What is a cyber attack? How they work and how to stop them
What is a cyber attack?
A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. Cyber attacks aim to disable, disrupt, destroy or control computer systems or to alter, block, delete, manipulate or steal the data held within these systems.
Any individual or group can launch a cyber attack from anywhere using one or more attack strategies.
Cybercriminals who carry out cyber attacks are often referred to as bad actors, threat actors and hackers. They include individuals who act alone, drawing on their computer skills to design and execute malicious attacks, as well as criminal syndicates. These groups work with other threat actors to find weaknesses or vulnerabilities in the computer systems that they can exploit for gain.
Government-sponsored groups of computer experts also launch cyber attacks. They're identified as nation-state attackers, and they've been accused of attacking the IT infrastructure of other governments, as well as nongovernment entities, such as businesses, nonprofits and utilities.
Why do cyber attacks happen?
Cyber attacks are designed to cause damage. They can have various objectives, including the following:
Financial gain. Cybercriminals launch most cyber attacks, especially those against commercial entities, for financial gain. These attacks often aim to steal sensitive data, such as customer credit card numbers or employee personal information, which the cybercriminals then use to access money or goods using the victims' identities.
Other financially motivated attacks are designed to disable computer systems, with cybercriminals locking computers so owners and authorized users can't access the applications or data they need; attackers then demand that the targeted organizations pay them a ransom to unlock the computer systems.
Still, other attacks aim to gain valuable corporate data, such as proprietary information; these types of cyber attacks are a modern, computerized form of corporate espionage.
Disruption and revenge. Bad actors also launch attacks specifically to sow chaos, confusion, discontent, frustration or mistrust. They could be taking such actions to get revenge for acts taken against them. They could be aiming to publicly embarrass the attacked entities or to damage an organization's reputation. These attacks are often directed at government entities but can also hit commercial or nonprofit organizations.
Nation-state attackers are behind some of these types of attacks. Others, called hacktivists, might launch these types of attacks as a form of protest against the targeted entity; a secretive decentralized group of internationalist activists known as Anonymous is the most well-known of these groups.
Insider threats are attacks that come from employees with malicious intent.
Cyberwarfare. Governments around the world are also involved in cyber attacks, with many national governments acknowledging or being suspected of designing and executing attacks against other countries as part of ongoing political, economic or social disputes. These types of attacks are classified as cyberwarfare.
How do cyber attacks work?
Threat actors use various techniques to launch cyber attacks, depending in large part on whether they're attacking a targeted or an untargeted entity.
In an untargeted attack, where the bad actors are trying to break into as many devices or systems as possible, they generally look for vulnerabilities in software code that enable them to gain access without being detected or blocked. Or, they might employ a phishing attack, emailing large numbers of people with socially engineered messages crafted to entice recipients to click a link that downloads malicious code.
In a targeted attack, the threat actors are going after a specific organization and the methods used vary depending on the attack's objectives. The hacktivist group Anonymous, for example, was suspected in a 2020 distributed denial-of-service attack (DDoS) on the Minneapolis Police Department website after a man died while being arrested by Minneapolis officers. Hackers also use spear-phishing campaigns in a targeted attack, crafting emails to specific individuals who, if they click included links, would download malicious software designed to subvert the organization's technology or the sensitive data it holds.
Cybercriminals often create the software tools to use in their attacks, and they frequently share those on the dark web.
Cyber attacks often happen in stages, starting with hackers surveying or scanning for vulnerabilities or access points, initiating the initial compromise and then executing the full attack -- whether it's stealing valuable data, disabling the computer systems or both.
In fact, most organizations take months to identify an attack underway and then contain it. According to the "Cost of a Data Breach Report 2023" from IBM, the breach lifecycle -- or the time it takes organizations to identify and contain breaches -- averaged 204 days in 2023, down from 207 days in 2022. However, organizations required an average of 73 days to contain breaches in 2023, which is up from their average of 70 days in 2022.
What are the most common types of cyber attacks?
Cyber attacks most commonly involve the following:
- Malware is malicious software that attacks information systems. Ransomware, spyware and Trojans are examples of malware. Depending on the type of malicious code, hackers can use malware to steal or secretly copy sensitive data, block access to files, disrupt system operations or make systems inoperable.
- Phishing occurs when hackers socially engineer email messages to entice recipients to open them. The messages trick recipients into installing malware within the email by either opening an attached file or an embedded link. The "2023 State of the Phish" report from cybersecurity and compliance company Proofpoint found that 84% of survey respondents said their organization experienced at least one successful phishing attack in 2022, up 86% over 2020. Moreover, the survey also revealed that roughly 76% experienced an attempted ransomware attack in 2022.
- SMiShing -- also called SMS phishing or smishing -- is an evolution of the phishing attack methodology via text -- technically known as Short Message Service, or SMS. Hackers send socially engineered texts that download malware when recipients click on them. According to the mentioned report by Proofpoint, 76% of organizations experienced smishing attacks in 2022, up from 75% in 2021.
- Man-in-the-middle attacks, or MitM, occur when attackers secretly insert themselves between two parties, such as individual computer users and their financial institutions. Depending on the actual attack details, this type of attack can be more specifically classified as a man-in-the-browser attack, monster-in-the-middle attack or a machine-in-the-middle attack. MitM is also sometimes called an eavesdropping attack.
- Denial-of-service attacks flood a targeted system's resources by generating false traffic. The traffic is meant to overwhelm the targeted system, stopping responses to real requests. DoS attacks use a single source to generate false traffic.
- DDoS attacks are similar to DoS attacks in that they flood a target's system with large volumes of false data requests at one time. The difference between DoS and DDoS attacks, however, is that DDoS attacks use multiple sources to generate false traffic, whereas DoS attacks use a single source. DDoS attacks are also carried out using a botnet -- which is a network of malware-infected devices.
- SQL injection attacks occur when hackers insert malicious code into servers using Structured Query Language code to get the server to reveal sensitive data.
- Zero-day exploits happen when hackers first exploit a newly identified vulnerability in IT infrastructure. For example, a series of critical vulnerabilities in a widely used piece of open source software, the Apache Log4j Project, was reported in December 2021, with the news sending security teams at organizations worldwide scrambling to address them.
- Domain name system tunneling is a sophisticated attack in which hackers establish and then use persistently available access -- or a tunnel -- into their targets' systems.
- Drive-by download occurs when an individual visits a website that, in turn, infects the unsuspecting individual's computer with malware.
- Credential-based attacks happen when hackers steal the credentials that IT workers use to access and manage systems and then use that information to illegally access computers to steal sensitive data or otherwise disrupt an organization and its operations.
- Credential stuffing takes place when attackers use compromised login credentials such as an email and password to gain access to other systems.
- Brute-force attacks occur when hackers employ trial-and-error methods to crack login credentials such as usernames, passwords and encryption keys, hoping that the multiple attempts pay off with a right guess.
How can you prevent a cyber attack?
There's no guaranteed way for any organization to prevent a cyber attack, but there are several cybersecurity best practices they can follow to reduce the risk. Reducing the risk of a cyber attack relies on using a combination of skilled security professionals, processes and technology.
Reducing risk also involves the following three broad categories of defensive action:
- Preventing attempted attacks from actually entering the organization's IT systems.
- Detecting intrusions.
- Disrupting attacks already in motion -- ideally, at the earliest possible time.
Best practices include the following:
- Implementing perimeter defenses, such as firewalls, to help block attack attempts and access to known malicious domains.
- Adopting a zero-trust framework, which means organizations must verify every attempt to access its network or systems -- whether it comes from an internal user or another system.
- Using software to protect against malware, namely antivirus software, thereby adding another layer of protection against cyber attacks.
- Using patch management to address known software vulnerabilities that hackers could exploit.
- Setting appropriate security configurations, password policies and user access controls.
- Maintaining a monitoring and detection program to identify and alert to suspicious activity.
- Instituting a threat hunting program, where security teams use automation, intelligent tools and advanced analyses to actively look for suspicious activity and the presence of hackers before they strike.
- Creating incident response plans to guide reaction to a breach.
- Training and educating individual users about attack scenarios and how they, as individuals, play a role in protecting the organization.
What are the most well-known cyber attacks?
Cyber attacks continue to increase in sophistication and have had significant impacts beyond just the companies involved.
For example, JBS S.A., a Brazil-based meat processing company, suffered a successful ransomware attack on May 30, 2021. The attack shut down facilities in the U.S. as well as Australia and Canada, forcing the company to pay an $11 million ransom.
This came just weeks after hackers hit Colonial Pipeline in May 2021 with a ransomware attack. The attack shut down the largest fuel pipeline in the U.S., leading to fuel shortages along the East Coast.
Several months before that, the massive SolarWinds attack breached U.S. federal agencies, infrastructure and private corporations in what is believed to be among the worst cyberespionage attacks inflicted on the U.S. On Dec. 13, 2020, Austin-based IT management software company SolarWinds was hit by a supply chain attack that compromised updates for its Orion software platform. As part of this attack, threat actors inserted their own malware, now known as Sunburst or Solorigate, into the updates, which were distributed to many SolarWinds customers.
The first confirmed victim of this backdoor was cybersecurity firm FireEye, which disclosed on Dec. 8 that it was breached by suspected nation-state hackers. It was soon revealed that SolarWinds attacks affected other organizations, including tech giants Microsoft and VMware, as well as many U.S. government agencies. Investigations showed that the hackers -- believed to be sponsored by the Russian government -- had been infiltrating targeted systems undetected since March 2020.
Other notorious breaches include the following:
- Around February 2022, Russia began to flood Ukraine with cyber attacks. These cyber attacks are sometimes paired with physical attacks, while at other times, they're aimed at peering inside Ukrainian servers for information gathering.
- In a July 2020 attack on Twitter, hackers had access to the Twitter accounts of high-profile users.
- A breach at Marriott's Starwood hotels, announced in November 2018, compromised the personal data of upward of 500 million guests.
- The Feb. 2018 breach at Under Armour's MyFitnessPal (Under Armour has since sold MyFitnessPal) exposed the email addresses and login information for 150 million user accounts.
- The May 2017 WannaCry ransomware attack hit more than 300,000 computers across various industries in 150 nations, causing billions of dollars of damage.
- The September 2017 Equifax breach compromised the personal information of 145 million individuals.
- Also in September 2017, Google Cloud was hit by a record-breaking 2.5 terabit per second DDoS attack. Fortunately, the attack, which was designed to overwhelm their network, had no impact. According to Google, the attack was carried out by a nation-state-sponsored hacking group in China.
- The Petya attacks in 2016, which were followed by the NotPetya attacks of 2017, hit targets around the world, causing more than $10 billion in damage.
- Another 2016 attack, this time at FriendFinder, compromised more than 20 years' worth of data belonging to 412 million users.
- In 2016, a data breach at Yahoo exposed the personal information of 500 million user accounts. This was followed by news of another attack that compromised 1 billion user accounts.
- A 2014 attack against entertainment company Sony compromised both personal data and corporate intellectual property -- including yet-to-be-released films -- with U.S. officials blaming North Korea for the hack.
- eBay announced in May 2014 that hackers used employee credentials to collect the personal information of its 145 million users.
- In 2013, Target Corp. suffered a data breach in which the data belonging to 110 million customers was stolen.
- In 2009, the Heartland Payment Systems data breach exposed the information on 134 million credit cards.
The evolving threat of cyber attacks
The volume, cost and impact of cyber threats continue to grow each year, according to multiple reports. Consider the figures from one 2022 report. The "Cybersecurity Solutions for a Riskier World" report from ThoughtLab noted that the number of material breaches suffered by surveyed organizations jumped 20.5% from 2020 to 2021. Yet, despite executives and board members paying more attention -- and spending more on cybersecurity than ever before, 29% of chief executive officers (CEOs) and chief information security officers and 40% of chief security officers said their organization is unprepared for the ever-evolving threat landscape.
The report further notes that security experts expect the volume of attacks to continue their climb.
The types of cyber attacks, as well as their sophistication, also grew during the first two decades of the 21st century -- particularly during the COVID pandemic when, starting in early 2020, organizations enabled remote work en masse and exposed a host of potential attack vectors in the process.
The first computer virus was invented in 1986, although it wasn't intended to corrupt data in the infected systems. Cornell University graduate student Robert Tappan Morris created in 1988 the first worm distributed through the internet, called the Morris worm.
Then came Trojan horse, ransomware and DDoS attacks, which became more destructive and notorious with names such as WannaCry, Petya and NotPetya -- all ransomware attack vectors.
The 2010s then saw the emergence of cryptomining malware -- also called cryptocurrency mining malware or cryptojacking -- where hackers use malware to illegally take over a computer's processing power to use it to solve complex mathematical problems to earn cryptocurrency, a process called mining. Cryptomining malware dramatically slows down computers and disrupts their normal operations.
With the increased popularity of machine learning and AI, hackers have been adopting more sophisticated technologies, as well as bots and other robotic tools, to increase the velocity and volume of their attacks.
They also developed more sophisticated phishing and spear-phishing campaigns, even as they continued to go after unpatched vulnerabilities; compromised credentials, including passwords; and misconfigurations to gain unauthorized access to computer systems.
Cyber attack trends
As cyber attacks grow in frequency and sophistication, several trends have started to appear. For example, three currently appearing trends in cyber attacks include the following:
- Ransomware. Ransomware has been an increasing and substantial threat to organizations, as these attacks have become more sophisticated and common. Attackers have been finding ransomware techniques that yield better results for the attackers.
- The use of AI. Malicious actors are using AI tools to aid in their hacking efforts. For example, in 2019, the CEO of a UK-based energy firm was targeted when they believed they were on the phone with their boss, who was really an AI-generated voice. The CEO followed an order to transfer $243,000 to a Hungarian supplier's bank account. The accounts of similar attacks have only increased since.
- Hacktivism. Hacktivists target computer systems or networks for a socially or politically motivated reason. Hacktivists and hacktivist groups have been an ongoing threat for attacks. For example, during the Israel-Gaza conflict, hacktivists have claimed to be responsible for cyber attacks on either side.
With these evolving threats, it's important to stay on top of these potential cyber threats. Learn more about cybersecurity trends and statistics to keep an eye on.