A cyber attack is an attack on a computing system, environment, or infrastructure that occurs in cyberspace with the intent of maliciously disrupting, denying, disabling, degrading, destroying, or controlling information system resources or the information itself.
In 2021, 86.2% of organizations were affected by at least one successful cyber attack, up from 80.7% in 2020. This marks the single greatest increase in cybercrime since 2014 and is attributed to trends accelerated by the global pandemic of 2020. The trend is expected to continue.
Untargeted attacks target as large a number of devices, services, and users as possible and do not discriminate between targets. Examples include phishing, water holing, ransomware, and scanning. Targeted attacks are tailored to specific organizations and require laying the groundwork to develop and execute the attack, and include spear phishing and distributed denial of service (DDoS) attacks.
Active attacks, such as spoofing or man-in-the-browser, attempt to affect the operations of system resources. Passive attacks like wiretapping or port scanning attempt to learn or exploit information from the system without affecting system resources or being detected.
Syntactic attacks are malicious software (malware) that infects computer systems and include viruses, worms, and Trojan horses. Semantic attacks involve modifying information or disseminating incorrect information.
Attacks also have different modalities. The above attacks can be used for a supply chain attack, social engineering that seeks to psychologically manipulate individuals, or exploits intended to damage, control, or gather information from a computer system.
Cyber attacks can be broken down into three main stages. These stages may be repeated by cyber attackers for as long as they go undetected or encountered.
Attackers seek vulnerabilities through investigating and analyzing any available information about the target. This can be done through open-source information, standard scanning tools, or cyber attacks that access controlled systems or that exploit targets through social engineering, such as through social media or email.
The cyberweapon is delivered to the point in cyberspace where the vulnerability can be exploited. Delivery can be achieved electronically through information systems such as an email link or attachment, but may also involve other elements, such as giving someone an infected USB stick or directing them to a fraudulent website.
In the breach stage, vulnerabilities are exploited to gain unauthorized access to information resources. The attack may make changes to a system, gain access to controlled information, or attain control of a user’s account or devices.
In the affect stage, activities are carried out to achieve the attacker’s ultimate goals. This stage could be used to damage an organization or gain benefits such as bank account transfers or the theft of intellectual property. It can also be used to deepen control of the system or to gather information needed to set the stage for a new attack. Here, attackers may explore the system, expand access, or consolidate an ongoing presence – or they may remove evidence of their access and exit the system, and possibly leave access routes for future attacks by themselves or others. Other attackers may try to make their attack obvious in order to make a public statement or gain notoriety.
Cyber attacks can have a variety of motives, but common themes are:
Individuals who commit cyber attacks are known as cybercriminals or hackers, and tend to be motivated by financial gain. Larger, more sophisticated attacks can be committed by organized criminal syndicates or gangs of cyber attackers, terrorists, or so-called hacktivists seeking to make a statement or disrupt operations. Nation-states are also known for cyber exploitation and espionage, either directly or through state-backed hackers.
All of these are considered bad actors or threat actors, and can act on their own behalf or be commissioned by others. Cyber attacks can be perpetrated from outside an organization or from within.
Anyone and anything can be the target of cyber attacks. Individuals, enterprises, and governments tend to be targeted for their financial, intellectual, and data assets, or to make a political statement. Meanwhile, critical infrastructures such as control systems, energy, finance, telecommunications, transportation, water, and hospitals may be targeted in instances of warfare and terrorism.