Common Cyber Threats

Malware: The Digital Virus

• Viruses: Self-replicating programs that attach to files and spread
• Worms: Self-propagating malware that spreads through networks
• Trojans: Malicious programs disguised as legitimate software
• Ransomware: Encrypts files and demands payment for decryption
• Spyware: Secretly monitors user activity and collects data
• Adware: Displays unwanted advertisements and can be malicious

Social Engineering: The Human Factor

• Phishing: Fraudulent emails pretending to be from trusted sources
• Pretexting: Creating false scenarios to obtain information
• Baiting: Using physical media to spread malware
• Quid pro quo: Offering something in exchange for information
• Tailgating: Following authorized personnel into restricted areas
• Vishing: Voice phishing over phone calls

Network Attacks: Targeting Connections

• DDoS: Overwhelming servers with traffic to make them unavailable
• Man-in-the-middle: Intercepting communication between two parties
• Eavesdropping: Listening to network traffic to steal information
• Spoofing: Impersonating legitimate entities or devices
• Packet sniffing: Capturing and analyzing network data
• DNS poisoning: Redirecting traffic to malicious websites

Real-World Threat Examples

How to Spot a Phishing Email

• Urgent language: Subject lines containing words like 'URGENT', 'Act Now', 'Immediately', or 'Limited Time' are designed to create panic and bypass your critical thinking
• Suspicious sender: The email address doesn't match the organization it claims to represent, or it uses a generic 'noreply' address
• Shortened or mismatched links: URLs using services like bit.ly or tinyurl, or links whose displayed text doesn't match the actual destination
• Grammar and formatting errors: Excessive capitalization, multiple exclamation marks, or obvious spelling mistakes — signs of hastily crafted scam emails
• Requests for personal information: Legitimate companies never ask for passwords, Social Security numbers, or credit card details via email
• Threatening consequences: Messages warning that your account will be closed, legal action will be taken, or you must respond immediately

Example: Suspicious vs. Legitimate Email

Threat Evolution: How Attacks Change

• 2000s: Simple viruses and worms
• 2010s: Sophisticated malware and APTs
• 2020s: AI-powered attacks and supply chain compromises
• Future: Quantum computing threats and IoT attacks
• Adaptation: Attackers constantly evolve their techniques

Interactive Exercise: Threat Identification

Threat Scenarios to Identify

• Scenario 1 — You receive an email claiming to be from your bank asking you to click a link to verify your account. → This is a Phishing attack — an attempt to steal your banking credentials by impersonating a trusted institution
• Scenario 2 — Your computer suddenly displays a message saying all your files are encrypted and you must pay $500 in Bitcoin to unlock them. → This is Ransomware — malware that encrypts your files and demands payment for the decryption key
• Scenario 3 — You notice your computer is running very slowly, the fan is constantly running, and your battery drains unusually fast. → This likely indicates Malware running in the background — secretly using your system resources
• Scenario 4 — Someone calls claiming to be from tech support and asks for your password to 'fix a problem'. → This is Social Engineering — legitimate tech support teams never ask for your password over the phone
• Scenario 5 — While browsing the internet, you suddenly see dozens of pop-up advertisements appearing on every page. → This is Adware — a type of malware that displays unwanted advertisements and may track your browsing habits