What Is a Cyberattack?

A cyberattack is an attempt by an individual or organization to compromise a computer system or network. The motivation for cyberattacks is often financial (e.g., extortion), though hacktivism (hacking for political or even military means) is also very common. Others perform such acts simply for the intellectual challenge or as a form of digital graffiti.

Cyberattacks are perpetrated using a wide range of techniques and tools, ranging from sophisticated hacking programs to basic social engineering and phishing attacks. Regardless of how it occurs, companies and individuals need to be constantly on guard for this threat and have a response and mitigation plan in place for when it does occur.

Why Do Cyberattacks Happen?

Cyberattacks occur for a variety of reasons, but motivations can typically be grouped into three classes:

• Criminal – Typically for financial gain, e.g., ransomware
• Political – Effects, e.g., weaken infrastructure before Ukraine invasion
• Personal – A disgruntled employee or even intellectual curiosity, e.g. a malicious insider

Criminal attacks performed for financial gain could be used to transfer funds virtually from one account to another through a wide variety of means. However, this also commonly takes the form of extortion by holding data for ransom or even compromising machinery until a payment is made.

What Are the Common Types of Cyberattacks?

• Social Engineering and Phishing – The practice of sending deceptive communication to someone (typically to many people) to entice the receiver to give up an important piece of information or even currency. A very well-known phishing scam is that of a “Nigerian prince” who needs a sum of money to solve a problem and who will “pay you back handsomely” once things are resolved. Another variation is that of someone who needs your business or banking credentials for “legitimate purposes.”
• Account Compromise – Threat actors take control of a legitimate user’s account for their own nefarious purposes. This type of attack can immediately follow a social engineering/phishing attack. Virtually emptying someone’s bank account is one result of such an attack. On both a smaller and larger scale, hackers (notably via the Mirai malware) can use factory default credentials of IoT devices to create an army of enslaved devices, or botnets, that can then be used for other attack purposes.
• Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) – This type of attack aims to make a system unavailable by sending it meaningless traffic. Instead of serving data to real users, the system instead spends resources dealing with these requests. In a “standard” DoS attack, traffic comes from a single source, while DDoS attacks spread requests out among a wide range of systems. A botnet such as one created via account compromise (above) is a notorious tool for DDoS attacks.
• Man-in-the-Middle (MitM) – An attacker inserts himself between two devices in communication. The attacker can then impersonate one or both sides of the communication session, gaining information and/or illicit access to systems. Computers using public and/or unsecured WiFi networks can be targets for this type of attack.
• Malware and Ransomware – Malware is a broad term for any kind of hostile computer software or code, with a wide range of nefarious purposes. Ransomware is a specific class of malware that performs an action that can typically be undone for a financial bribe. Ransomware can encrypt data or may threaten to release sensitive information (damaging even if you have appropriate backups).
• Exploits – An exploit is a method for taking advantage of a vulnerability in a computing system that causes unwanted behavior. This can potentially be used to install malware. Zero-day exploits take advantage of otherwise unknown vulnerabilities in a system. Other types of exploits take advantage of known vulnerabilities that are not yet patched, potentially because a specific system is not properly updated.

Note that malware and ransomware, while often classed as cyberattacks, are technically tools for performing cyberattacks. Similarly, an exploit would perhaps be more properly classed as a cyberattack opportunity, a vulnerability that can be taken advantage of in the process of an attack.

What Effects Do Cyberattacks Have on Businesses?

While cyberattacks can and do happen to individuals — with significant consequences, like ransomware and compromised banking credentials — the threat and consequences of cyberattacks can be especially significant to businesses. Consequences may include:

• Monetary – Attackers are often after monetary compensation. This could be a ransomware attack where important data is encrypted or threatened to be leaked unless a payment is made, or even an account compromise where business banking details are used to siphon funds into another account. Each item on this list has a monetary cost, but here we’re referring to a direct loss of funds.
• Reputation – While difficult to quantify in monetary terms, if a business is hacked, customers may be less willing to work with the compromised institution, even if the threat has been corrected. Revenue would then decrease, and other business operations, such as talent acquisition, could be affected.
• Mitigation Costs – Before, during, and after a cyberattack, personnel must use valuable time that could otherwise be dedicated to core business activities. While a cost for security must be paid in each scenario, investing in preventive measures before an attack so that the during and after phases never happen, or happen at a reduced rate, can be a wise use of resources.
• Business Disruption – When an attack occurs, core business functions may be affected, potentially causing the business to miss out on revenue.
• Data Loss – Depending on the type of attack, and/or if a ransom is paid to the attacker’s satisfaction, data may be lost, destroyed, or even shared with other parties.

Cyberattack Prevention, Detection, and Response

When a cyberattack is performed against a business or person, the best solution is to never let it “in” past a network’s perimeter. Once it does infect a system, detection lets us know that there is a problem, allowing personnel and systems to respond appropriately.

• Prevention – Before a cyberattack occurs, security personnel should do their best to “lock down” the network, keeping intruders from ever getting in. Routes for cyberattacks are known as “attack surfaces” and include network, application, and device vulnerabilities, as well as human factors like leaving a computer unlocked or choosing weak passwords.
• Detection – Many threats can be stopped before affecting a network or system, but it’s important to know when something slips past the proverbial gates. Cybersecurity platforms like SentinelOne can help with threat detection, as well as the prevention and response phases of threat mitigation.
• Response – While response will vary greatly depending on the type and scale of attack, it’s important to have a team, tools, and procedures in place to deal with threats once they penetrate a system. It’s also important to have regular data backups so that damage will be limited if data needs to be restored.

Related Solutions

When considering cyber threats, security professionals may find it helpful to consider the cyber kill chain model, which describes the stages of a cyberattack to anticipate and prevent threats. Stages include reconnaissance, weaponization, delivery, exploitation, installation, command and control, actions on objective, and monetization. This gives a framework for likely intruder actions and what steps we can take to prevent or stop an operation in its tracks.

Another important security concept is that of penetration testing, or pen testing. Pen testing operations attempt to penetrate a network. This reveals how cyberattacks, or even physical intrusions, can be performed so that they can be prevented.

Bug hunting is a related pursuit, focusing on vulnerabilities in individual software so it can be patched. This, of course, only works if the software is actually patched — excellent motivation for system administrators to keep software up-to-date.

Resources

The nature of cyberattacks is always changing. For an update on where we are as of February 2024, read this cybercrime update. This outlines trends such as commercial spyware, AI-driven APTs, and flawed RMMs.

FAQ

What is a tailgating attack?

A tailgating attack in the physical sense is following someone with access into a restricted area. For example, if an employee must swipe an RFID access tag to gain entry to a certain area, an attacker can often simply follow that person in with little suspicion. In the same way, if someone logs onto a network legitimately and then leaves the computer open when not present, an attacker could then access the network. He could potentially install malware, steal files, access restricted information, or other computer malfeasance.

What are the four common types of cyberattacks?

While there are many different types of cyberattacks, four of the most prominent types include:

• Social Engineering – Tricking someone into compromising a system
• Ransomware – Typically using compromised data to force users to pay a ransom for its return
• Denial-of-Service – Flooding a service with fake traffic to exclude legitimate use
• Man-in-the-Middle (MiTM) – Intercepting communications between two devices

Conclusion

Cyberattacks attempt to compromise a computer system or network, often for monetary extortion or political aims. These attacks come in a number of different forms, including social engineering (aka phishing), account compromise, malware, exploits, and more. IT personnel and network users must stay on guard for such threats via prevention, detection, and response. A comprehensive security platform like SentinelOne can be an important tool to keep threat actors at bay.