SecurityTrails Blog · LAST UPDATED ON Apr 07 2021 · by Esteban Borges

Top 10 Common Network Security Threats Explained

Reading time: 10 minutes

The old childhood warning "Stranger danger!" has withstood the test of time even in our modern, developed world.

Now that most of our daily procedures and activities are automatized and available for use on the Internet, we need to take the same level of precaution we did as children, crossing to the other side of the street whenever we saw a suspicious stranger. This precaution is needed even more after seeing some critical statistics surface, claiming that nearly one-third of the world’s computers are infected with some type of malware.

In the past we’ve covered the history of web exploiting and the biggest exploits the world has experienced, as well as security breaches and how they can affect different organizations. But today we’re going back to basics—and exploring the most common network security threats you may encounter online.

The most common network security threats

Here are the most common security threats examples:

1. Computer virus

We’ve all heard about them, and we all have our fears. For everyday Internet users, computer viruses are one of the most common network threats in cybersecurity. Statistics show that approximately 33% of household computers are affected with some type of malware, more than half of which are viruses.

Computer viruses are pieces of software that are designed to be spread from one computer to another. They’re often sent as email attachments or downloaded from specific websites with the intent to infect your computer — and other computers on your contact list — by using systems on your network. Viruses are known to send spam, disable your security settings, corrupt and steal data from your computer including personal information such as passwords, even going as far as to delete everything on your hard drive.

2. Rogue security software

Leveraging the fear of computer viruses, scammers have a found a new way to commit Internet fraud.

Rogue security software is malicious software that mislead users to believe that they have network security issues, most commonly a computer virus installed on their computer or that their security measures are not up to date. Then they offer to install or update users’ security settings. They’ll either ask you to download their program to remove the alleged viruses, or to pay for a tool. Both cases lead to actual malware being installed on your computer.

3. Trojan horse

Metaphorically, a "Trojan horse" refers to tricking someone into inviting an attacker into a securely protected area. In computing, it holds a very similar meaning — a Trojan horse, or "Trojan," is a malicious bit of attacking code or software that tricks users into running it willingly, by hiding behind a legitimate program.

They spread often by email; it may appear as an email from someone you know, and when you click on the email and its included attachment, you’ve immediately downloaded malware to your computer. Trojans also spread when you click on a false advertisement.

Once inside your computer, a Trojan horse can record your passwords by logging keystrokes, hijacking your webcam, and stealing any sensitive data you may have on your computer.

Web threats

4. Adware and spyware

By "adware" we consider any software that is designed to track data of your browsing habits and, based on that, show you advertisements and pop-ups. Adware collects data with your consent — and is even a legitimate source of income for companies that allow users to try their software for free, but with advertisements showing while using the software. The adware clause is often hidden in related User Agreement docs, but it can be checked by carefully reading anything you accept while installing software. The presence of adware on your computer is noticeable only in those pop-ups, and sometimes it can slow down your computer’s processor and internet connection speed.

When adware is downloaded without consent, it is considered malicious.

Spyware works similarly to adware, but is installed on your computer without your knowledge. It can contain keyloggers that record personal information including email addresses, passwords, even credit card numbers, making it dangerous because of the high risk of identity theft.

5. Computer worm

Computer worms are pieces of malware programs that replicate quickly and spread from one computer to another. A worm spreads from an infected computer by sending itself to all of the computer’s contacts, then immediately to the contacts of the other computers.

A worm spreads from an infected computer by sending itself to all of the computer’s contacts,, then immediately to the contacts of the other computers

Interestingly, they are not always designed to cause harm; there are worms that are made just to spread. Transmission of worms is also often done by exploiting software vulnerabilities. While we don't hear about them much today, computer worm are one of the most common computer network threats.

6. DOS and DDOS attack

Have you ever found yourself waiting impatiently for the online release of a product, one that you’re eagerly waiting to purchase? You keep refreshing the page, waiting for that moment when the product will go live. Then, as you press F5 for the last time, the page shows an error: "Service Unavailable." The server must be overloaded!

There are indeed cases like these where a website’s server gets overloaded with traffic and simply crashes, sometimes when a news story breaks. But more commonly, this is what happens to a website during a DoS attack, or denial-of-service, a malicious traffic overload that occurs when attackers overflood a website with traffic. When a website has too much traffic, it’s unable to serve its content to visitors.

A DoS attack is performed by one machine and its internet connection, by flooding a website with packets and making it impossible for legitimate users to access the content of flooded website. Fortunately, you can’t really overload a server with a single other server or a PC anymore. In the past years it hasn’t been that common if anything, then by flaws in the protocol.

A DDoS attack, or distributed denial-of-service attack, is similar to DoS, but is more forceful. It’s harder to overcome a DDoS attack. It’s launched from several computers, and the number of computers involved can range from just a couple of them to thousands or even more.

Since it’s likely that not all of those machines belong to the attacker, they are compromised and added to the attacker’s network by malware. These computers can be distributed around the entire globe, and that network of compromised computers is called botnet.

Since the attack comes from so many different IP addresses simultaneously, a DDoS attack is much more difficult for the victim to locate and defend against.

7. Phishing

Phishing is a method of a social engineering with the goal of obtaining sensitive data such as passwords, usernames, credit card numbers.

The attacks often come in the form of instant messages or phishing emails designed to appear legitimate. The recipient of the email is then tricked into opening a malicious link, which leads to the installation of malware on the recipient's computer. It can also obtain personal information by sending an email that appears to be sent from a bank, asking to verify your identity by giving away your private information.

Uncovering phishing domains can be done easily with SecurityTrails.

8. Rootkit

Rootkit is a collection of software tools that enables remote control and administration-level access over a computer or computer networks. Once remote access is obtained, the rootkit can perform a number of malicious actions; they come equipped with keyloggers, password stealers and antivirus disablers.

Rootkits are installed by hiding in legitimate software: when you give permission to that software to make changes to your OS, the rootkit installs itself in your computer and waits for the hacker to activate it. Other ways of rootkit distribution include phishing emails, malicious links, files, and downloading software from suspicious websites.

Web threats

9. SQL Injection attack

We know today that many servers storing data for websites use SQL. As technology has progressed, network security threats have advanced, leading us to the threat of SQL injection attacks.

SQL injection attacks are designed to target data-driven applications by exploiting security vulnerabilities in the application’s software. They use malicious code to obtain private data, change and even destroy that data, and can go as far as to void transactions on websites. It has quickly become one of the most dangerous privacy issues for data confidentiality. You can read more on the history of SQL injection attacks to better understand the threat it poses to cybersecurity.

10. MIM attacks

Man-in-the-middle attacks are cybersecurity attacks that allow the attacker to eavesdrop on communication between two targets. It can listen to a communication which should, in normal settings, be private.

As an example, a man-in-the-middle attack happens when the attacker wants to intercept a communication between person A and person B. Person A sends their public key to person B, but the attacker intercepts it and sends a forged message to person B, representing themselves as A, but instead it has the attackers public key. B believes that the message comes from person A and encrypts the message with the attackers public key, sends it back to A, but attacker again intercepts this message, opens the message with private key, possibly alters it, and re-encrypts it using the public key that was firstly provided by person A. Again, when the message is transferred back to person A, they believe it comes from person B, and this way, we have an attacker in the middle that eavesdrops the communication between two targets.

Here are just some of the types of MITM attacks:

  • DNS spoofing
  • HTTPS spoofing
  • IP spoofing
  • ARP spoofing
  • SSL hijacking
  • Wi-Fi hacking

Emerging threats in 2021

Fileless attacks

We’ve been hearing a lot about fileless attacks this year. Used to perform data breaches, this trending cyber attack method is—as its name implies—based not on new files or payloads, but on working with feature attributes present in the target system.

Most fileless attacks start with phishing attacks, which lead people to malicious campaigns. After executing social engineering attacks against the victim, they are able to perform memory-based setup for further execution. What’s worse is that most of the time these fileless attacks pass under the radar, and remain undetected until it’s too late.

5G-based swarm attacks

With the rise of new 5G technologies and networks, higher-speed transfers and large amounts of data can be retrieved and uploaded faster than ever. A new face of cybercrime is emerging.

High bandwidth-based attacks are more usual than ever too, affecting most technologies, but particularly focused on the Internet of Things and mobile devices. According to TechTarget, swarm attacks have increased more than 80% in the past few years, and will continue to grow.

The nature of swarm attacks involves multiple devices infected at the same time, which will later work on different attacking functions, depending on their role inside the bot-coordinated attack.

This type of attack also uses AI to discover new victims, switch attack strategy, and correlate and share data with the original attacker.


It can seem a difficult task to keep track of all the network security threats that are out there, and the new ones that just keep emerging. Whether the media is creating a culture of fear out of being online and placing trust in leaving our information out for all to see, or whether the threats that wait in the dark corners of the Internet are truly serious and can happen to anyone, the best thing we can all do is to be prepared. There is no way to be completely sure that a system is impenetrable by cybersecurity threat. We need to ensure that our systems are as secure as possible.

Prevention of future attacks has never been easier than now with our up-to-date cyber intelligence data. Contact us for custom data enrichment solutions so you can always be prepared.

Esteban Borges Blog Author

Esteban is a seasoned cybersecurity specialist, and marketing manager with nearly 20 years of experience. Since joining SecurityTrails in 2017 he’s been our go-to for technical server security and source intelligence info.