Examples of Threats:

Threat Type Description Example

Cyberattacks Deliberate attempts by malicious Ransomware Attack: A hacker

actors to disrupt, damage, or encrypts an organization's critical
gain unauthorized access to data and demands payment to
systems or data. restore it.

Data Breaches Unauthorized access, disclosure, Customer Data Leak: A hacker

or theft of sensitive information, steals personal information, including
such as customer data or credit card details, from a financial
intellectual property. institution’s database.

Phishing Fraudulent attempts to acquire Email Phishing: Employees receive

sensitive information by an email from a fake IT department
pretending to be a trustworthy asking them to reset their password,
entity, often through email. leading to credential theft.

Insider Threats Threats originating from within Employee Data Theft: A disgruntled
the organization, such as employee steals customer information
employees, contractors, or and sells it to competitors.
business partners.

Malware Malicious software designed to Trojan Horse: A seemingly legitimate

damage, disrupt, or gain software program that secretly installs
unauthorized access to systems. malicious software on a system.

Distributed An attack that floods a target’s DDoS Attack on a Website:

Denial of Service systems, networks, or services Cybercriminals overwhelm a
(DDoS) with a massive amount of traffic, company’s website with traffic,
making it unavailable. making it impossible for users to
access the site.

Advanced Prolonged and targeted Nation-State Hacking: A foreign

Persistent cyberattacks, often carried out by government’s hackers gain access to
Threats (APT) sophisticated adversaries, sensitive data to spy on a corporation
typically aimed at espionage. or government entity.
Hardware Physical damage or failure of Hard Drive Crash: A server's hard
Failures critical hardware components, drive fails, causing the organization to
leading to data loss or system lose important data if it is not backed
downtime. up.

Software Flaws or vulnerabilities in Buffer Overflow: A software bug

Bugs/Errors software code that could lead to allows attackers to execute arbitrary
system malfunctions, crashes, or code, potentially gaining unauthorized
security breaches. control of a system.

Natural Physical events like Flooding in a Data Center: A natural

Disasters earthquakes, floods, or fires that disaster floods the server room,
disrupt normal operations and causing significant damage to servers
damage IT infrastructure. and data loss.

Theft or Loss of Loss or theft of mobile devices, Stolen Laptop: An employee's laptop
Devices laptops, or external storage containing unencrypted company
devices containing sensitive data is stolen, leading to a potential
company data. breach of confidential information.

Regulatory Failure to comply with legal or Non-compliance with GDPR: A

Non-compliance regulatory requirements that company fails to implement adequate
govern data security and privacy. measures to protect personal data,
resulting in legal penalties.

Zero-Day Attacks that target vulnerabilities Zero-Day Exploit on Web Browser:

Exploits in software or systems that are A hacker exploits a vulnerability in a
unknown to the vendor and have web browser that has not yet been
no patch available. discovered or patched by the
developer.

Spyware Malicious software that secretly Keylogger: A piece of spyware

monitors or collects information installed on an employee’s computer
about a user’s activities without that logs their keystrokes to capture
their consent. sensitive data like passwords.

Physical Access Unauthorized physical access to Unauthorized Access to Server

Breach secure areas, such as server Room: An intruder gains physical
rooms or data centers, that may access to the company's server room
lead to system tampering. and tampers with the hardware or
steals equipment.

Supply Chain Compromising a third-party Compromised Software Update: A

Attacks service or product that the software vendor unknowingly
organization depends on, leading distributes malware within a legitimate
to a security breach. software update to a client.
Cloud Security Vulnerabilities or breaches Misconfigured Cloud Storage: An
Breaches involving data stored in cloud organization accidentally makes
services, often due to sensitive data in a cloud storage
misconfiguration or hacking. service publicly accessible.

Ransomware A type of malware that WannaCry Ransomware Attack (2017): This

encrypts the victim's files, ransomware spread rapidly, affecting
rendering them hundreds of thousands of computers globally,
inaccessible until a ransom demanding payment to restore encrypted
is paid. files.

Phishing Fraudulent attempts to Targeted Email Phishing: Attackers send

acquire sensitive information fake emails, impersonating a legitimate
such as usernames, service, requesting users to reset their
passwords, or credit card password and steal their credentials.
details, often via email.

Denial of Attackers overwhelm a system, GitHub DoS Attack (2018): A massive

Service network, or website with a flood of DDoS attack targeted GitHub's servers,
(DoS) traffic, making it unavailable to reaching a record-breaking 1.35 Tbps,
users. causing temporary downtime.

Distributed Similar to DoS, but in this Cloudflare DDoS Attack (2020): A

Denial of case, the attack is launched DDoS attack hit Cloudflare’s servers,
Service (DDoS) from multiple distributed with a peak of 2.5 Tbps, one of the
sources (often botnets). largest attacks ever recorded.

Man-in-the An attacker intercepts and Wi-Fi Eavesdropping: Attackers intercept

-Middle potentially alters communications data between a user’s device and an
quiz between two parties, often in unsecured public Wi-Fi hotspot, capturing
(MitM) unsecured networks. sensitive data like login credentials.
Attack

SQL Attackers exploit vulnerabilities in Heartland Payment Systems Breach

Injection an application’s database layer, (2008): Cybercriminals used SQL injection
often by inserting malicious SQL to steal over 100 million credit card numbers
queries. from a payment processor.
Cross-Site Attackers inject malicious scripts MySpace Samy Worm (2005): A
Scripting into websites or web JavaScript-based XSS attack spread
(XSS) applications that are executed rapidly across MySpace, gaining over a
by users' browsers. million friends for the attacker within hours.

Malware Software designed to disrupt, Emotet Malware (2014): Initially a banking

damage, or gain unauthorized Trojan, Emotet evolved into a major
access to computer systems. malware-as-a-service platform used to distribute
ransomware and steal sensitive data.

Trojan A type of malware that disguises Zeus Trojan (2007): Used to steal banking
Horse itself as legitimate software but credentials and initiate fraudulent
performs harmful actions once transactions, primarily through malicious
executed. email attachments.

Cryptojacking Attackers secretly use a Coinhive Cryptojacking (2017):

victim’s computing power to Attackers embedded Coinhive scripts in
mine cryptocurrency without websites to use visitors' CPU power for
their consent. mining cryptocurrency like Monero.

Zero-Day Attacks that take advantage of Stuxnet Worm (2010): Exploited multiple
Exploit previously unknown vulnerabilities in zero-day vulnerabilities to infect and
software or hardware before a patch sabotage Iran’s nuclear facilities by
is available. targeting SCADA systems.

Credential Attackers use stolen username Yahoo Data Breach (2013-2014):

Stuffing and password combinations to Cybercriminals used credential stuffing
gain unauthorized access to techniques with data from previous breaches
other accounts. to steal accounts from millions of Yahoo
users.

Social Manipulation of people into CEO Fraud (Business Email

Engineering performing actions or divulging Compromise): An attacker impersonates
confidential information by a CEO or other high-level executive,
exploiting trust or psychological tricking employees into transferring funds
manipulation. or sensitive information.
Insider An attack originating from Edward Snowden (2013): Snowden, a
Threat someone within the organization, former NSA contractor, leaked classified
such as an employee or information to journalists, exposing global
contractor. surveillance programs.

Ad Fraudulent activity where attackers Methbot Ad Fraud Scheme (2016): A botnet

Fraud manipulate ads to generate generated millions of fake ad views and clicks,
revenue for themselves by resulting in millions of dollars in advertising
fraudulently clicking or viewing ads. revenue for cybercriminals.

Password Attackers attempt to guess LinkedIn Data Breach (2012):

Attacks (Brute passwords using various Attackers obtained encrypted
Force, methods, including automated passwords from a breach and then
Dictionary, etc.) tools, by testing multiple used brute force techniques to crack
password combinations. the passwords and access user
accounts.

Backdoor Attackers create a secret method Backdoor in Cisco Routers (2018): A

Attack of accessing a system without vulnerability was found in certain Cisco
authorization, often hidden within router models, allowing attackers to
software or firmware. access network devices without detection.