber risk.
Malware
Malware or malicious software specially crafted to bypass security mechanisms to gain access, infect systems, and destroy/steal/replicate all sensitive information. Some common types of malware include ransomware, trojan, wiper, bootkits, rootkits, and spyware.
Some common types of malwares
Insider Threats
Any person from within an organization becomes an insider threat when they intentionally (due to grudges, ex-employee, etc.) or unintentionally (due to negligence, lack of awareness, etc.) cause a security compromise. Since employees have access to sensitive exploitable information such as credentials, IP addresses, access controls, authentication, etc., they pose a significant cyber risk to an organization.
Third-party exposure
Any exposure of third parties/vendors/suppliers to security threats can pose a significant security threat to an organization. As per the DBIR report 2024 by Verizon, 3rd party exposure has increased by 68% since 2023.
Drive-by attack
A drive-by attack happens when a user accidentally/unknowingly invites malware to his computer while browsing the web or performing an action online as simple as clicking on something or downloading a file. It is dangerous because it happens outside the awareness of a user. Even the most aware user can become a victim of such an attack.
Some interesting facts
- Among all the social engineering attacks – 50.6% were scamming, 35.5% were phishing, 10.6% were Business Email Compromise, 2.7% were Extortion, and 0.5% were conversation hijacking attacks (Statista, 2024)
- Most impersonated companies in phishing in Q1 2024 include: – Microsoft (38%), Google(11%), Amazon(11%), LinkedIn (11%) (Check Point),
- 56% of leaders think their company is more likely to be a target of ransomware (Ransomware.org)
- 74% of CISOs report that human error is the biggest security vulnerability (Proofpoint 2024)
- 90% of executives globally have warned against cyber inequity
Learn about some of the early signs to know that you are hacked
