Top 21 Emerging Cyber Threats and How They Work

June 7, 2022 — Cyber attacks, hacking, and data breaches are a growing threat. Yet, many companies could have prevented these threats with a bit of risk management and a proactive approach to digital security.

Whether you’re going through a digital transformation or worried about data protection, these are the emerging cyber threats that you need to beware of.


Forrester report showed that 94% of organizations suffered some type of cyber attack in 2020 alone. Even worse is that three-quarters of those attacks were due to a vulnerability caused by a technology put in place during the pandemic.

Data breaches cost businesses on average $4.24 million in 2021 [*]. And in breaches where remote work was a driving factor, the average cost was $1.07 million higher.


  1. Malware: a combination of the words malicious and software  is an umbrella term used to refer to software that damages computers, websites, web servers, and networks. While malware isn’t a new threat, hackers are constantly capitalizing on new approaches. This includes ransomware, viruses, spyware, and trojans. Once installed, malware can deny access to your network, secretly obtain sensitive data, and even destroy your system.
  2. Ransomware: is a type of malware that involves extortion. Hackers prevent users from accessing data, threatening to publish or delete it until a ransom is paid. Hackers take control of a victim’s computer when they click links or download attachments that contain malware.
  3. Cryptojacking: uses your computer to secretly “mine” cryptocurrencies such as Bitcoin and Ethereum. While not an immediate threat, it can slow down your devices significantly. Hackers use phishing emails or other methods to get you to click a link that then downloads the cryptojacking malware to your device.
  4. Viruses: are malicious pieces of code that damage your device and can replicate and spread between hosts. Much like flu viruses that can’t replicate without a host, computer viruses can’t spread without a host file or document. Once a virus successfully attaches to a host file or document, it can lay dormant until circumstances “trigger” it to execute its code. Once it does activate, the virus can spread across computers or even across corporate networks.
  5. Trojans: named after the famed Trojan horse, this type of malware uses helpful software as a backdoor to gain access and exploit a computer or network. Trojans are widely used to steal credit card information. Users click on a link that hides the Trojan malware or unknowingly download it along with legitimate software. Once the file is clicked and opened, the download proceeds to install malware onto the device.
  6. Worms: are self-contained malware that spread through other files and programs on their own. Unlike viruses which require a host, worms are standalone programs that can “wiggle” through your network. Worms are often sent through email attachments — they duplicate themselves and send a copy to all contacts in the hacked email list. Attackers can use worms to overload servers and achieve distributed denial of service (DDoS) attacks.
  7. Spyware: is a type of malware installed to collect information about users, including their system or browsing habits. There are several different types of spyware to beware of. For example, Infostealers steal your information from browser forms. While Keyloggers record your keystrokes to catch sensitive data. Spyware is distributed in many ways — links, phishing emails, pop-ups, infected ads, or even poisoned links on Google search.Once a user clicks on the link, their data is sent remotely to an attacker. The information is then used to blackmail the victim or install other malicious programs.
  8. Adware: displays unwanted ads on your computer. It can also change your browser homepage or even add unwanted plugins and other spyware. While adware isn’t quite a virus and isn’t as problematic as other code floating around the internet, you still need to remove it from your computer. Not only is it bothersome, but it could also cause other device issues down the line. Adware can come from either downloading it by mistake or getting it from a malicious website. Once it’s downloaded and installed, adware immediately starts tracking your web activity. One indicator that you’ve been infected is constant pop-up advertisements.
  9. Drive-By Downloads: are programs that install on your devices without your consent. These include bundled software and unintentional downloads of any files. Drive-by downloads often take advantage of apps, operating systems, software, or web browsers that haven’t been updated. They can use any website as a delivery method for corrupted files. Just like other malware, drive-by downloads enter your computer unintentionally. You don’t have to click on or download anything for your computer to be infected — it just happens when you visit an infected website.
  10. IoT Device attacks: Internet of Things (IoT) devices are common targets for bad actors as they don’t have space to run proper security systems and often store sensitive information like log-in details and passwords. Hackers exploit the weak security and constant connectedness of IoT devices to gain access to them. Once they install malware, hackers can link devices together and launch DDoS attacks. These attacks attempt to knock out networks by flooding them with traffic. IoT devices such as smart speakers can also act as a weak point in your network. Once hackers are in, they can gain access to your entire system.
  11. Wipers — or wiper malware: damage organizations by wiping as much data (if not all) as possible. Unlike ransomware which has financial motives, wiper attacks are purely disruptive. Criminals may also use wiper attacks to cover the tracks of separate data thefts.Wipers often target files, backups, and the system boot section. Normally, hackers override files to destroy them, but they don’t do this in wiper attacks because it’s time-consuming. Instead, hackers write a certain amount of data at intervals which destroys files randomly.
  12. Cross-Site Scripting (XSS): hackers insert malicious scripts into a website with the intent of stealing users’ identities through session tokens, cookies, and other information. The malicious code is usually JavaScript but can include Flash or HTML. XSS often occurs when users log onto a web application’s session. Victims unintentionally click on the content because they think it’s legitimate. But little do they know that the attacker altered the executed script, making XSS harmful and dangerous.
  13. Phishing: has been around for years, but is consistently one of the most common ways hackers try to scam you online. It involves sending messages that seem to be from a trusted source to gain personal information or scam you into downloading malware. Phishing attacks can occur via email, text (known as “smishing), phone calls, fake websites, and social networks. Hackers use a combination of social engineering tactics to gain your trust. Then, they send messages containing malware or a link to a fake site designed to steal your information.COVID-19 scams (like PPP fraud) and phishing schemes have been especially prevalent in the past few years [*]
  14. Whale and spear phishing: is a phishing attack in which the prime targets are senior executives (aka the “big fish”). While spear phishing is a similar attack that hyper-targets a specific company or individual. In whaling, attackers impersonate high-level executives to try and steal sensitive data. In spear phishing, criminals research victims on LinkedIn or other social media sites and pose as a trusted source to gain access to their data.
  15. Pharming: is when cybercriminals capture user credentials through a fake landing page. There are two types of pharming: malware and DNS cache poisoning. Malware-based pharming uses trojan horses to direct you to a fake website. For example, you’ll get a link to enter your credentials on your banking site. But the link routes you to a fake (yet believable) landing page designed to steal your information. With DNS cache poisoning, hackers exploit your DNS server. So even if you enter the URL of your banking site, you’ll still be redirected to the fake website without your knowledge.
  16. SQL Injection Attacks: An SQL injection attack (SQLI) is typical in database-driven websites. SQL attacks happen when attackers inject code into a website or server database to steal money, change data, or erase web activity. Hackers find vulnerable website fields such as contact forms and insert malware. Once the SQL query is inserted into the website, the attacker can execute malicious commands on the database.
  17. Denial of Service (DoS): is a website attack where attackers overwhelm a system or network with internet traffic. A variation of DoS attacks is the distributed denial of service (DDoS) attacks. With DDoS attacks, hackers infect computers on the network with malware to turn them into bots. Attackers control the bot network (or botnet) by sending instructions remotely. Some hackers even use artificial intelligence (AI) technologies for automation purposes. DDoS attacks result in a server overflow or network error. It can be challenging to separate DDoS traffic from regular traffic.
  18. Brute Force Attacks: are a type of cryptographic attack where hackers use software to repeatedly guess your login credentials. One in five networks have experienced a brute force attack.Hackers attempt to access an account by trying different passwords until they guess the right one. When you’re against hackers with a powerful computing engine or control over an extensive botnet, it can pose a problem. Some warning signs that you’re under a brute force attack include:
    • The same IP address trying to log in multiple times.
    • Many IP addresses try to log into a single account.
    • Multiple unsuccessful login attempts being made from different IP addresses in a short period.
  19. Man-in-the-Middle Attacks (MitM):  are a type of “shoulder surfing”  where hackers eavesdrop on your connection. Hackers intercept data transfers between a server and a client to steal data and manipulate traffic. Attackers insert themselves through an IoT device or exploit unsecured public Wi-Fi.
  20. Insider Threats: are security risks that begin within the targeted organization. It often involves a current or former employee with administrator privileges or access to sensitive information. Insider threats have increased by 47% over the last two years [*], making them an emerging cyber threat. Insider threats occur when someone with authorized access misuses their access. Insider threats can be intentional or unintentional. Unintentional threats occur when a negligent employee falls victim to malware or phishing scams. Most security operations focus on external threats. But the best course of action for limiting insider threats is restricting employee access to systems they need for work.
  21. Zero-Day Attacks: Zero-day attacks happen to websites with newly-discovered security vulnerabilities.​​The term ‘zero-day’ alludes to web developers recently discovering the flaw, which means they have had zero days to fix it. Attackers jump to take advantage of the small time frame in which the device or program is vulnerable. Preventing zero-day attacks requires constant monitoring and proactive detection.

Read more about these threats with real-life examples here. 


Courtesy of Christopher Bray, Aura