Most Common Types & Sources of Cyber Threats

Secureworks® gives you an updated look at cyber threats, including the most common types and sources, and what best practices to put in place to defend against them.

Most Common Types & Sources of Cyber Threats


  • The threat level to organizations shows no signs of slowing down as cybercriminal and state-sponsored threat actors maintain high levels of activity
  • Threat intelligence provides visibility beyond network borders, while properly implemented security controls help safeguard connected systems
  • XDR-based solutions, including MDR, have gained more prominence as organizations struggle balancing expanded attack surfaces with budget and resource constraints

What is a Cyber Threat?

In simple terms, a cyber threat refers to a malicious or harmful action taken by an individual or organization to disrupt digital life. It can include stealing, altering, or destroying data, breaching privacy measures, spreading misinformation, or interfering with regular network functions. While the definition may be simple, the execution of cyber threats can range from basic phishing attempts enabled by underground marketplace purchases to sophisticated multi-vector actions taken by organized threat groups.

Cumulatively, the cost of cybercrime is expected to reach a staggering $10.5 trillion in 2025, according to Cybersecurity Ventures Boardroom Cybersecurity Report. Impacts include data destruction, stolen funds, business and productivity disruption, theft of data including intellectual property and personal and financial, fraud, damaged reputation, legal fees, and regulatory fines.

6 Biggest Cyber Threats

Cyber threats are getting more sophisticated and intense amid increasing levels of remote work, cloud migration and advanced cyber adversaries. Here are the biggest threats to organizations according to the Secureworks Counter Threat Unit™:

  • Ransomware remains the primary cyber threat to organizations with attack numbers rebounding and exceeding historical norms, now with a median dwell between initial access and payload delivery of just 24 hours. The top initial access vectors for ransomware include scan-and-exploit, stolen credentials, and commodity malware delivered via phishing emails.
  • Infostealer activity has seen increased use, particularly by ransomware affiliates, and this activity is a significant precursor to ransomware attacks. These malware types steal credentials and other sensitive information, which are then sold on underground marketplaces.
  • Business email compromise is one of the most financially damaging online crimes overall for organizations. It exceeds even ransomware in aggregate, mainly because it is so prolific, even if individual financial losses from BEC may be lower than individual losses from ransomware.
  • Drive-by Downloads have become increasingly popular to deliver malware and as an initial access vector for malware. Two major strains of malware delivered this way are Gootloader and SocGholish, often via compromised websites.
  • Supply chain attacks have been leveraged by various threat actors, including North Korean state-sponsored groups and ransomware operators, to gain access to the suppliers’ customers for maximize impact with minimal effort.
  • State-sponsored threat activity continues to be driven by political imperatives, with Russia focusing on Ukraine, North Korea on currency theft, Iran on opposition suppression, and China on cyberespionage.

Learn more about these threats in the latest Secureworks State of the Threat Report.

2023 State of the Threat Report - Read the report that will walk you through the most notable and formidable threats we’ve faced in 2023.

Sources of Cyber Threats

When identifying a cyber threat, it’s important to know the adversary and understand the tactics, techniques, and procedures (TTPs) associated with them. The TTPs of threat groups are constantly evolving to avoid detection, but the sources of cyber threats remain the same. There is always a human element; someone who falls for a clever trick. But more importantly, there is also always a motive.

Understanding attacker TTPs helps identify the motive behind a cyber threat and act to prevent the likely next steps. The Secureworks CTU™ actively tracks threat groups and their TTPs, making those insights available to customers and using it to rapidly create countermeasures to combat the latest threats.

Most Common Sources of Cyber Threats

  • Criminal Groups: Use cyber threats to steal money and information, through phishing, social engineering, malicious software or other means
  • Hackers: Individuals, groups or organizations who compromise data for malicious intent
  • Hacktivists: Use cyberattacks to express social, environmental, or political agendas, often targeting corporations, governments, and other high-profile entities
  • Insider Threats: People who work within an organization who may intentionally or inadvertently compromise cybersecurity
  • Corporate Spies: Business rivals who may employ tactics to steal information or disrupt services
  • Nation States: Governments that use cyber threats to spy on other nations or disrupt their activities
  • Terrorist Groups: Use cyber threats to steal information, disrupt governmental operations or spread fear
  • Data Brokers: Collect and sell user information without explicit consent and often through underground marketplaces

What To Do From Here

Organizations can bolster their cyber defense by identifying their assets and their locations within the network to better understand their risk profile, especially in context of the larger threat landscape, to make informed decisions on their cybersecurity and vulnerability management approach.

Implementing stringent security policies, such as locking down internet-facing and sensitive internal systems with best practice multi-factor authentication (MFA) is essential. Additionally, leveraging the right cybersecurity tools for comprehensive monitoring of all endpoints, network, and cloud resources is crucial.

For larger organizations with established security teams, extended detection and response (XDR) solutions offer visibility and threat detection across all connected systems, enabling rapid response with the help of automatically correlated data across multiple security layers. Open XDR solutions integrate telemetry from your existing systems to maximize their value and drive analyst team efficiency and effectiveness.

For other organizations, managed detection and response (MDR) extends limited internal resources to provide 24/7 threat monitoring, detection, and response operations, ideal for organizations without the in-house team or budget to maintain constant security vigilance. MDR providers combine advanced technologies (such as XDR), threat intelligence, and human expertise to monitor, detect, and respond to threats.

Other preventive solutions include firewalls, intrusion detection and prevention systems (IDPS), secure gateways, and endpoint security software. Proactive assessments and testing can also make sure you’re ready before an attack happens.

Investing in cybersecurity not only protects against threats but also enhances business performance, customer trust, and regulatory compliance. While these recommendations may be challenging to implement, partnering with a trusted technology provider like Secureworks can significantly enhance security practices. Learn more about what Secureworks can do for you.

Back to all Blogs

Talk with an Expert

Thank you for submitting the form! We have received your request. A Secureworks team member will contact you within one business day.