Skip to content

31 - Threats and Attacks

In cyberspace, we are constantly facing threats and attacks. When we understand their nature, we can more easily divide them into categories, which is because not everything is always purposeful. Sometimes they just are unintentional and untargeted.

Unintentional vs. Intentional threats

Threats can be divided into two different categories, namely unintentional and intentional. How these are distributed depends entirely on the user's actions. You find an example on human and technical viewpoints below.

People Threat
Unintentional, insider-originated security breaches are the result of simple negligence, inattention, or lack of education. Unintentional mistakes such as a system administrator errors, operator errors and programming errors for example, are common.
Intentional acts can be overt and direct actions (e.g. when an employee with access to customer credit card information sells it to third party) or can be from individuals who use covert technical means.

Hence, we need to think first if a threat is intentional or not. Usually these people threats are unintentional, and their main reason is lack of education. We cannot ignore this, because insider threats are with us every day. It depends on what a person thinks and what are their values. Imperva - Insider threat is recommend addiotional reading material.

Three types of risky behavior explained

Technical threats are usually more technical, but there are also people included. So, people and technical threats are almost the same thing; however, this viewpoint helps to split unintentional and intentional threats to smaller areas.

Technical Threats
Unintentional, innocent, or negligent technical threats include software bugs that occur during the programming of a computer system, and system configuration errors, such as the use of improper settings or parameters when software is installed.
Intentional and malicious technical threats typically involve the use of computer code or other technical devices designated to cause trouble, including software bugs intentionally added to computer programs, malicious software modifying or destroying data – such as viruses, worms, and Trojan horses, back doors allowing unauthorized access to a system, eavesdropping programs designed to copy and transmit communications or other information, network spoofing, denial of service attacks, password cracking, email hijacking, packet replay and packet modification.

More information: Unintentional Insider Threats: A Foundational Study


Targeted vs. Untargeted Attacks

When discussing cyber attacks, you may hear us and others refer to targeted, or untargeted cyber attacks, when describing the type of attack. But what do these two terms actually mean? As the name suggests, an untargeted attack is a cyber-attack which has not be tailored to its victim. With a targeted scam, the crook will have done some sort of research to find out information about the victim or the company they work for, and they will use the information they find to make their scam more convincing or more effective.

In untargeted attacks, attackers indiscriminately target as many devices, services, or users as possible. They do not care who the victim is as there will be a number of machines or services with vulnerabilities. To do this, they use techniques that take advantage of the openness of the Internet including:

  • Phishing - sending emails to large numbers of people asking for sensitive information (such as bank details) or encouraging them to visit a fake website
  • Water holing - setting up a fake website or compromising a legitimate one in order to exploit visiting users
  • Ransomware - which could include disseminating disk encrypting extortion malware
  • Scanning - attacking wide swathes of the Internet at random

In a targeted attack, your organization is singled out because the attacker has a specific interest in your business or has been paid to target you. The groundwork for the attack could take months so that they can find the best route to deliver their exploit directly to your systems (or users). A targeted attack is often more damaging than an un-targeted one because it has been specifically tailored to attack your systems, processes, or personnel, in the office and sometimes at home. Targeted attacks may include:

  • Spear-phishing - sending emails to targeted individuals that could contain an attachment with malicious software or a link that downloads malicious software
  • Deploying a botnet - to deliver a DDOS (Distributed Denial of Service) attack
  • Subverting the supply chain - to attack equipment or software being delivered to the organisation

Source: How cyber attacks work


Enisa Threat taxonomy

Threat taxonomy is a classification of threat types and threats at various levels of detail. The purpose of such a taxonomy is to establish a point of reference for threats encountered, while providing a possibility to shuffle, arrange, amend, and detail threat definitions. To this extend, a threat taxonomy is a living structure that is being used to maintain a consistent view on threats on the basis of collected information.

The current version of Enisa threat taxonomy has been developed over the past years as an internal tool used in the collection and consolidation of threat information. When collecting information on various threats, it is very convenient to store similar things together. To this extent, a threat taxonomy has been generated. It is worth mentioning that the initial structure has been updated/consolidated with various sources of threat information. Most of the threat information included was from existing threat catalogues in the area of information security and in particular risk management. Besides the references mentioned in the introduction section, an overview of further threat catalogues can be found here. Hence, besides cyberthreats the Enisa threat taxonomy also contains physical threats that can cause harm to information technology assets. Yet, due to the focus of Enisa work in the area of cyber-space, the threat taxonomy presented has a better maturity in the field of cyber-threats.

Developed threats taxonomy consist of following fields:

  • High level threats: This is the top-level threat category, used mainly to discriminate families of threats.
  • Threats: this field indicates the various threats within a category.
  • Threats details: In this field details of a specific threat are being described. Threat details are based on a specific attack type/method or targeting a specific IT asset.

More information can be found:


Other Threat Catalogues

In addition to Enisa, there are other threat catalogues. Each one is quite similar, so basically you need to check these out and select the best one for you to use.