Threats to cyber security and data breaches come in many shapes and sizes; from malware and phishing attacks, to social engineering and DoS attacks, our guide shares all you need to know about common cyber security attacks. 

What is cyber security? 

Cyber security involves protecting computer systems, software codes, networks and data from theft, damage or unauthorised access. The role of cyber security in modern life is increasingly important, where technology is all around us and threats are almost unavoidable. 
 
Professionals in field of cyber security work together to predict, prevent and investigate cyberattacks, under the umbrella heading of ‘digital forensics’. Much like a regular forensics team, digital forensics apply scientific techniques to investigate, collect, preserve and analyse evidence, most often to be presented in a court of law.

You can explore the differences between cyber security and digital forensics here, as well as discovering some of the key roles professionals play in this area. 

Most common cyber security threats 

The sorts of cyber security threats that digital forensic teams would aim to predict prevent and investigate are wide-ranging. Here are some of the most common:

Malware attacks 

Malware attacks involve the use of malicious software (most commonly known as malware), to execute unauthorised actions and harm or exploit any programmable device, service or network. 
 
‘Malware’ is a broad term that includes various types of malicious software designed to harm or exploit devices and systems, including ransomware, trojans, viruses, worms, spyware, fileless malware and adware. You can read more about the types of malware here.  
 
Cyber criminals use malware for multiple of reasons, with some of the most common including identity theft, stealing credit card or financial data, mining bitcoin and other cryptocurrencies and launching denial-of-service attacks against other networks. 
 
Slow computer performance, browser redirects, frequent pop-up ads and issues with shutting down or starting up are all signs that a system may have been a victim of a malware attack. 

Phishing attacks 

Not dissimilar to a malware attack, a phishing attack is another type of cyber-attack, but is a little more deceptive and overt in its approach. In a phishing attack, the attacker masquerades as trustworthy to gain access to sensitive information, such as login details, and financial and personal data.  
 
These attacks mostly come veiled as friendly emails and messages, designed to trick the victim into thinking sharing details will benefit them in some way. Cyber criminals often carry out phishing attacks which appear legitimate via emails, fake websites, email spoofing, SMSs and phone calls, with attackers tailoring their messaging to specific individuals or organisations, making the attack more convincing.

Looking out for spelling and grammatical errors, inconsistencies with email addresses and site links, suspicious attachments in emails and threats or an unusual sense of urgency are all signs of phishing attacks to look out for. 

DoS and DDoS attacks 

A Denial-of-Service (DoS) attack or a Distributed Denial-of-Service (DDoS) attack, are types of cyber-attacks aimed at overwhelming an online service and rendering it unusable. This type of cyber threat is most often aimed at high profile websites, with a goal of causing mass disruption to legitimate users.

Password attacks 

Password attacks involve cracking or guessing passwords to maliciously authenticate into password-protected accounts. Google Support’s guidance suggests that creating strong, unguessable passwords using capital letters, lower case letters, numbers and symbols, that are different for all different accounts, is one way to avoid a password attack.

Social engineering attacks

Social engineering is the term used for a broad range of malicious activities achieved through human interactions, where human feelings are manipulated with an aim of obtaining data. Social engineering attacks use psychological manipulation to trick users into making security mistakes or giving away sensitive information.

False promises, false alarms, fictitious threats and the perpetrator pretending to need sensitive information from a victim so as to perform a critical task, are all examples of social engineering attacks. 

How an MSc in Cyber Security and Digital Forensics can benefit you