upgrade
upgrade

📢Communication Technologies

Cybersecurity Threats

Study smarter with Fiveable

Get study guides, practice questions, and cheatsheets for all your subjects. Join 500,000+ students with a 96% pass rate.

Get Started

Why This Matters

Cybersecurity threats represent one of the most critical challenges in modern communication technologies, and you're being tested on more than just definitions. Exam questions will probe your understanding of attack vectors, vulnerability exploitation, and defense mechanisms—the underlying logic of how threats compromise systems and what makes certain attacks more dangerous than others. Whether you're analyzing a case study or responding to an FRQ about network security, you need to understand the relationship between human behavior, technical vulnerabilities, and system architecture.

The threats covered here demonstrate key principles: defense in depth, the CIA triad (confidentiality, integrity, availability), and the constant tension between usability and security. Some attacks exploit software flaws, others manipulate human psychology, and the most sophisticated combine both approaches. Don't just memorize threat names—know what vulnerability each exploits, what layer of security it bypasses, and what countermeasures address it.

Threats Targeting Human Vulnerabilities

The weakest link in any security system is often the human element—these attacks exploit psychology, trust, and social norms rather than technical flaws.

Phishing Attacks

  • Deceptive communications impersonating trusted sources—attackers craft emails, texts, or websites that mimic legitimate organizations to harvest credentials or install malware
  • Spear phishing targets specific individuals using personalized information, dramatically increasing success rates compared to mass campaigns
  • Primary defense is user training—technical filters help, but recognizing suspicious requests remains the most effective countermeasure

Social Engineering

  • Manipulates human psychology rather than exploiting code—attackers leverage trust, authority, fear, or urgency to bypass security protocols
  • Techniques include pretexting, baiting, and tailgatingpretexting creates false scenarios, baiting offers enticing items, tailgating follows authorized personnel through secure doors
  • Organizational protocols matter—verification procedures and security culture are more effective than technical solutions alone

Insider Threats

  • Originates from within the organization—individuals with legitimate access misuse privileges to steal data, sabotage systems, or enable external attackers
  • Can be malicious or negligent—intentional theft differs from accidental data exposure, but both compromise security
  • Requires behavioral monitoring and access controls—the principle of least privilege limits damage potential by restricting access to only what's necessary

Compare: Phishing vs. Social Engineering—phishing is actually a subset of social engineering, specifically using digital communications. Social engineering encompasses broader manipulation tactics including in-person deception. If an FRQ asks about human-factor vulnerabilities, social engineering is your umbrella term.

Threats Exploiting Software Vulnerabilities

These attacks target flaws in code, taking advantage of programming errors, insufficient input validation, or unpatched systems to gain unauthorized access.

SQL Injection

  • Exploits improper input validation in web applications—attackers insert malicious SQL queries through user input fields to manipulate databases
  • Can access, modify, or delete sensitive data—a single vulnerable form field can expose entire customer databases
  • Prevented through parameterized queries and input sanitization—treating user input as data rather than executable code eliminates the vulnerability

Zero-Day Exploits

  • Targets unknown vulnerabilities before patches exist—"zero-day" refers to developers having zero days to fix the flaw before exploitation
  • Extremely valuable on black markets—nation-states and criminal organizations pay premium prices because no defense exists at discovery
  • Defense requires layered security—since specific patches don't exist, organizations rely on behavioral detection, network segmentation, and rapid response capabilities

Compare: SQL Injection vs. Zero-Day Exploits—SQL injection exploits known vulnerability types that developers should prevent, while zero-day exploits target unknown flaws. This distinction matters: SQL injection is often a failure of secure coding practices, whereas zero-day attacks can compromise even well-maintained systems.

Threats Disrupting System Availability

These attacks don't steal data—they prevent legitimate users from accessing services, targeting the "availability" component of the CIA triad.

Distributed Denial of Service (DDoS) Attacks

  • Overwhelms targets with traffic from multiple sources—flooding servers with requests exhausts resources and renders services unavailable to legitimate users
  • Leverages botnetsnetworks of compromised devices (often IoT) coordinated to attack simultaneously, amplifying impact beyond any single attacker's capability
  • Mitigation includes traffic filtering and rate limiting—distinguishing malicious from legitimate traffic is the core technical challenge

Compare: DDoS vs. Traditional DoS—a standard denial-of-service attack comes from a single source and can be blocked by filtering that IP. Distributed attacks use thousands of sources, making simple blocking ineffective. Exam questions often test whether you understand why the "distributed" element makes these attacks particularly dangerous.

Threats Intercepting Communications

These attacks position attackers between legitimate parties, compromising confidentiality and integrity of data in transit.

Man-in-the-Middle (MitM) Attacks

  • Intercepts communication between two parties—attackers secretly relay and potentially alter messages while both sides believe they're communicating directly
  • Common on unsecured Wi-Fi networks—public hotspots without encryption allow attackers to capture login credentials, financial data, and private communications
  • Encryption and certificate verification are primary defenses—HTTPS, VPNs, and proper certificate validation prevent successful interception

Threats Targeting Authentication

These attacks attempt to bypass identity verification, gaining unauthorized access by cracking or stealing credentials.

Password Attacks

  • Brute force systematically tests all combinations—computationally intensive but guaranteed to succeed eventually against weak passwords
  • Dictionary attacks use common password lists—far more efficient than brute force, exploiting the reality that most users choose predictable passwords
  • Multi-factor authentication (MFA) is the strongest countermeasure—even compromised passwords can't grant access without the additional verification factor

Compare: Brute Force vs. Dictionary Attacks—brute force is comprehensive but slow (testing every possible combination), while dictionary attacks are faster but limited to known passwords. Understanding this tradeoff helps explain why complex, unique passwords defeat dictionary attacks while length defeats brute force.

Malicious Software (Malware)

Malware encompasses various software designed to harm systems—each type uses different mechanisms for infection, spread, and damage.

Malware Categories

  • Viruses attach to legitimate files and spread when infected files are shared—require user action to propagate
  • Worms self-replicate across networks without host files or user interaction—this autonomous spreading makes them capable of rapid, widespread damage
  • Ransomware encrypts files and demands payment—combines technical attack with extortion, representing one of the fastest-growing threat categories

Trojans

  • Disguises malicious code as legitimate software—users voluntarily install what appears to be useful applications
  • Often creates backdoors for future unauthorized access or downloads additional malware once installed
  • Social engineering component—success depends on convincing users the software is trustworthy, blending technical and psychological attack vectors

Compare: Viruses vs. Worms—both spread and cause damage, but viruses require human action (opening infected files) while worms spread autonomously across networks. This distinction affects both propagation speed and appropriate countermeasures.

Threats in Emerging Technologies

As new technologies connect more devices, they introduce new attack surfaces with unique vulnerabilities.

IoT Vulnerabilities

  • Weak default security configurations—many devices ship with default passwords, no encryption, and limited update capabilities
  • Compromised devices join botnets—attackers aggregate thousands of insecure cameras, routers, and smart devices for DDoS attacks or network infiltration
  • Expanding attack surfaceeach connected device represents a potential entry point, and IoT devices often lack the processing power for robust security measures

Compare: IoT Vulnerabilities vs. Traditional System Threats—conventional computers receive regular security updates and run antivirus software, while many IoT devices have no update mechanism and minimal security features. This fundamental difference explains why IoT devices are disproportionately represented in botnets.

Quick Reference Table

ConceptBest Examples
Human-factor exploitationPhishing, Social Engineering, Insider Threats
Software vulnerability exploitationSQL Injection, Zero-Day Exploits
Availability attacksDDoS Attacks
Communication interceptionMan-in-the-Middle Attacks
Authentication bypassPassword Attacks (Brute Force, Dictionary)
Malicious softwareViruses, Worms, Trojans, Ransomware
Emerging technology risksIoT Vulnerabilities
Requires user action to spreadViruses, Trojans, Phishing
Spreads autonomouslyWorms

Self-Check Questions

  1. Which two threat types both exploit human psychology rather than technical vulnerabilities, and how do their attack methods differ?

  2. Compare and contrast how SQL injection and zero-day exploits target software—what makes one preventable through secure coding practices while the other remains dangerous even in well-maintained systems?

  3. An FRQ describes a scenario where thousands of compromised smart home devices flood a company's servers with traffic. Identify the attack type and explain why IoT devices are particularly vulnerable to being used this way.

  4. What distinguishes a virus from a worm in terms of propagation method, and how does this difference affect the speed and scope of potential damage?

  5. A security analyst must choose between implementing stronger password policies or deploying multi-factor authentication. Using your understanding of password attacks, explain why MFA provides superior protection regardless of password strength.