What is a Cyberattack?
A cyberattack is any form of malicious activity that targets IT systems, or the people using them, to gain unauthorized access to the systems and the data or information they contain. In most cases, the cyber-attackers are criminals looking to exploit the attack for financial gain. In other cases, the aim is to disrupt operations by disabling access to IT systems, or in some cases directly damaging physical equipment. The latter type of attack is commonly state-backed and carried out by state actors, or cybercriminals in their employ.
Cyberattacks can be targeted at specific organizations or individuals, or they can be broadcast in nature and impact on multiple organizations regionally and globally. Often targeted attacks jump from their intended victims to become more general problems for all organizations. The NotPetya global infestation in June 2017 was likely a side effect of a targeted attack on Ukrainian banks and utilities by state actors. It had the intended impact on Ukraine, but it also spread globally and caused approximately $10 billion in costs to recover IT systems and in lost productivity according to articles covering the clean-up.
Common Cyberattack Methods
Cyberattack methods come in many kinds, and with the expanding attack surface due to the expansion of IoT (Internet of Things) devices and sensors, plus the increasing provision of 5G network connectivity, new attack methods will likely appear. Below we present a list and summary of the most common attack methods.
The list is not exhaustive. Consult the IntSights website to stay up to date on emerging threats. The industry OWASP Foundation maintains a list of the top 10 attack methods used against web-based applications. We won’t replicate the attack methods outlined in the OWASP list, but you should have a look at the list on the OWASP site.
Phishing attacks target people to steal login and other confidential information by trying to trick them into clicking malicious links in emails, message apps, or on the web. Phishing attacks are designed to look like authentic messages from trusted brands, organizations, or individuals so that the recipients think that they are getting a real request for information. Phishing links usually take the recipient to a spoof website made to look like a real one and then harvests their login details. Spear Phishing is a highly targeted variant that pretends to be an email or message from an important individual in an organization to another person within the same organization. Spear phishing attempts hope to use the extra authenticity of the sender to trick people into providing information they shouldn’t.
Malware is malicious software designed to infect IT systems and cause damage or compromise data. Malware attacks come in many forms such as viruses, worms, trojans, adware, spyware, ransomware, and more.
Ransomware is a form of malware that encrypts data on infected IT systems. It demands a ransom is paid to get a code to decrypt the infected system, usually to an anonymous address using Bitcoin. Many of the significant cyberattacks in the last few years have been ransomware attacks (WannaCry, for example). Or they have masqueraded as ransomware attacks to hide their real purpose (NotPetya seems to fall into this category).
Man In The Middle Attack
A man in the middle (MITM) attack occurs when cybercriminals intercept and alter network traffic flowing between IT systems. The MITM attack impersonates both senders and receivers on the network. It aims to trick both into sending unencrypted data that the attacker intercepts and can use for further attacks or financial gain.
Crypto-jacking is a type of malware that uses the resources of the infected IT systems to ‘mine’ for cryptocurrencies. This steals the attacked systems computing resources by running at high load to generate income for the remote attackers. Who then make money from the cryptocurrencies that are generated on the infected system.
Denial Of Service Attack
A Denial of Service (DoS) attack aims to disrupt a service being provided on the network by flooding the targeted systems or applications with so many requests that the servers are unable to respond to them all. By doing this, legitimate access requests are prevented from accessing the service, or they take a very long time. Most DoS attacks are distributed and known as DDoS attacks. These use malware-infected PC’s, and increasingly poorly secured IoT devices, to rapidly send the requests that overwhelm the targeted systems.
OWASP Top 10
Just a reminder that this is not an exhaustive list and that the OWASP Top-10 list should be read as well. Along with the other resources linked in the Common Cyberattack Methods section above.