There are many cybersecurity risks on the Internet. The various kinds of cyber warfare and cyber crime can have widespread and potentially devastating effects. Accessing risks and implementing protective measures for cybersecurity issues has software, hardware, and human components.
Remember that domain names are hierarchical so that computers (even DNS servers) don't need enormous lists with every host name in the world. Instead, every computer has to know where to find a root domain server, the one that knows where to find the top-level domains such as org and edu. Your computer looks up the address of a server for the particular top-level domain you want, let's say "edu," and then asks that server where to find "berkeley.edu," and so on.
But it can't really work in that clean, simple way for efficiency reasons. Worldwide, there are millions of DNS requests every second. If all of those requests had to start at the same few root domain servers, they'd be overwhelmed. Instead, DNS servers remember ("cache") the results of host name queries. The next time a request for the same host goes through the same server, it supplies what's called a non-authoritative answer. Computers rely on these answers even though they don't come directly from the official nameserver for the domain.
But anyone can operate a DNS server! If you operate a domain, your DNS server will be authoritative only for your own domain, but the odds are it'll also know the address of google.com, because people connect to it all the time, from everywhere. Now suppose you're a bad guy. You program your DNS server so that it tells people google.com is at your IP address, instead of Google's. (Actually the bad guys are more likely to "spoof" bank sites, not search sites.) You make a web site that looks exactly like Google's (or the bank's), but it behaves differently.
So, we all rely on every nameserver being honest, and sometimes they aren't. The trust model of the internet involves tradeoffs.
The net protocols were designed back when hardly anyone was connected to the Internet and everyone trusted everyone else. Today, achieving both security and efficiency at the same time would require a major redesign of the entire protocol system.
A secure Internet could easily end up preventing anonymous publishing. To prevent fraud, it's important to be able to verify the source of a message. But if the source of a message can be verified, the message can't be anonymous. That's problematic both for privacy and for freedom of speech.
Software has bugs (even finished software written by professionals). And people can use those bugs for bad purposes (such as crashing your computer or implanting spy software to collect everything you type, including passwords). Software developers try to prevent security bugs and fix them when they turn up, but not every software developer distributes fixes promptly.
This is especially a problem on smartphones. If you have an Android phone and a security bug is found, Google fixes it, but they don't send the fix directly to your phone. Google sends new system releases to the phone manufacturers, who may take some time to install local modifications available only on their phones. Only after that do the phone manufacturers send the modified Android code to carriers, who also may take some time to install carrier-specific modifications. Security fixes can come more quickly on iOS phones, because Apple can send updates to you directly, no matter which carrier you use.
The general name for programs that try to affect your computer badly is malware. One kind of malware is called a virus. Computer viruses make copies of themselves (just as biological viruses do) and try to spread themselves over the network to other computers. People use antivirus software to help prevent these attacks. People also use firewalls to limit the kinds of connections (HTTP requests, incoming mail, etc.) outsiders can make to your computer. (Both your computer and your router probably run firewall software.)
Another common attack strategy is called phishing: an attacker sends you an email that appears to be from some official organization (such as your bank) and tricks you into giving information to the attackers (such as your bank password).
One of the easiest ways to make trouble on the net is called a Denial of Service (DoS) attack. This consists of sending a lot of requests (for instance, requests for a web page or some data) to a server at the same time. This can overload the server's network bandwidth. A DoS attack doesn't destroy data or collect passwords; it just causes a temporary inability to reach the targeted server. So, other users of that server are denied service.
A variant is the Distributed Denial of Service (DDoS) attack, in which the attacker first uses viruses (or similar self-spreading software) to take control of many (sometimes tens of thousands of) computers around the world and then launches a DoS attack from all of them at the same time. Besides increasing the number of simultaneous server requests, DDoS makes it harder to determine who is at fault, since the attack seems to come from many innocent people.