Cyber threats can be both terrifying and exciting. As you explore Hack The Box’s Pro Labs, Hacking Labs, and our HTB Academy content, you will learn about a wide variety of real world cyber threats, hands on.
But in this post, I want to get back to the basics. What are cyber threats? Let’s explore some important cyber threat theory.
Cyber threats are any security risk to a computer or computer network. When the people who are supposed to use some data are using it, all is well and good. When people who aren’t supposed to use some data, such as cyber attackers, abuse it, those are cyber threats.
Let’s jump into the nitty gritty of the topic.
The CIA Triad
All cyber threats impact one or more components of the CIA Triad. No, this CIA isn’t an American intelligence agency. It’s a central principle in cybersecurity theory! CIA stands for confidentiality, integrity, and availability.
Confidentiality is all about making sure that data is only accessible to authorized entities. So when there’s a data breach, that’s a massive cyber threat impacting confidentiality. Spyware, malware that’s designed to spy on a user, is another major confidentiality concern.
Integrity is all about making sure only authorized entities can alter data, by changing it or adding to it. If a cyber attacker acquires access to a software library and puts malicious code into it, that’s a cyber threat to integrity. Cryptographic hashing and code signing are some of the ways we can defend against integrity cyber threats.
Availability is all about making sure that data assets and applications are available when we need them. When a distributed denial of service attack (DDoS) puts a web server offline, that’s a classic cyber attack to availability. If someone sneaks into a datacenter and steals a bunch of hard drives that contains data the organization needs in order to operate, that’s another availability attack. And if the attacker manages to crack the encryption on those drives, then it becomes a confidentiality attack as well.
That segues nicely into my next point. Often cyber attacks will affect more than one component of the CIA Triad. Newer strains of ransomware which target enterprises and institutions not only encrypt data with a key the victim cannot access without paying a ransom, they also threaten to breach the same data. So that’s availability and confidentiality. Some of the modular malware that targets Android phones have modules for spyware, ransomware, and cryptomining malware. So confidentiality is threatened by the spyware, integrity is threatened because some files on the victim’s phone are altered, and availability is threatened by the ransomware, and perhaps by the cryptominer if it overwhelms the device’s memory to the extent that the victim cannot use their phone.
External cyber threats
External cyber threats include the classic types of cyber attacks people usually think about. Any cyber threat that originates from outside of a targeted organization is external.
If an Advanced Persistent Threat (APT) group or other sort of cyber crime group targets a bank to steal their financial data, that’s definitely an external cyber threat. As long as the people who are doing the cyber attacking don’t work for the targeted entity, it’s external.
The large majority of cyber threats are financially motivated, especially external cyber threats. These cyber criminals just want to make money. They could make money by stealing sensitive data and selling it on the Dark Web. They could deploy cryptominers to generate cryptocurrency. They could deploy ransomware, hoping to extort the victim into paying them a ransom. The motives of these attacks are easy to understand because money makes the world go round. You can’t live without money, and having a lot of it can make you powerful.
Most external cyber threats that aren’t financially motivated fall into the hacktivism category. Hacktivism is when a person or a group of people engage in cyber attacks for politically motivated reasons, not to make money. For example, a fur coat retailer has an online store. Hacktivists who belong to an animal rights’ organization vandalize the site’s webpages to say “meat is murder.” They don’t make any money from the attack. They’re simply making a point to promote their ideology.