Malware

is a form of malicious software in which any file or program can be used to harm a computer user. This includes worms, viruses, Trojans and spyware.

Ransomware

is another type of malware. It involves an attacker locking the victim’s computer system files — typically through encryption — and demanding a payment to decrypt and unlock them.

Social engineering

is an attack that relies on human interaction to trick users into breaking security procedures to gain sensitive information that is typically protected.

Phishing

is a form of social engineering where fraudulent email or text messages that resemble those from reputable or known sources are sent. Often random attacks, the intent of these messages is to steal sensitive data, such as credit card or login information.

Spear phishing

is a type of phishing attack that has an intended target user, organization or business.

Insider threats

are security breaches or losses caused by humans — for example, employees, contractors or customers. Insider threats can be malicious or negligent in nature.

Distributed denial-of-service (DDoS) attacks

are those in which multiple systems disrupt the traffic of a targeted system, such as a server, website or other network resource. By flooding the target with messages, connection requests or packets, the attackers can slow the system or crash it, preventing legitimate traffic from using it.

Advanced persistent threats (APTs)

are prolonged targeted attacks in which an attacker infiltrates a network and remains undetected for long periods of time with the aim to steal data.

Man-in-the-middle (MitM) attacks

are eavesdropping attacks that involve an attacker intercepting and relaying messages between two parties who believe they are communicating with each other.