What Is a Cyberattack?

A common cyberattack definition is the process of attempting to steal data or gaining unauthorized access to computers and networks using one or more computers. A cyberattack is often the first step an attacker takes in gaining unauthorized access to individual or business computers or networks before carrying out a data breach.

The goal of a cyberattack is either to disable the target computer and take it offline or gain access to the computer’s data and infiltrate connected networks and systems. Cyberattacks also differ broadly in their sophistication, with cyber criminals launching both random and targeted attacks on businesses. Attackers deploy a wide range of methods to begin a cyberattack, such as denial of service, malware, phishing, and ransomware.

A recent example is CMA CGM, one of the largest container shipping companies in the world. The firm suffered a cyberattack that originally targeted its servers, which then led to a data breach. The September 2020 attack occurred as malware was used to target the firm’s peripheral servers, which led to CMA CGM taking down access to its online services.

Cyberattack News: How Often Do Cyberattacks Occur?

Cyber crime now occurs on a frequent basis, causing damage to individuals and businesses of all sizes. According to a research report from Risk Based Security, in the first six months of 2019 alone, approximately 4.1 billion records were exposed because of cyberattacks. This represented a 54% increase in reported breaches and a 52% rise in the number of records exposed. 

Types of Cyberattacks

Cyber criminals use a range of methods and techniques to gain unauthorized access to computers, data, and networks and steal sensitive information. Some of the most common types of cyberattacks are listed and expanded upon below.

Malware

Malware is malicious software designed to cause damage to computers, networks, and servers. There are different forms of malware, including Trojans, viruses, and worms, and they all reproduce and spread through a computer or network. This allows the hacker to gain deeper access into the target network to steal data, cause damage to devices, render networks inoperable, or take control of systems.

Phishing

A phishing attack tricks a target into downloading malware or entering sensitive information into spoofed websites. These cyberattack methods are typically launched via email, with the attacker creating messages that look legitimate and may appear to be from a trusted sender. However, they will contain malware within an attachment or a malicious hyperlink that takes the recipient to a fake website that asks them to enter their login credentials or banking details. 

Some phishing attacks take a blanket approach to try and catch as many victims as possible, but others are highly targeted and carefully researched to steal data from valuable individuals. Phishing is not restricted to email, however, as attacks are increasingly targeting mobile devices.

Ransomware

Ransomware attacks are a financially fueled form of malware attack. Attackers send messages containing a malicious attachment that, when downloaded, encrypts specific data and files or entire computers. The attacker will then demand a ransom fee from the victim and will only release or restore access to the data upon payment. 

Ransomware attacks accounted for $8 billion of damage in 2018, of which only $1 billion came from ransom payments, and the rest was from reputational damage and lost revenue caused by downtime.

Denial of Service

A denial-of-service (DoS) attack is designed to prevent online services from working efficiently, also known as a brute-force attack. It is typically caused by an attacker flooding a website with huge amounts of traffic or requests, in an attempt to overwhelm its systems and take them offline. A more advanced DoS form is a distributed denial-of-service (DDoS) attack, through which an attacker takes control of several computers to overload its target.

Man in the Middle (MITM)

MITM attacks enable a malicious actor to position themselves between the target victim and an online service the user accesses. An example of this is an attacker creating a spoofed, free-to-access Wi-Fi network. When the user connects to or signs in to the network, the attacker can steal the login credentials and data they use while on it.

Cryptojacking

A cryptojacking attack occurs when a bad actor takes control of a computer, mobile device, or server to mine for online currency or cryptocurrency. The attack either begins with malware being installed on a computer or by running code in JavaScript to infiltrate the user’s browser. 

Cryptojacking is financially motivated, and the method is designed to remain hidden from the target while using their computing resources to mine cryptocurrency. Often, the only sign of cryptojacking is a loss or reduction in computer performance or overactive cooling fans.

SQL Injection

Attackers use Structured Query Language (SQL) injection to exploit vulnerabilities and seize control of a database. Many websites and web applications store data in SQL and use it to share user data with databases. If an attacker spots a vulnerability in a webpage, they can perform an SQL injection to discover user credentials and mount a cyberattack. 

In some cases, they may be able to alter and add data within a database, delete records, transfer money, and even attack internal networks.

Zero-day Exploits

Zero-day attacks target vulnerabilities in software code that businesses have not yet discovered, and as a result, have not been able to fix or patch. Once an attacker spots a code vulnerability, they create an exploit that enables them to infiltrate the business before it realizes there is a problem. They are then free to collect data, steal user credentials, and enhance their access rights within an organization. 

Attackers can often remain active within business systems without being noticed for months and even years. Zero-day vulnerability exploit techniques are commonly available on the dark web, often for purchase by government agencies to use for hacking purposes.

DNS Tunneling

DNS tunneling is a cyberattack method that targets the Domain Name System (DNS), a protocol that translates web addresses into Internet Protocol (IP) addresses. The DNS is widely trusted, and because it is not intended for transferring data, it is often not monitored for malicious activity. This makes it an effective target to launch cyberattacks against corporate networks. 

One such method is DNS tunneling, which exploits the DNS to tunnel malicious data and malware. It begins with an attacker registering a domain with the name server pointing to the attacker’s server, which has a tunneling malware program installed on it. The attacker infiltrates a computer and is free to send DNS requests through their server, which establishes a tunnel they can use to steal data and other malicious activity.

Why Do People Launch Cyberattacks?

There are many reasons behind the launch of cyberattacks, from financial profit and business intelligence to cyber war and political gain. 

  1. Financial gain: The main reason that people launch cyberattacks is for financial gain. Cyberattacks are typically cheap to create, build, and launch, but offer huge rewards. For example, the average cost of a data breach is a huge $3.86 million, according to a Ponemon Institute and IBM report
  2. Business intelligence: Some cyberattacks are more business-motivated, with attackers using techniques like phishing to steal user credentials, infiltrate business networks, and access sensitive business information. More targeted attacks like whaling, which target senior executives and high-profile individuals, require vast amounts of research and planning, with the aim to steal highly sensitive data and potentially hold a business to ransom.
  3. State-sponsored attacks: Cyberattacks are also launched for political reasons, and many cyberattacks have been traced back to hackers working for nation-states. These include a Russian attack against the Ukrainian power grid in 2016 and the Iranian state-sponsored cyberattack group APT33. Nation-state-sponsored attacks have created a growing cyber war, which has seen the White House Military Office’s email system attacked by groups suspected of being backed by China. 
  4. Hacktivism: Other cyberattacks are launched to raise political awareness, also known as hacktivism. Famous hacktivists, such as Anonymous and WikiLeaks, launch attacks against governments and large organizations to build awareness of various political issues, internet regulation and censorship, and government control.
  5. Personal reasons: Some cyberattacks are launched for personal reasons, usually by disgruntled or former employees. These individuals will steal sensitive data and sell it for profit or to damage an organization they feel treated them unfairly.
  6. White-hat hackers: A hacker may also launch a cyberattack for the thrill of it—or the intellectual challenge of gaining unauthorized access to a network. These attackers often do not have bad intentions but can cause damage to business systems. Other so-called white-hat hackers do it for good purposes and to help organizations improve their security defenses.
  7. Ease of data access: A key reason why hackers carry out cyberattacks is that data is readily available and easy for them to steal and profit from. For example, 38% of users have passwords that never expire, 61% of organizations have more than 500 users with passwords that will not expire, and 50% of business user accounts are stale or inactive, according to a Varonis data risk report.

How Fortinet Can Help

It is vital that businesses do everything they can to keep their data, network, systems, and users safe from the threat of cyberattacks. This is reliant on keeping software up to date, using secure processes like encryption and multi-factor authentication (MFA), and securing their wireless networks. 

It is also imperative for users to practice cybersecurity best practices, such as strong password and passwordless authentication, and for organizations to provide regular training on the threats that employees face. Organizations must also consider deploying sophisticated cybersecurity solutions that proactively protect businesses from both known threats and new, emerging cyberattack risks.

The Fortinet FortiGate next-generation firewall (NGFW) protects organizations from advanced cyberattack methods and adapts to keep them secure as the cyber threat landscape evolves. FortiGate enables businesses to identify attacks, discover malware, and block them before they pose a threat. Discover your organization’s cyberattack risk and potential vulnerabilities by completing the Fortinet cyber threat assessment.