The document outlines various types of cyber security threats including phishing, denial of service attacks, cybercrime, man-in-the-middle attacks, social engineering, and malware. It emphasizes the need for multi-layered defense strategies to protect sensitive information and emphasizes the growing threat landscape due to increasingly sophisticated methods. Additionally, it highlights the importance of training employees to recognize social engineering tactics and the challenges in attributing cybercrime to specific individuals or groups.

1. Different Types Of Cyber Security
Threats
Phishing
Phishing involves tricking users into interacting with malicious links or other techniques to install
malware on a system. This is especially dangerous as phishing can come in many forms, as
long as there is a link or an interactive option that has been tampered with. A successful
phishing attack can steal passwords and other intellectual property and install malware. This is
very worrying for businesses with bad cybersecurity, as they can easily access confidential data
such as financial information.
To defend from phishing, a multi-layered approach helps filter out multiple different types of
phishing attempts. These might include email filters, relevant training on cybersecurity, use of
more advanced forms of authorisation and responding quickly to incidents by reporting them.
Denial of Service (DoS)
These attacks are designed to overwhelm servers and deny access to servers, rendering them
inaccessible. The consequences of such attacks could range from a website being down and
shutting out customers, or an industrial control system being unable to retrieve sensor data.
Due to the increased sophistication of internet security and the rise of digitalisation, a
Distributed Denial of Service (DDoS) attack is required to harm most modern services due to the

2. attack coming from multiple computers. Said computers could either be willing participants, such
as a hacking group, or unwilling participants who have malware installed on their computers.
Whilst not infiltrating a network, a DDoS attack is very powerful due to its ability to overpower
servers and overcome their capacity limits.
Cyber Crime
Cybercrime is becoming more widespread due to the notoriety of successful criminals and the
imagined profit that they are associated with becoming more apparent. It is financially
devastating to people and businesses, costing the UK government millions of pounds every
year.
Adding onto this, the rise of “off the shelf” tools allow just about anybody with basic tech skills to
participate in cybercrime regardless of their technical level. With malware ever-evolving, more
types of cybercrime are coming to light often, especially in areas like cryptocurrency. It’s difficult
to attribute a cybercrime to one person, or even one group due to the blurred lines between
nation-states and criminal groups.
Man-in-The-Middle Attack
This particular type of attack uses a browser or malware to insert itself into the middle of data
transactions and online communications. Sites that are often seen as secure, such as online
banking and e-commerce, are very desirable targets for a MiTM attack due to the trust that
these websites have and their ability to capture credential information such as user logins.
There are many different types of MiTM attacks, utilising spoofing and hijacking to deceive
victims. Another critical element in the interception of data is decrypting it for malicious use,
enabling the criminal to carry out identity theft or disrupt businesses. To help combat these
attacks, it is paramount that companies invest in endpoint security and the security of their
connections.
Social Engineering
Social engineering is the act of talking a target into revealing specific information or performing
a certain task for malicious and illegitimate reasons. In IT, social engineering is used to
manipulate and get further access to an IT system, or to use IT to aid in the manipulation of
factors in the outside world. To protect against this, staff should be trained to spread awareness
among colleagues.
Common forms of social manipulation in IT are pretexting (where the attacker could claim to
work for an IT company and request access to data to perform their job), Baiting (using curiosity
to bait a victim into, for example, inserting a USB flash drive into their system), and Quid pro quo
(in which an attacker could ask for a password in exchange for money in a research
experiment).
Malware
The term malware encompasses a range of malicious software used to steal information, use
unwilling computers in DoS attacks, or use unwilling computers to mine cryptocurrencies. A

3. common form of malware is a trojan, these act as normal applications and trick users into
downloading them. They can then do anything from secretly spying on a user or even crashing
their entire device.
An upcoming (and very worrying) form of malware is fileless malware. They use legitimate
applications to infect a computer and are hard to scan as they leave no files as a sort of
footprint. Worms are another daunting malware as they can copy themselves from machine to
machine, exploiting weaknesses in software that doesn't require user interaction.
Written by Daniel Martin