1. Business
May 11, 2022

What is a cyberattack?

A cyberattack can seriously damage companies’ infrastructure and reputation, but what exactly is it?

By Robert Penman

It seems like hardly a week goes by without another company suffering a cyberattack. Usually, the news would be accompanied with numbers about how many computers were compromised and what the hackers got away with. Quite often, however, the news fail to explain what a cyberattack actually is. Don’t worry, we’ve got you covered.

A cyberattack is an unwelcome attempt to steal, expose, alter, disable or destroy information through unauthorised access to computer systems. The landscape is complex. Today’s always-connected world offers a myriad of opportunities for cybercriminals to disrupt countries, organisations and individuals.

While that explains what a cyberattack is, it doesn’t clarify what sort of people carry out cyberattacks, what the common tactics are or what the stages of a cyberattack are. So let’s dig into that, shall we?

Threat actors

Those who carry out cyberattacks are called threat actors. Threat actors include thieves, hacktivists, and terrorists.

When we’re talking about thieves carrying out a cyberattack, we normally refer to organised crime syndicates whose motives are typically data and monetary theft. They target assets such as personal information, credit card data, and corporate IT infrastructure.

Hacktivists are people who want to gain attention for their cause. Therefore, they target senior executives’ digital footprint, business-critical assets, corporate websites, and social media accounts. The hacking group Anonymous is an example of a hacktivist group.

Terrorists create terror in order to further their political goals. Their modus operandi include extortion, disruption or damage to critical infrastructure assets, and industrial espionage. They typically target business-critical assets, telecoms and power networks as well as technological know-how. Most insurance policies do not cover war and terrorism needs to be written explicitly into policies. This was something several big corporates experienced after the NotPetya attack in 2017, forcing them to endure lengthy court battles to overcome those issues.

Malicious players include disgruntled employees or customers. They may carry out a targeted cyberattack on business-critical assets, social media accounts, corporate propertyn, secrets or intellectual property.

Types of cyberattacks

Cyberattacks can be split into two types: un-targeted or targeted. Like the names suggests, one hasn’t an explicit victim in mind and the other does.

In un-targeted attacks, attackers will target as much as possible. There is little direct interest in the victim because there will always be several vulnerabilities. Untargeted attacks include phising attacks, malware, water holing and zero-day exploits.

Phishing refers to the practice of sending fraudulent messages to large numbers of people asking for sensitive information such as bank details or encouraging them to visit a fake website.

Phishing accounts for around 90% of data breaches. It is widespread due to its simplicity and effectiveness, as it targets the weakest link in the security chain: the user. Users are the weakest link because they are currently experiencing an information overload, making them less cautious. Despite all the warnings, users still possess insufficient knowledge about phishing, its use to deliver ransomware, and how to deal with unknown threats.

Malware is short for malicious software. It refers to any intrusive software to steal data and damage or destroy computers and computer systems. Examples of common malware include viruses, worms, spyware, adware and ransomware.

A ransomware attack can paralyse an organization. A 2021 report from cybersecurity firm Cybereason, Ransomware: The True Cost to Business, also revealed that 66% of survey respondents had suffered a significant loss of revenue following a ransomware attack.

Water holing involves setting up a fake website or compromising a legitimate one to exploit visiting users.
A zero-day exploit is an attack targeting a security flaw previously unknown to the software vendor or security provider. If it has never been reported, it’s a zero-day flaw because developers have had zero days to fix it. Zero-day vulnerabilities may be available for years before they are reported.

Targeted attacks

In a targeted attack, an organisation is identified because the attacker has a specific interest in its business. A targeted attack is usually more damaging because it has been specifically tailored to attack systems, processes, or personnel. Targeted attacks may include the use of methods such as spear-phishing attack, distributed denial of service attacks (DDoS) and supply chain attacks.

Spearheaded phishing attacks occur when the attacker send messages to targeted individuals with an attachment containing malicious software or a link that downloads malicious software.

A DDoS attack is a coordinated cyberattack in which multiple connected machines are usually infected with malware, flood a network, server, or website with so much data as to crash the site.

A supply chain attack compromises enterprise networks using applications used by outside partners, such as suppliers. The massive cyberattack against the software company SolarWinds in 2020 is one example of a supply chain attack. Outside partners have already been granted rights to use and manipulate areas of a company’s network, applications, or sensitive data. Therefore, the attacker only has to penetrate the outside partners’ defences.

The stages of a cyberattack

Cyberattacks typically have several stages in common. The UK’s National Cyber Security Centre has defined the four stages of a cyberattack using a simplified version of the Cyber Kill Chain produced by Lockheed Martin. These are usually referred to as the survey stage, the delivery stage, The breach stage and the impact stage.

In the survey stage, attackers will find technical, procedural, or physical vulnerabilities that they can exploit. They will often use open-source information sources, including social media platforms like LinkedIn and Facebook.

Users often unwittingly reveal information that can be used in attacks. They may talk about an organisation’s network on a support forum; or neglect to remove hidden properties from documents such as software version and file save locations.

Attackers will also use social engineering to exploit user naivety and goodwill to elicit additional information. During the delivery stage, an attacker will get into a position where they can exploit identified vulnerabilities. Examples might include attempting to access an organisation’s online services, sending an email containing a link to a malicious website, or creating a false website hoping that a user will visit it.

The breach stage is the third stage. The harm that an attack will create depends on the nature of the vulnerability and the exploitation method. The cyberattack may allow the attacker to make changes that affect a system’s operations, gain access to online accounts and achieve full control of a user’s computer, tablet or smartphone.

The attacker could then pretend to be the victim and use their legitimate access rights to access other systems and information.

In the impact stage, the attacker typically seeks to explore systems and establish a persistent presence. By gaining administrative access to one system, they can install automated scanning tools to discover more about the organisation’s networks.

Attackers’ end goals may include retrieving information, make changes for their own benefit or disrupt normal operations. Hackers could try to access information such as intellectual property or commercially sensitive information. The changes they could make include things like creating payments into a bank account they control. Cybercriminals could also disrupt normal business operations by overloading the organisation’s internet connection so it cannot communicate externally.

After achieving their objectives, the attacker will either exit. This stage could include removing any evidence of their presence or create an access route for future visits. Attackers may also seek to seriously damage a system or set out to advertise their success.

GlobalData is the parent company of Verdict and its sister publications.