Cybersecurity 
You can protect your digital footprint by deleting any accounts you no longer use, adjusting your privacy settings, avoiding oversharing on social media and using a
8 min read
Published on August 14, 2024
In 2024, many organizations and individuals have been affected by cyber attacks. A few of the most common cyber threats are social engineering attacks, password-based attacks and data leaks.
Read more to learn about the ten most common cybersecurity threats that have been occurring in 2024 and how to protect yourself and your business against them.
1. Social engineering attacks
Social engineering is a tactic used by cybercriminals to psychologically manipulate people into sharing private details. They pretend to be someone the person knows or trusts to get them to reveal confidential information and gain access to personal, financial or work-related accounts. For example, you may receive a phone call from someone claiming to be a family member, asking you to send them money immediately because they have recently been in a car accident. However, you shouldn’t respond too quickly. With recent technological advances, cybercriminals can use videos from social media and Artificial Intelligence (AI) to mimic the voice of someone you know.
Types of social engineering attacks
There are several types of social engineering attacks, such as phishing, vishing, smishing and pretexting. Phishing generally occurs through email. A cybercriminal will send a phishing email with a link or attachment intended for a victim to click on or download. However, by clicking or downloading an unsolicited link or attachment, a victim could download malware onto their device and have their private information stolen by a cybercriminal. Vishing and smishing are similar to phishing, except vishing is done over the phone and smishing is done through text messages. Pretexting involves the cybercriminal creating a story, or giving a pretext, that causes the victim to feel pity or fear, resulting in them sharing personal information.
2. Ransomware and extortion
While malware is software that infects a device to steal private information, ransomware is a type of malware that makes devices unusable that cybercriminals promise to remove only after their victim has paid a ransom. According to a report published by Veeam in June 2024, victims of ransomware attacks lose approximately 43% of their data on average. This means that if you become a ransomware victim, there is a high chance that almost half of your data could be unrecoverable.
Extortion is a crime in which a cybercriminal forces an individual or organization to give them money by locking victims out of their devices, threatening to release personal data and requesting a ransom to regain access to their files. You may be thinking that ransomware and extortion sound similar, and you’re correct. However, extortion is a broad category of cybercrime whereas ransomware is a form of malware. Cybercriminals who commit extortion often use ransomware as a tool to get money or private information.
3. Supply chain attacks
Instead of focusing on a specific business to target, cybercriminals target vendors and suppliers in supply chain attacks. A cybercriminal will conduct a supply chain attack by accessing a business through a third-party vendor or supplier. One of the most infamous supply chain attacks involved SolarWinds’ software called Orion in 2019. Cybercriminals inserted malware through code into software updates, and when organizations downloaded the new software update, cybercriminals gained access to thousands of systems which allowed them to spy on other organizations. Since most supply chains are multilayered and expansive, it is hard to trace where the security weaknesses reside following this kind of cyber attack.
4. AI-powered attacks
According to a report by Deep Instinct, 85% of cyber attacks in 2024 have relied on AI. As mentioned before, cybercriminals are evolving in their techniques to use AI as a tool for cyber attacks like vishing. There are other ways that cybercriminals are committing AI-powered attacks, such as password cracking. Cybercriminals are now cracking passwords by relying on AI-powered tools, like PassGAN, which can crack the majority of frequently used passwords within one minute. AI is also being used to write convincing phishing emails, eliminating the easy-to-see spelling and grammar mistakes found in most phishing scams. This helps cybercriminals’ scams appear more believable, so more people fall for these phishing attacks.
5. Password-based attacks
Often, when you think of cyber attacks, you think of password-based attacks, where someone tries to guess your password to steal your online account information. Because most people tend to use weak passwords or reuse the same password for multiple websites, it is easy for cybercriminals to guess and use a password to gain access to private data.
There are several ways that cybercriminals can carry out password-based attacks. One of the most common password-based attacks is trial and error, which is called a brute force attack. Cybercriminals will try over and over again until they gain access to your account, and if you reuse your password on multiple accounts, they could steal information from multiple accounts. Another common tactic cybercriminals use is password spraying, where they stay on one domain and attempt to access multiple accounts by just using popular passwords like “password” or “123456.” In any password-based attack, cybercriminals rely on their victims using weak passwords or the same password for multiple websites to gain the most access to private information.
6. Internet of Things (IoT) attacks
As smart devices grow in popularity, cybercriminals have found ways to attack a variety of physical objects connected to the internet. In what is called an Internet of Things (IoT) attack, cybercriminals who gain access to your WiFi network can potentially connect to your smart devices and steal your private data. Besides traditional computers, phones and tablets, think of the types of smart devices in your home like your Amazon Echo, Ring doorbell, Nest thermostat or Nanit baby monitor. These smart devices, and many others, could get infected with malware if a cybercriminal connects to them, allowing them to steal your personal information or even monitor you through a device’s camera or microphone. For example, some baby monitors have been hacked by cybercriminals, which allows them not only to see your child but also to look inside your home. IoT attacks can be incredibly invasive and traumatizing for anyone involved when you realize that you are being watched or listened to by a cybercriminal.
7. Cloud vulnerabilities
Since more organizations and individuals rely on cloud-based systems or devices, there are many cloud vulnerabilities, or weaknesses in these systems, that cybercriminals could take advantage of. Based on a 2024 report from IBM, over 40% of data breaches are cloud-based and can cost companies millions of dollars to recover from. Cloud vulnerabilities can lead to more than just financial losses since exposing customer data can lead to mistrust and a damaged reputation with potential customers in the future.
One of the biggest types of cloud vulnerabilities an organization could face is cloud misconfiguration, which means that cloud resources were not set up or managed correctly, leading to security flaws and the potential for data breaches. Generally, if employees are given least-privileged access, it will prevent cybercriminals from attacking the company on a larger scale if there is a breach because an employee will only have access to what they need to do their job.
8. Business Email Compromise (BEC) attacks
Employees could be targeted in Business Email Compromise (BEC) attacks, in which a cybercriminal pretends to be an authoritative figure within a company like the CEO to trick an employee into sending money or private information. Because a cybercriminal needs to know who to target and impersonate, this type of cyber attack requires lots of research for the cybercriminal to appear trustworthy and blend in.
Imagine that your boss emails you saying she needs you to send her a list of customers’ credit card information as soon as you can. If someone asks you to do anything urgently and that task requires you to send customers’ data, you should reach out directly to your boss using a trusted line of communication to make sure this is legitimate.
9. Distributed Denial-of-Service (DDoS) attacks
Distributed Denial-of-Service (DDoS) attacks aim to disrupt the normal traffic of a server by overwhelming it so much that it eventually crashes. A cybercriminal will do this to damage an organization’s reputation, request a ransom to stop slowing traffic or completely stop a website’s normal operations to cause chaos. Since networks can only handle so many requests at once, DDoS attacks rely on bots to conduct different attacks simultaneously, which causes a network to become flooded with requests and eventually brings traffic to a complete stop. While this may not be one of the most talked-about cyber threats, DDoS attacks have been steadily increasing and are capable of causing financial ruin for an organization.
10. Data leaks and breaches
In just 2024 alone, many companies have suffered data leaks and breaches. Data leaks happen when sensitive data, like customer information, is accidentally exposed by an organization. Data breaches occur when a cybercriminal steals information after accessing company resources. Whether they are intentional or not, these kinds of cyber attacks could lead to your information being stolen and even to identity theft. IBM reported that the international cost of a data breach in 2024 has increased by 10% since 2023, averaging $4.8 million. Data leaks and data breaches are both serious cybersecurity threats because of the various consequences of having sensitive information stolen: identity theft, damaged reputation, financial losses, legal issues and lack of trust with future customers or business partners.
Protect yourself against common cyber threats
After learning about the ten most common cybersecurity threats, you probably want to know how you can keep yourself safe from these online dangers. Here are some helpful tips to incorporate into your security practices:
- Use strong and unique passwords for each account, including your WiFi networks
- Don’t use common, weak or reused passwords for any account
- Enable Multi-Factor Authentication (MFA) when possible to require an additional form of authentication to access your account
- Avoid oversharing on social media to prevent cybercriminals from learning too much about you
- Set up least-privilege access controls for your employees
- Keep your devices’ software up to date with the latest security features
One way to keep up with the best cyber hygiene practices and keep yourself safe from cyber threats is by utilizing Keeper®. Start your free 14-day trial of Keeper Business Password Manager or your free 30-day trial of Keeper Password Manager, our personal password manager.
