CS Fundamentals
Learn about the most common cybersecurity threats — from social engineering and DDoS attacks to insider threats and zero-day exploits.
Introduction
The digital world faces a constantly evolving landscape of threats. Every organization, from small startups to multinational corporations, and every individual with an online presence is a potential target. Cybercriminals, nation-state hackers, hacktivists, and even disgruntled insiders can threaten the security of computer systems and data.
Understanding the most common cyber threats is the first step in defending against them. You cannot protect against what you do not understand. This chapter provides a comprehensive overview of the threats you are most likely to encounter — both as an individual user and as a future IT professional responsible for protecting systems and data.
Social Engineering Attacks
Social engineering is the art of manipulating people into performing actions or revealing confidential information. It exploits human psychology rather than technical vulnerabilities — making it one of the most dangerous and effective attack categories because no amount of technical security can fully protect against human error.
Phishing (covered in detail in a separate chapter) uses fake emails or messages to trick victims. Pretexting involves creating a fabricated scenario to engage a victim — an attacker might call pretending to be from the IT department, claiming they need your password for "maintenance." Baiting offers something enticing (free USB drives left in a parking lot, free software downloads) that contains malware. Tailgating means physically following an authorized person through a secured door without proper credentials.
Social engineering works because humans are naturally trusting, want to be helpful, respond to authority, and act quickly under pressure. Training and awareness are the primary defenses — technical controls cannot prevent someone from voluntarily giving away their password.
Denial of Service (DoS/DDoS) Attacks
A Denial of Service attack aims to make a system or network unavailable to legitimate users by overwhelming it with traffic or requests. Imagine thousands of people simultaneously calling the same phone number — no real calls can get through. A DDoS (Distributed Denial of Service) attack uses many compromised computers (a botnet) to generate the attack traffic, making it much harder to block.
DDoS attacks can bring down websites, online services, and entire networks for hours or days. Major targets have included banks, gaming services, government websites, and DNS providers (affecting millions of websites simultaneously). Protection involves specialized DDoS mitigation services that can absorb and filter malicious traffic before it reaches the target.
Man-in-the-Middle (MitM) Attacks
In a man-in-the-middle attack, an attacker secretly intercepts communication between two parties who believe they are communicating directly with each other. The attacker can eavesdrop on the conversation, modify messages in transit, or inject new messages.
Common scenarios include intercepting unencrypted WiFi traffic at public hotspots, ARP spoofing on local networks (redirecting traffic through the attacker's machine), and DNS spoofing (directing victims to fake websites). HTTPS encryption is the primary defense — it ensures that even if traffic is intercepted, it cannot be read or modified.
SQL Injection
SQL injection is one of the most common web application attacks. When a website takes user input (like a search box or login form) and uses it directly in a database query without proper sanitization, an attacker can inject their own SQL commands. This can allow them to read the entire database (including user passwords and personal data), modify or delete data, or even take control of the database server.
For example, if a login form naively puts your username directly into a query, an attacker might type something like: ' OR '1'='1 — which modifies the query logic to always return true, bypassing authentication entirely. Prevention involves parameterized queries (separating data from commands) and input validation.
Cross-Site Scripting (XSS)
XSS attacks inject malicious JavaScript code into web pages viewed by other users. When victims visit the compromised page, the injected script runs in their browser with the same permissions as the legitimate website — potentially stealing cookies (session hijacking), redirecting users to phishing sites, or modifying page content.
XSS is prevalent because many websites display user-generated content (comments, forum posts, profiles) without properly sanitizing it. Prevention involves escaping output (converting special characters to safe equivalents) and content security policies.
Insider Threats
Not all threats come from outside. Employees, contractors, or business partners with legitimate access can intentionally or accidentally cause security incidents. A disgruntled employee might steal proprietary data before leaving. A careless employee might accidentally email sensitive files to wrong recipients. A contractor might have excessive access privileges beyond what their role requires.
Insider threats are particularly dangerous because these individuals already have authorized access — they do not need to bypass external security. Detection relies on monitoring unusual behavior (accessing files outside normal patterns, copying large amounts of data) and implementing the principle of least privilege (giving each person only the minimum access needed for their role).
Zero-Day Exploits
A zero-day vulnerability is a security flaw that is unknown to the software vendor — they have had zero days to fix it. Zero-day exploits take advantage of these undiscovered vulnerabilities, making them extremely dangerous because no patch exists. They are valuable on black markets (sold for hundreds of thousands of dollars) and used in sophisticated targeted attacks.
Defense against zero-days relies on defense-in-depth (multiple security layers so one vulnerability does not compromise everything), behavioral detection (identifying unusual system behavior rather than known attack signatures), and rapid patching once vulnerabilities are discovered.
Credential Attacks
Beyond phishing, attackers use various methods to compromise passwords. Brute force tries every possible combination. Dictionary attacks try common words and variations. Credential stuffing uses passwords leaked from other breaches. Password spraying tries a few common passwords against many accounts (avoiding lockouts that multiple failed attempts on one account would trigger).
Multi-factor authentication (MFA) is the most effective defense — even compromised passwords are useless without the second factor.
Key Takeaways
- Social engineering exploits human psychology — awareness and training are the primary defenses
- DDoS attacks overwhelm systems with traffic, making them unavailable to legitimate users
- Man-in-the-middle attacks intercept communication — HTTPS encryption is the main protection
- SQL injection and XSS are common web application vulnerabilities — proper coding practices prevent them
- Insider threats come from within — least privilege and monitoring are key defenses
- Zero-day exploits target unknown vulnerabilities — defense-in-depth provides protection
- Multi-factor authentication protects against credential attacks even when passwords are compromised
- Understanding threats is the foundation of building effective defenses in any IT role
Exam Focus
Revise definitions, diagrams, examples, and short-answer points for Common Cyber Threats.
Interview Use
Prepare one clear explanation, one practical example, and one common mistake for this Computer Fundamentals topic.
Search Terms
computer-fundamentals, computer fundamentals, computer, fundamentals, cybersecurity, basics, common, cyber
Related Computer Fundamentals Topics