Cybersecurity

Security Threats
Cybersecurity threats and hazards pose significant risks to
individuals, businesses, and governments, as attackers exploit
vulnerabilities to gain unauthorized access, steal sensitive data,
or disrupt systems. Cyber threats are deliberate attacks targeting
the confidentiality, integrity, or availability of digital systems.
Among these threats, malware remains one of the most
damaging, with different types such as viruses, worms, Trojans,
ransomware, spyware, and rootkits (Steve Snyder, 2023) .
Malware is malicious software designed to disrupt, damage, or
gain unauthorized access to systems. Viruses attach themselves
to files and spread when executed, while worms propagate
through networks without user intervention. Trojans disguise
themselves as legitimate software but contain hidden threats.
Ransomware encrypts files and demands payment for decryption,
and spyware secretly collects sensitive user data. Rootkits allow
attackers to maintain persistent access while evading detection.
Ransomware, as seen in the 2017 WannaCry attack, which
affected over 300,000 computers worldwide. Another major threat
is phishing, where attackers trick users into revealing login
credentials, financial details, or personal information by
impersonating trusted sources. For safety Install and regularly
update antivirus and anti-malware software. Enable automatic
updates to patch vulnerabilities in operating systems and
applications. Use application whitelisting to prevent unauthorized
software execution. Regularly backup important data and store it
offline to mitigate ransomware risks.

Phishing is a deceptive attack where cybercriminals trick users

into revealing sensitive information by pretending to be trusted
entities. Email phishing is the most common, often impersonating
banks or IT services. Spear phishing is highly targeted, using
personal details to appear more legitimate. Whaling specifically
targets executives or high-profile individuals. Smishing (SMS
phishing) and vishing (voice phishing) use text messages or
phone calls to manipulate victims. With notable example being
the COVID-19 phishing campaigns in 2020 that targeted sensitive
medical and financial data. Educate employees on phishing red
flags, such as urgent requests and suspicious links. Use email
filtering solutions to detect and block phishing emails. Implement
Multi-Factor Authentication (MFA) to prevent unauthorized access
even if credentials are stolen. Verify sensitive requests through a
secondary communication channel before acting.

DoS and DDoS attacks flood a server or network with excessive

traffic, causing slowdowns or complete service disruptions.
Attackers often use botnets (networks of compromised devices)
to amplify attacks (Jiri Kohout, 2022) . A well-known incident was
the 2016 Mirai botnet attack on Dyn DNS, which disrupted major
services like Twitter, Netflix, and PayPal. Deploy DDoS protection
services like Cloudflare, Akamai, or AWS Shield. Use rate limiting
and Web Application Firewalls (WAFs) to filter malicious traffic.
Implement traffic analysis tools to detect unusual spikes in
requests. Work with Internet Service Providers (ISPs) to block
attack sources. SQL injection is a cyberattack where attackers
manipulate database queries by injecting malicious SQL code,
leading to unauthorized access, data breaches, or even deletion
of entire databases. Attackers exploit poorly secured input fields
in web applications. A prime example is the 2008 Heartland
Payment Systems breach, which exposed 134 million credit card
details. Use parameterized queries and prepared statements to
prevent direct SQL execution. Regularly conduct code audits and
penetration testing to identify vulnerabilities. Implement Web
Application Firewalls (WAFs) to block SQL injection attempts.
Restrict database access with least privilege permissions.

Additionally, MitM attacks occur when an attacker secretly

intercepts and alters communication between two parties.
Common MitM techniques include WiFi eavesdropping, HTTPS
spoofing, and session hijacking. Attackers often create fake public
WiFi hotspots to steal login credentials, particularly for banking
websites. Use end-to-end encryption (E2EE) for secure
communications. Enforce HTTPS-only connections using TLS
certificates. Avoid using public WiFi networks or use a VPN when
necessary. Implement strong session management techniques,
such as automatic logouts and token-based authentication. Zero-
day exploits also pose a significant risk, as they target newly
discovered software vulnerabilities before developers can patch
them (Venu Shastri, 2025) . These attacks are especially
dangerous because they bypass traditional security measures.
The student worm is a well-documented case where zero-day
exploits were used to sabotage Iran’s nuclear program. Enable
automatic security updates for all software and systems. Use
behavior-based intrusion detection systems (IDS/IPS) to detect
suspicious activity. Apply network segmentation to limit the
impact of potential exploits. Participate in threat intelligence
sharing to stay updated on emerging vulnerabilities.

Security Hazards
In addition to active cyber threats, cybersecurity hazards are
potential risks that could lead to security breaches if not properly
addressed. Poor password practices, such as using weak or
reused passwords, make systems vulnerable to brute-force
attacks. Implementing multi-factor authentication (MFA) and
using password managers can mitigate these risks. Unpatched
software is another major hazard, as outdated systems contain
vulnerabilities that hackers can exploit, emphasizing the
importance of regular updates and patch management.
Organizations also face insider threats, where employees,
whether accidentally or intentionally, leak sensitive information.
Enforcing strict access controls and monitoring user activities can
help prevent such breaches (Hoxhunt, 2024) . Insider threats
involve employees, contractors, or partners misusing their access-
either accidentally or intentionally-to compromise security. These
threats are harder to detect because they involve trusted
individuals. Apply role-based access control (RBAC) to limit user
permissions. Monitor user activity logs for suspicious behavior.
Conduct regular security awareness training to prevent accidental
leaks. Use data loss prevention (DLP) tools to block unauthorized
data transfers. Moreover, social engineering risks arise when
cybercriminals manipulate human psychology to gain
unauthorized access, highlighting the need for security awareness
training. As businesses increasingly rely on cloud computing,
cloud security risks have also emerged, with improperly
configured cloud services leading to data breaches. Threat
intelligence is the process of collecting, analyzing, and applying
information about cyber threats to strengthen security defences.
It helps organizations understand who attacking, their motives,
and the techniques they use, allowing security teams to detect,
mitigate, and respond to threats before they cause damage.
Malware detection is another critical area where threat
intelligence plays a vital role (Matthew Kosinski, 2025) . It provides
Indicators of Compromise (IOCs), such as malicious IP addresses,
malware file hashes, and command-and-control (C2) server
details, enabling security tools to detect and block threats before
they spread. By continuously updating antivirus databases and
integrating intelligence into firewalls, SIEMs, and endpoint
security tools, organisations can significantly reduce malware
risks. DDoS attacks can be mitigated by leveraging threat
intelligence to identify botnets and malicious traffic sources
before an attack occurs. For example, threat intelligence can
recognize attack patterns from known botnets and automatically
block suspicious traffic before it overwhelms a network. Defense
strategies include using real-time threat intelligence feeds,
deploying cloud-based DDoS protection services like Cloudflare
and Akamai, and implementing rate-limiting measures. SQL
injection (SQLi) and web-based exploits can also be prevented
with threat intelligence, which helps security teams stay informed
about newly discovered vulnerabilities and attack tools. For
instance, if hackers begin using a new SQL injection tool, threat
intelligence feeds can provide detection rules and mitigation
techniques. Organizations can safeguard their applications by
implementing Web Application Firewalls (WAFs) with up-to-date
threat intelligence and conducting regular vulnerability scanning.
Threat intelligence is equally crucial in preventing Man-in-the-
Middle (MitM) attacks by detecting fake SSL certificates, rogue
access points, and compromised networks. Cybercriminals often
use spoofed SSL certificates to create phishing websites that steal
sensitive data. DNS security solutions that block fake websites in
real-time and enforcing SSL/LS encryption for all communications
are effective defenses against such attacks.

Threat Intelligence
Threat intelligence plays a crucial role in cybersecurity by helping
organizations understand, detect, and respond to threats
effectively. There are four primary types of threat intelligence.
Strategic Intelligence provides high-level insights into cyber
threats and trends. This includes industry reports on emerging
cybercrime groups, government advisories, and global threat
landscape analysis. It helps executives and policymakers make
long-term security decisions. Tactical Intelligence focuses on the
technical details of attack techniques, tools, and procedures
(TTPs) used by cybercriminals. A well-known example is the
MITRE ATT&CK framework, which helps security teams
understand and counteract adversary tactics.

Operational Intelligence delivers real-time data on ongoing

attacks and cybercriminal activities. Security teams use this
intelligence to track phishing campaigns, malware outbreaks, and
active threat actors, allowing for faster incident response.
Technical Intelligence offers specific indicators of compromise
(loCs) such as malware signatures, malicious IP addresses,
domain names, and hash values. This intelligence is crucial for
automated threat detection and blocking at the firewall or
endpoint security level. The benefits of threat intelligence in cyber
defence are extensive. It enables proactive security by detecting
and stopping attacks before they cause harm, accelerates
incident response by providing actionable data for quick threat
containment, and improves risk management by helping
businesses understand their cyber risk landscape. Additionally, it
enhances threat hunting capabilities, allowing security analysts to
proactively search for hidden threats, and supports better
decision-making by prioritizing vulnerabilities that need
immediate patching (SANS DFIR, 2024) .

Work Cited

Hoxhunt. (2024). How to Reduce Human Risk: Best Practices for Security
Teams.
Jiri Kohout. (2022). How DDoS Attacks Can Sink Your Business.
Matthew Kosinski. (2025). What is threat intelligence?
SANS DFIR. (2024). The Importance of Cyber Threat Intelligence: Insights
from Recent Nobelium Attacks.
Steve Snyder. (2023). MOST COMMON TYPES & SOURCES OF CYBER
THREATS.
Venu Shastri. (2025). WHAT IS A ZERO-DAY EXPLOIT?