Cisco Blogs


Cisco Blog > Small Business

The 10 most common security threats explained

It’s a dangerous world out there in the World Wide Web. Just as your mother may have told you to never talk to strangers, the same advice holds true for the virtual world. You may know to be wary of giving strangers your business bank account details. But can you be sure the website you’re logging into is that of your bank and not a forgery created by a cybercriminal?Cybercriminals use many different methods to lure you into parting with your confidential personal or business information. As a small company doing business on the web, you need to be aware of these methods so you can be extra vigilant when online.

Here’s a quick explanation of some of the common security threats you may come across:

Malware: Malware is short for “malicious software.” Wikipedia describes malware as a term used to mean a “variety of forms of hostile, intrusive, or annoying software or program code.” Malware could be computer viruses, worms, Trojan horses, dishonest spyware, and malicious rootkits—all of which are defined below.

Computer virus: A computer virus is a small piece of software that can spread from one infected computer to another. The virus could corrupt, steal, or delete data on your computer—even erasing everything on your hard drive. A virus could also use other programs like your email program to spread itself to other computers.

Rogue security software: Have you ever seen a pop-up window that advertises a security update or alert? It appears legitimate and asks you to click on a link to install the “update” or “remove” unwanted malicious software that it has apparently detected. This could be rogue security software designed to lure people into clicking and downloading malicious software. Microsoft has a useful webpage that describes rogue security software and how you can protect yourself.

Trojan horse: Users can infect their computers with Trojan horse software simply by downloading an application they thought was legitimate but was in fact malicious. Once inside your computer, a Trojan horse can do anything from record your passwords by logging keystrokes (known as a keystroke logger) to hijacking your webcam to watch and record your every move.

In February 2010, a Guardian Analytics and Ponemon Institute study of 500 small businesses in the U.S. found that 55 percent of respondents experienced a fraud attack in the last 12 months. The study reports that “…[w]ell-funded cyber criminals executed a full-scale assault on authentication, leveraging widespread infection of end-user computers with banking Trojans to sneak into online banking accounts completely undetected.”

Malicious spyware: Malicious spyware is used to describe the Trojan application that was created by cybercriminals to spy on their victims. An example would be keylogger software that records a victim’s every keystroke on his or her keyboard. The recorded information is periodically sent back to the originating cybercriminal over the Internet. Keylogging software is widely available and is marketed to parents or businesses that want to monitor their kids’ or employees’ Internet usage.

Computer worm: A computer worm is a software program that can copy itself from one computer to another, without human interaction. Worms can replicate in great volume and with great speed. For example, a worm can send copies of itself to every contact in your email address book and then send itself to all the contacts in your contacts’ address books.

Because of their speed of infection, worms often gain notoriety overnight infecting computers across the globe as quickly as victims around the world switch them on and open their email. This happened with the Conficker worm (also known as Downadup), which, in just four days, had more than tripled the number of computers it infected to 8.9 million.

Botnet: A botnet is a group of computers connected to the Internet that have been compromised by a hacker using a computer virus or Trojan horse. An individual computer in the group is known as a “zombie“ computer.

The botnet is under the command of a “bot herder” or a “bot master,” usually to perform nefarious activities. This could include distributing spam to the email contact addresses on each zombie computer, for example. If the botnet is sufficiently big in number, it could be used to access a targeted website simultaneously in what’s known as a denial-of-service (DoS) attack. The goal of a DoS attack is to bring down a web server by overloading it with access requests. Popular websites such as Google and Twitter have been victims of DoS attacks.

Spam: Spam in the security context is primarily used to describe email spam —unwanted messages in your email inbox. Spam, or electronic junk mail, is a nuisance as it can clutter your mailbox as well as potentially take up space on your mail server. Unwanted junk mail advertising items you don’t care for is harmless, relatively speaking. However, spam messages can contain links that when clicked on could go to a website that installs malicious software onto your computer.

Phishing: Phishing scams are fraudulent attempts by cybercriminals to obtain private information. Phishing scams often appear in the guise of email messages designed to appear as though they are from legitimate sources. For example, the message would try to lure you into giving your personal information by pretending that your bank or email service provider is updating its website and that you must click on the link in the email to verify your account information and password details.

Rootkit: According to TechTarget, a rootkit is a collection of tools that are used to obtain administrator-level access to a computer or a network of computers. A rootkit could be installed on your computer by a cybercriminal exploiting a vulnerability or security hole in a legitimate application on your PC and may contain spyware that monitors and records keystrokes.

Rootkits gained notoriety when, in 2005, a security blogger discovered that a copy-protection tool inside music CDs from Sony BMG Music Entertainment was secretly installing a rootkit when users copied the CD onto their computers. At the time, security expert Bruce Schneier warned that the rootkit could allow a hacker to “gain and maintain access to your system and you wouldn’t know it.”

These are perhaps the most common security terms you’ll come across to describe the different methods cybercriminals use. You can find more useful information about security terms and examples of security threats in the Cisco 3Q10 Global Threat Report.

Are there other security terms that you’ve heard of or threats you’ve encountered that we haven’t listed here? Let us know.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

2 Comments.


  1. Amazingly insightful article. If only it was as easy to implement some of the solutions as it was to read and nod my head at each of your points :P

       0 likes

  2. Patrick Gray

    While we have a host of technical solutions to the problems enumerated above, the biggest vector for the importation of all things bad remains the uninformed users within our enterprises. The security of our networks is only as good as those who manage the networks and those who use the network. Security awareness is an ongoing process and will lead to greater security at the root of these problems. We are so “quick to click”. An educated workforce is a must.

       0 likes