cyberattack
- Related Topics:
- computer
- Internet
- malware
- denial of service attack
- phishing
News •
cyberattack, deliberate and malicious attempt to gain unauthorized access to a digital system. Cyberattacks can affect computers, smartphones, or other Internet-connected devices. Cybercriminals’ main goal is often to steal money, personal information, credentials, intellectual property, or otherwise valuable information. Attackers may also aim to disrupt or cripple the targeted system. Cyberattacks are often a precursor to more-serious cybercrime, such as identity theft, invasion of privacy, and fraud. Such attacks occur every day, and more than half of them result in damages of $500,000 or more each. The average cost of a data breach is $4.35 million, and some estimates indicate that cybercrime will cost the world $10.5 trillion annually by 2025. The most advanced cyberattacks have disrupted industrial machinery, transportation, and Internet service to entire regions; they have even left hundreds of thousands of people without electricity.
Cyberattacks present a significant threat to computer systems not only because of the damage they can cause but also because of their low cost of entry. With mastery over certain software, one person could launch an attack against an entire country. Moreover, attackers can easily hide their identity, location, and motive. Cyberdefense measures must repeatedly deter attacks that may differ in scope and method, whereas a cyberattack needs to succeed only once; an unprotected server can face hundreds of attacks a day. The line between cyberdefense and cyberattack, however, sometimes blurs. For example, Pegasus spyware was explicitly designed for national security and law enforcement but was used to track and monitor influential individuals without their knowledge.
Both individuals and organizations can perpetrate cyberattacks, but such attacks differ from cyberwar, which is typically waged between countries. Cyberwar can include physical attacks against digital infrastructure (such as destroying communications systems or hardware) in addition to cyberattacks.
Structure of cyberattacks
Cyberattacks target a system’s syntactic layer, its semantic layer, or both. Syntactic cyberattacks center on software and, in most cases, involve malware (a portmanteau of malicious and software). Semantic cyberattacks attempt to trick victims into providing valuable information or access to valuable systems, using a strategy known as social engineering. A common example of social engineering is phishing—the practice of sending fraudulent emails that impersonate trustworthy contacts to ask for personal information.
Cyberattacks generally operate in four broad phases. Attackers start with reconnaissance, during which they probe for weaknesses and gather information within a target’s system. They may use social engineering to obtain private information and may consider aligned targets, such as partners, customers, or suppliers. During this stage, the attackers typically research how to breach the system and whether that will require creating or buying malware or conducting trials.
The second phase is delivery, during which the attackers implement a plan to infiltrate the target. Common methods include using an infected USB, creating a fake website, or planting a link within an email. Attackers may even resort to more-traditional forms of crime, such as bribery or blackmail.
The third phase of a cyberattack is breaching. If the infiltration plan succeeds, the attackers gain access to the target’s system and establish a digital presence.
The fourth phase is the attack. Now that the attackers have gained access to their target’s system, they may attempt to breach more-valuable networks or to establish a more permanent presence. They may also attempt to disable system security measures. The attackers can then proceed with their plans: depending on the target, they may be interested in sending bank payments, disrupting or crippling business operations, stealing intellectual property or sensitive information, or otherwise changing the network. They can disrupt the system to gain remote control over it, perhaps even connecting it to other compromised devices.
Advanced attackers typically vacate the system and remove evidence of their presence after they have achieved their goals; they may even disguise their work as someone else’s. In some cases, they leave behind a back door for future access or to sell access to other cybercriminals. Some attackers, however, wreak havoc merely to attract attention to their success.
Types of cyberattacks
Cyberattacks can be classified into two categories: untargeted and targeted. Untargeted attacks aim to affect as many devices or services as possible. For example, infiltrators sometimes use “water holing,” in which a web page is created or compromised and visitors are then attacked as they access the page. Another example is scanning, in which attackers systematically attempt to find vulnerabilities in a system, often aiming for points of entry.
Targeted cyberattacks are tailored to a specific individual or organization. The culprit is often external, but internal actors can also compromise a system.
Malware
Malware is an umbrella term for software programs used in cyberattacks, typically installed on victims’ devices when they interact with a dangerous link or email. For example, electronic games or applications from a third-party service may hide malware within their software packages. Attackers may also try “baiting,” a strategy in which malware is left in a public online space, such as a web page. Malware includes viruses, worms, Trojans, rootkits, spyware, and adware. Scareware uses false alerts to pressure a user into downloading further malware or into providing valuable information. Ransomware, also called cryptoviral extortion, blocks access to a digital asset or device until the owner pays a ransom. Payments have been as much as $40 million. Ransomware is the second most common form of cyberattack; in fact, there are organizations that sell ransomware attacks as a service, enabling others to conduct such attacks.
Software exists to detect and combat malware, and operating systems are continually updated to minimize weaknesses. However, malware has advanced just as quickly as cyberdefense strategies and tools.
Phishing
Phishing is a common social engineering tactic in which cyberattackers impersonate trusted sources, typically via email, to steal valuable data or to install malware. Spear phishing is the term for sending such emails to specific targets in an organization; whale phishing is a subcategory that targets company executives. Business email compromise scams occur when cybercriminals impersonate an executive or a business associate and ask that money be wired to a specific account.
Denial-of-service attacks
A denial-of-service (DoS) attack overwhelms its target with traffic and thus prevents legitimate use. Distributed denial-of-service (DDoS) attacks occur when the source of the traffic is not a single entity but many, typically involving the use of a botnet. A botnet is a network of connected devices—termed zombie computers—that are all infected with malware, allowing attackers to use them for their own purposes without owner authorization. The largest discovered botnet comprised nearly two million computers.
Man-in-the-middle attacks
Man-in-the-middle (MitM) attacks, sometimes called eavesdropping attacks, occur when attackers intercept communications either between people or between an individual and a server. Unsecured public networks provide a relatively easy environment for attackers to spy on and intercept Internet traffic. Session hijacking attacks are a subcategory of MitM attacks in which attackers match their IP address to that of a legitimate user, thereby gaining the same level of access on the user’s server.
Other types of cyberattacks
- Cross-site scripting (XSS) occurs when an attacker infects a website, often through JavaScript code, which typically involves sending the target to a different site or stealing targeted data.
- Supply chain attacks occur when attackers hijack a third-party vendor used by the target in order to infiltrate the system. Depending on the extent of the attack and the size of the vendor, attackers could access multiple targets.
Cyberattack prevention
Simply ensuring that all software is up-to-date and avoiding unknown links can be an effective strategy to prevent cyberattacks. Identity and access management strategies, such as multifactor authentication, strong passwords, and virtual private networks (VPNs), provide added levels of security. Firewalls and Internet encryption can prevent bad actors from interacting with a network. Additionally, data loss prevention tools can monitor security threats and aid in backing up important data in the event of a breach.
Organizations can work to deter cyberattacks by educating employees on cybersecurity tips, enlisting third-party security experts, or investing in an internal cybersecurity team. Such teams can take measures to root out system weaknesses, detect cyberattacks, and create response plans in the aftermath of an attack. Although it is impossible to be completely secure from cyberattacks, such measures can help to lessen potential damage.