The Most Common Cyber Threats
-by Demystifier

Phishing

In a phishing attack, someone tries to trick you into giving away private information, like your passwords, bank details, or personal data. Their goal is to get into your accounts, steal money, or gather information to help them commit another crime later on.

How it works

The attacker sends messages that look like the real thing—these could be emails, texts, phone calls, or social media messages. They often include a link or an attachment that leads you to a fake website or sneaks harmful software onto your device. The fake page is designed to steal whatever information you type into it.

Manipulation

Manipulation is a way for attackers to play with people’s minds to get them to do things they normally wouldn’t—like opening an attachment, sharing private info, or agreeing to a risky request. It’s all about taking advantage of how we think and feel.
 

How it works

Attackers use things like trust, fear, and curiosity to trick you. They might pretend to be a coworker, a boss, or even a journalist to get you to share your passwords, give them remote access, or 'quickly confirm' some details.

Vulnerabilities

A vulnerability is basically a weakness in software, hardware, or settings that lets an attacker do things they aren't supposed to. For example, they might skip security checks, crash a service, or read and change files. These weaknesses are often caused by mistakes in the code, using old versions of programs, or having the wrong security settings.

​

How it works

Attackers look for weaknesses in systems and try to take advantage of them. They often use automated tools that scan networks to find known bugs. If a security flaw has been found but not fixed yet, it’s easy for them to break in. Once they are inside, they can install harmful software, gain more control over the system, and move toward more valuable data.

Malicious software

Malicious software—or malware—is designed to damage your device, spy on you, or take control of your system. It comes in many forms: ransomware, which locks your files for ransom; spyware, which steals your data; and backdoors, which let attackers slip back into your system whenever they want.
 

How it works
 

To do its job, malware first needs to get inside. It can arrive as an email attachment, a fake link, a shady website, or even through a stray USB stick. Once it’s running, it tries to hide so you won't notice it. From there, it can spread to other devices, steal information, or lock your files. Some malware even pretends to be a normal, safe program to trick you into trusting it.

Supply chain attacks

A supply chain attack doesn’t target a company directly. Instead, it goes after the partners, suppliers, or the software that the company uses. The goal is to break one weak link in the chain and use that trusted connection as a backdoor to reach the main target.

How it works

Attackers first find out which services or programs a company trusts—like which partners send them updates or whose emails are always accepted. Once they break into a supplier's system, they send a 'genuine-looking' update or message that the target accepts without question. These attacks are especially dangerous because they bypass most normal security checks.

The Finnish Transport and Communications Agency Traficom has published a guide to help organizations deal with these types of attacks.

Denial of service attacks

The goal of a denial of service attack is to temporarily shut down a website, application, or network. Attackers might target public pages or login services to disrupt business, extort money, or create a 'smokescreen' to hide other criminal activities.

How it works

​

These attacks often use botnets i.e., networks of hijacked devices like home routers, cameras, or computers. The attacker floods the target with so much traffic or so many requests that the service simply crashes. Because the traffic comes from thousands of different devices at once, it’s very hard for the service to handle.