Self-paced

Explore our extensive collection of courses designed to help you master various subjects and skills. Whether you're a beginner or an advanced learner, there's something here for everyone.

Bootcamp

Learn live

Join us for our free workshops, webinars, and other events to learn more about our programs and get started on your journey to becoming a developer.

Upcoming live events

Learning library

For all the self-taught geeks out there, here is our content library with most of the learning materials we have produced throughout the years.

It makes sense to start learning by reading and watching videos about fundamentals and how things work.

Search from all Lessons

LoginGet Started
← Back to Lessons
Edit on Github

Common Threats and Attacks

Cyber threats, cyber incidents, cyber-attacks. The daily struggle against these three is routine for cybersecurity professionals, and it's time for you to learn about the most common cyber threats and attacks.

Difference between Cyber Threat and Cyber Attack

The difference between a cyber threat and a cyber attack lies in their nature and stages:

Cyber ThreatCyber Attack
A cyber threat refers to any event or circumstance that has the potential to compromise the security of a system, network, or data.A cyber attack is a deliberate and malicious act directed at a system, network, or data to cause harm, theft, disruption, or compromise.
Cyber threats are potential dangers or vulnerabilities that can be exploited by cybercriminals to carry out a cyber attack.Cyber attacks are specific actions taken by cybercriminals to exploit a cyber threat and achieve a malicious objective.
Cyber threats can be internal or external and may include software vulnerabilities, human errors, lack of security patches, and more.Cyber attacks can include activities such as malware, phishing, ransomware, unauthorized access, and denial of service (DoS), among others.

The 10 Common Cyber Threats:

  1. Software Vulnerabilities: Errors and weaknesses in software that can be exploited by attackers.
  2. Obsolete Software or Hardware: Outdated software may have security flaws against new attacker technologies.
  3. Weak or Open Access WiFi Networks: Equivalent to leaving the office door open. A WiFi network with a weak or no password is an open door for any user, including attackers.
  4. Social Engineering: Involves psychological manipulation and blackmail to deceive people and obtain unauthorized information or access. It is considered a threat or a cyber attack depending on the context. Any attempt at psychological manipulation can have potential risks if executed by the attacker.
  5. Unnecessarily Open Ports or Unmonitored Networks: In week 2, you learned about network fundamentals and what protocols and services can do. A network without proper monitoring can be an attack channel for a cybercriminal.
  6. Weak Passwords: More susceptible to brute force attacks. A brute force attack involves attempting to guess the password using dictionaries and offensive security tools.

The 10 Most Common Cyber Attacks:

  1. Ransomware: A type of malware that encrypts a system's information and demands a ransom (money) for its release; essentially, it is a kidnapping of information.
  2. Phishing: Sending fake emails to steal confidential information.
  3. Zero-Day Attack: Exploitation of software vulnerabilities before patches are known and published.
  4. Man-in-the-Middle (MitM) Attack: Interception and manipulation of communication between two parties.
  5. Brute Force Attack: Repeated attempts to guess passwords.
  6. SQL Injection Attack: Insertion of malicious SQL code into web applications.
  7. Denial of Service (DoS/DDoS) Attack: Saturating servers or networks to disable services.
  8. Identity Spoofing Attack: Deceiving systems or users by pretending to be another entity.
  9. Data Exfiltration Attack: Unauthorized theft and transfer of sensitive data.
  10. Unauthorized Access Attack: Infiltration into systems or networks without permission.