How many types of cyber threats are there?

The internet, like the wider world, has rarely felt like a more dangerous place.

The final months of 2024 saw record numbers of ransomware attacks, while over half a million new pieces of malware are detected each and every day.

These contribute to almost 200,000 new attacks on devices or networks every second – that’s not a misprint – with a huge spike in activity since the start of the war in Ukraine three years ago.

Ticketmaster lost 560 million customer records last year – currently the biggest data breach in history – with other recent attacks targeting X, the NHS, Yahoo and LinkedIn.

To understand just how dangerous the internet can be, we’ve compiled a list of the various cyber threats currently circulating.

The threat is real

There are plenty of dangers posed to individuals, households and businesses from so-called internal threats, such as unauthorised device access or accidental loss of a phone or computer.

However, the vast majority of cyber threats emanate externally, usually from either state-sponsored organisations, criminal gangs or rogue hackers looking to cause mayhem.

Many of the categories below fit under the collective banner of malware, though research from CrowdStrike suggests three quarters of cyber-attacks last year were malware-free.

Ransomware. Perhaps the most feared cyber threat locks you out until you pay a ransom, with no guarantee your access will be restored even if you fully comply.

Password theft. As we’ve previously reported, simple passwords remain a key vulnerability, from broadband routers and phone PIN codes to account passwords.

Drive-by downloads. Again, we’ve recently profiled the phenomenon of compromised websites or servers being used to forcibly inject viruses onto unwitting host devices.

Trojans. Like drive-by downloads, Trojan viruses arrive unannounced inside legitimate programs, unlocking access to your hard drive or confidential information.

Malvertising. Resembling normal advertising, this malware variant redirects unwitting consumers to malicious websites where data harvesting takes place.

Internet of Things attacks. Smart speakers and remote cameras might be vulnerable to attack since they’re connected to your WiFi network and often have little in-built security.

Phishing schemes. The Nigerian Prince email scam is the best known example of persuading people to disclose sensitive or confidential data like passwords and bank details.

Quishing, smishing and vishing. Emails aren’t the only vector for phishing. QR codes, SMS messages and voicemails also encourage people to expose themselves to malware.

Zero-day malware. Created and launched on the same day, these attacks aim to circumvent antivirus databases by containing program code not yet identified or logged as harmful.

Man in the middle attacks. This describes the interception and monitoring of data sent across an (often insecure) network, potentially using keystroke logging to harvest passwords.

Missed patches. If you don’t install the latest hardware, software and firmware updates, you could be exposing anything from PCs to wireless routers to threats.

SQL injections. This is a programming language used to power many portal pages like login screens, so rogue SQL queries could potentially access otherwise hidden data.

Formjacking. A derivation of SQL injections, these malicious little parcels of JavaScript code access personal and financial data through forms on legitimate websites.

Water hole attacks. Haven’t heard of these? They target social media networks or login portals, infecting every subsequent user with malicious program code.

DDoS attacks. More an issue for service providers than consumers, Distributed Denial of Service attacks overwhelm servers, forcing them offline and making them unavailable.

Cryptojacking. Cryptocurrencies are hard to earn, so networks of enslaved PCs may be lashed together to mine for currency, damaging hardware and rendering them unusably slow.

Key safety steps

So much for the theory – how can you stay safe in practice?

Avoid dubious websites, especially those with unusual top-level domains, and never illegally stream content which is prone to being compromised by drive-by downloads or malvertising.

Enable automatic updates on antivirus software to minimise the risk of zero day attacks, and ensure broadband routers are regularly restarted to enable them to install updated firmware.

Stay off the Dark Web unless you’re confident in your abilities to navigate it safely and always be wary of unsolicited links/files/attachments sent to you by strangers.