Cyber criminals combine various threats to develop a malicious attack. These threats may include infected attachments or poisonous links, which are very effective. While it is impossible to mention all the current threats, below is a list of the most dangerous and widely used types.
Types of hackers
Black hat hacker
A black hat hacker finds vulnerabilities in different systems and exploits the weakness for personal gain. This could include stealing credit card information or changing public databases. The goal of a black hat hacker is to become famous or gain monetary benefit by exploiting loopholes in security systems.
Blue hat hacker
A blue hat hacker is a hacker who bug tests a system prior to its launch, looking for vulnerabilities so they can be fixed. A blue Hat Hacker refers to the hacker invited by Microsoft to find vulnerabilities in Windows.
Green hat hacker
A green hat hacker is a hacker that learns in the hacking realm. Unlike a script kiddie a green hat hacker wants to learn more and become a serious hacker.
Grey hat hacker
A grey hat hacker is a mix between the white hat hacker and the black hat hacker. They will usually break into a system with no bad intention but also no good intention. This can be done to make information public about wrongdoings.
Hacktivist
Hacktivists are the digital protesters. They will break into a systems and infrastructures to raise awareness for social causes.
Hacktivism includes defacing websites and uploading promotional material, so that the viewers would receive info based on hackers intention, not the developer of the website.
Red hat hacker
A red hat hacker is more sophisticated than the rest of the hackers. They use their hacking skills to stop black hat hackers. Red hat hackers would either halt an attack or push the black hat hacker out of business.
Script Kiddie
Script Kiddies are the kids of the hacking realm. A script kiddie does not do much damage because they have very little skill. They typically use a program or a script developed by others to do their hacking.
Social media hacker
Social media hackers focus on hacking social media accounts. They will use various different ways to gain access to users accounts. Social media hackers are similar to the black hat hacker because they have criminal intentions and aim to steal data.
Suicide hacker
A suicide hacker knows their identity will be revealed but they do the hacking anyway. This could be for money or the fame. The name comes from suicide bombers.
White hat hacker
A white hat hacker is an ethical computer hacker, or a computer security expert. They try to break into computer systems and test computer security to find vulnerabilities, this is done to strengthen the system.
Types of attacks
Adware
Adware, or advertising-supported software, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the user during the installation process.
Baiting
Baiting uses physical media and relies on the curiosity or greed of the victim. In this attack, attackers leave malware-infected floppy disks, CD-ROMs, or USB flash drives in locations people will find them (bathrooms, elevators, sidewalks, parking lots, etc.), give them legitimate and curiosity-piquing labels, and waits for victims.
Diversion theft
Diversion theft is a “con” exercised by professional thieves, normally against a transport or courier company. It is also known as the “Corner Game” or “Round the Corner Game”.The objective is to persuade the persons responsible for a legitimate delivery that the consignment is requested elsewhere — hence, “round the corner”. Then the goods that are being delivered can be easily stolen by those thieves.
Honey trap
A honey trap is an attack in which the social engineer pretends to be an attractive person to interact with their victim online,they will fake an online relationship and gather sensitive information through that relationship.
Keylogger
Keyloggers track the keystrokes to intercept passwords and other sensitive information typed in through the keyboard. This gives hackers the benefit of access to PIN codes and account numbers, passwords to online shopping sites, email ids, email logins, and other confidential information, etc. A keylogger can be installed when a user opens a link or attachment in a phishing email, or through a webpage script on a malicious website.
Pharming
Pharming is the impersonation of an authorized website in an effort to deceive users into entering their credentials. Pharming misdirects users to a fake website that appears to be official. Victims then enter their personal information thinking that they connected to a legitimate site.
Phishing
Phishing is a form of fraud. Cyber criminals use email, instant messaging, or other social media to try to gather information such as login credentials by masquerading as a reputable person. Phishing occurs when a malicious party sends a fraudulent email disguised as being from an authorized, trusted source.
Pretexting
Pretexting is when one party lies to another to gain access to privileged data. For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.
Quid pro quo (something for something)
An attacker calls random numbers at a company, claiming to be calling back from technical support. Eventually this person will hit someone with a legitimate problem, grateful that someone is calling back to help them. The attacker will “help” solve the problem and, in the process, have the user type commands that give the attacker access or launch malware.
Ransomware
Ransomware is most commonly delivered by an email, which encrypts the victim’s data. To get their data restored the cyber criminal demands a ransom. In 2016 ransomware increased by 6000% with majority of the victims paying the attackers to attempt to recover their data.
Scareware
Scareware is when a victim is tricked into thinking their computer is infected with a virus, the cyber criminal then offers the victim a solution to fix their apparently infected computer. However the fix is malware that the victim downloads and installs.
Smishing (SMS phishing)
Smishing is a phishing attack using SMS. Cyber criminals send out bulk SMS messages impersonating an authentic source to gain the trust of the victim. A smishing attack would send the victim a website link that once clicked will install malware on their mobile phone.
An example of a smishing attack
Social Engineering
Social engineering is a form of attack that relies on human interaction. A social engineer will manipulate their victim into breaking normal security measures to gain access to their system or network. These attacks are done for the attackers personal gain.
Spam (junk mail)
Spam is a method of advertising but can contain harmful links, malware or misleading content. The goal of such emails is to gain access to private information like login details or banking information.
Spear Phishing
Spear phishing is a more direct form of phishing. A spear phishing attack is customised to a specific individual or organisation. Cyber criminals will spend a lot of time researching their victim to make their emails seem legitimate.
Spoofing
Spoofing is the practice of using fraudulent email addresses and domains that look similar to a trusted individual. Spoofing can be done on an individuals account (joesoap@mycompany.co.za vs joe.soap@mycompany.co.za) or on the company domain (joesoap@mycompany.co.za vs joesoap@my.company.co.za)
Tabnabbing
Tabnabbing is a computer exploit and phishing attack, which persuades users to submit their login details and passwords to popular websites by impersonating those sites and convincing the user that the site is genuine.
Tailgating
Tailgating, or piggybacking, is when a cyber criminal enters a secured building behind somebody who has an access card. This attack relies on the other person being respectful enough to hold the door open for the person behind them.
Vishing
Vishing or voice phishing, uses voice communication to obtain personal information or banking information from their victims. This can also be done with a pre-recorded message.
Water holing
Water holing is when a cyber criminal targeta a specific group pf people by infecting websites they frequently visit and trust. This is done to gain access to their network.
Whaling
Whaling is when the attacker poses as a CEO or another individual in power in a company and sends an email to the victim who is in charge of financial transactions. The email will ask the victim to make an immediate payment to a fake account.
Zero-Day Exploits
Zero-day attacks are done when software has a weakness that the developer isn’t aware of. The weakness is exploited before it can be fixed. These attacks are normally delivered by email.