The information below can help organizations understand some of the most common types of threats reported by NCTNS.
Malware infections
Keywords: Command and control (c&c), compromised server, ransomware
Malware infections can infiltrate or damage computer systems and devices. They may cause infected devices to send information to or receive information from a potentially malicious actor. Different names are used to define different types of malware.
Resources
- Get Cyber Safe: Secure your devices
- Have you been hacked? (ITSAP.00.015)
- Internet of Things (IoT) Security (ITSAP.00.012)
- Protect your organization from malware (ITSAP.00.057)
Vulnerable services
Keywords: Common vulnerabilities and exposures (CVE)
Vulnerable services are specific technical vulnerabilities present on a network service. These can vary in severity. An example of a severe vulnerable service is one that allows remote code execution. Vulnerable services are often described using the Common Vulnerability Enumeration, which documents how a service is vulnerable.
Resources
- Get Cyber Safe: Secure your connections
- Get Cyber Safe: Secure your devices
- Cyber Centre alerts and advisories
- How updates secure your device (ITSAP.10.096)
- CVE Program Mission
Open services
Keywords: Exposed service, open port, distributed denial of service (DDoS) potential
Open services are network services that are publicly exposed to the Internet. This may be intentional or the result of a misconfiguration. Exposed network services increase the threat surface, provide threat actors with valuable network information, and are often abused by threat actors to conduct distributed denial of service (DDoS) attacks.
Resources
- Get Cyber Safe: Secure your connections
- Get Cyber Safe: Secure your accounts
- Firewall security considerations (ITSAP.80.039)
- Security considerations for your website (ITSM.60.005)
- Protecting your organization against denial of service attacks (ITSAP.80.100)
- Security considerations when developing and managing your website (ITSAP.60.005)
- Distributed denial of service attacks - prevention and preparation (ITSAP.80.110)
General resources
Didn’t find what you were looking for? Browse the resources below to find expert guidance on many types of cyber security issues.
- Get Cyber Safe: Canada’s national public awareness campaign created to inform Canadians about cyber security and the simple steps they can take to protect themselves online
- Cyber Centre cyber security guidance: Advice and guidance publications, reports, and cyber threat assessments
- Cyber Centre glossary: Definitions for the ever-changing world of cyber security jargon
- Get Cyber Safe Checkup: Quiz to assess the security of your accounts and devices