Bad actor. Not found on the Golden Raspberry list, instead, a cybercriminal or organisation that will do anything, but anything, to exploit vulnerabilities in your network for financial gain by using ransomware, malware, or by intercepting communications. Common tactics are to steal your data or shut you down (and demand dosh for regaining access to your own network/applications). Aka threat actors and malicious actors.
Hacktivists. As you can probably glean from the name, they are criminals who illegally access your files or network for social or political ends.
Threat groups. Groups usually have unique names, often reflecting where they are from, and their speciality. Names may include Panda if they originate from China (e.g., Numbered Panda, Emissary Panda), or Bear from Russia (e.g., SaintBear, VOODO BEAR, Cozy Bear). If non-state affiliated, they may include Spider (e.g., Wizard Spider, Viking Spider) for a financially motivated group, and Jackal if they are hacktivists.
And where do they hang out?
The dark web, or deep and dark web (DDW). This spider-free zone is an online shopper’s delight for bad actors. Here, they can purchase cyber-attack kits for DDoS, Phishing, and ransomware attacks for less than $50US. There’s also a bargain basement selection starting at $5US. Actors need to part with a whole hard-earned $10US for a password-cracking tool, and a whopping $12US for malware suites containing Trojans, worms, viruses, and other harmful programmes. Prices go up according to the newness of the version.
Now, the attacks. Where do these colourful names come from?
Interestingly, there are often naming conventions. Some are titled depending on their target (for example, the Olympic Destroyer targeted the Winter Olympics in South Korea), or unique aspects of the attack (like a Meltdown which opened up networks to attacks leading to a meltdown). And others are named due to their function. For example, <add adjective> Downloader.
But - on to the 10 most popular forms of attacks.
Malware. Stemming from the term malicious software, malware is any programme or code that’s been created with the sole intent of doing harm to your computer, network, or server. Malware is the most common form of cyberattack, mostly because it includes a wealth of subsets like ransomware, trojans, spyware, viruses, worms, keyloggers, bots, and cryptojacking.
Denial-of-Service (DoS) Attacks. In a return to the IT acronyms we all know and love, a DoS attack is a malicious, targeted attack originating from one system that floods your network with false requests to disrupt your business operations. When this happens, your users can no longer carry out routine and necessary tasks, like accessing email, websites, online accounts, or other resources that are operated by DoS attack-impacted computers or networks. DoS attacks don’t usually mean lost data and can be sorted out without paying a ransom, but they take up an inordinate amount of time, money, and effort to sort out and get you back to business as usual. To note, DDoS (Distributed Denial of Service) attacks do the same thing but are launched from multiple systems, making them harder to block and neutralise.
Phishing. Sounds cute, huh? Well, it’s not. It’s the coverall term for using a digital platform to mess with your employees. When they use email, it’s Spear Phishing, SMS is called SMiShing, via phone it’s Vishing, and when they utilise social media, and social engineering techniques to go after big name business, it’s referred to as Whaling. But no matter the phishing tool being used, the end goal is always to entice your staff to share sensitive information like their system passwords or your bank account numbers, or to download a malicious file that installs viruses on their computer or phone.
Spoofing. While it sounds vaguely comical, spoofing is far from it. Spoofing is a technique used by cybercriminals to disguise themselves as a source that you know or trust. Like your boss, or a website you use all the time. In so doing, they can trick you into providing access to your systems or devices so they can steal information, extort money, or install malware or other nasties on the device.
Identity-Based Attacks. Identity-driven attacks where a valid user’s credentials have been taken over by a criminal can be extremely difficult to detect using traditional security measures and tools. Scarily, 80% of all breaches use compromised identities and can take up to 250 days to identify. Types of identity-based attacks include Kerberoasting, Man-in-the-Middle (MITM), Pass-the-Hash (PtH), Silver Ticket, Credential Stuffing, Password Spraying, and Brute Force Attacks.
Code Injection Attacks. You’ve probably guessed this one. Yes, it’s when an attacker injects malicious code into a vulnerable computer or network to change its course of action. These attacks include SQL Injection, Cross-Site Scripting (XSS) and Malvertising.
Supply Chain Attacks. Targeting one of your trusted third-party vendors who offers services or software vital to your supply chain – this attack injects malicious code into an application to infect everyone who uses it. Hardware supply chain attacks compromise the physical components for the same purpose. However, software supply chains are especially vulnerable as modern software isn’t written from scratch. It usually involves many off-the-shelf components, like third-party APIs, open-source code, and proprietary code from software vendors.
Insider Threats. Danger is closer than you think! Insider threats are internal actors such as current or former (usually malicious) employees that present a risk to your organisation because they have direct access to your company network, sensitive data, and intellectual property (IP). They also tend to know your business processes, company policies and other sensitive information needed to carry out such an attack. These attacks are usually financially motivated. However, negligence can also be behind this type of attack – which is why cybersecurity training is so important.
DNS Tunneling. Imagine a private access tunnel used by an attacker to release malware into, or extract data through. DNS Tunneling is a type of cyberattack that leverages domain name system (DNS) queries and responses to bypass your traditional security measures and transmit data and code within your company network. Once infected, the hacker can freely engage in command-and-control activities. Simple to deploy, DNS tunnel has increased in popularity over the years and bad actors can readily access tunneling toolkits and guides through mainstream sites like YouTube.
IoT-Based Attacks. This type of cyberattack targets your Internet of Things (IoT) device/s or network. Once they’re in, the hacker can assume control of the device to steal your data, or even join a group of infected devices together to create a botnet to launch DoS or DDoS attacks. Connected devices are responsible for nearly 66% of mobile network infections – which is more than double the volume experienced in 2019.
And there you have it – a glossary of cyber-crime and cyber-security terms to help keep you informed, safe, and on the lookout for the next sketchy character or plot!
Written with the input of Kristy Brown (NZ Country Manager – Microsoft), because we value human thought leadership over AI-generated content.
