A cyber attack (or cyberattack) is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to a computer system, infrastructure, network, or any other smart device. In some cases, cyber attacks can be part of a nation-states cyber warfare or cyber terrorism efforts, while other cybercrimes can be employed by individuals, activist groups, societies or organizations.
Strong organizational wide cyber security controls are now more important than ever.
A cybercriminal may steal, alter, or destroy a specified target by hacking into a susceptible system. Cyber threats can range in sophistication from installing malicious software like malware or a ransomware attack (such as WannaCry) on a small business to attempting to take down critical infrastructure like a local government or government agency like the FBI or Department of Homeland Security. One common byproduct of a cyber attack is a data breach, where personal data or other sensitive information is exposed.
As more organizations bring their most important data online, there is a growing need for information security professionals who understand how to use information risk management to reduce their cyber security risk. This paired with the increasing use and regulatory focus on outsourcing means that vendor risk management and third-party risk management frameworks are more important than ever.
Table of contents
- Passive vs active cyber attacks
- Inside vs outside cyber attacks
- What do cyber attacks target?
- What is a cyber threat?
- How to detect cyber attacks
- How cyber attacks impact your business
- How to protect your business against cyber attacks
- What nation states participate in cyber attacks?
- How UpGuard can protect your organization from cyber attacks
Cyber attack can be passive or active:
- Passive cyber attack: attempts to gain access or make use of information from the system but does not affect system resources like typosquatting.
- Active cyber attack: attempts to alter a system or affect an operation.
Passive cyber threats:
- Computer surveillance
- Network surveillance
- Fiber tapping
- Port scanning
- Idle scanning
- Keystroke logging
- Data scraping
Active cyber attacks include:
- Denial-of-service attacks (DoS)
- Ping flooding
- Ping of death
- Smurf attacks
- Buffer overflows
- Heap overflows
- Stack overflows
- Format string attacks
- Direct access attacks
- Social engineering
- Privilege escalation
- Trojan horses
- Malicious code
- SQL injection
- Zero-day exploit
Cyber attacks can come from inside or outside of your organization:
- Inside cyber attack: Initiated from inside an organization's security perimeter, such as a person who has authorized access to sensitive data that steals it
- Outside cyber attack: Initiated from outside the security perimeter, such as a distributed-denial-of-service attack (DDoS attack) powered by a botnet.
Cyber attacks target a resource (physical or logical) which has one or more vulnerabilities that can be exploited by a cybercriminal. As a result of the attack, the confidentiality, integrity or availability of the resource may be compromised.
In some cyber attacks, the damage, data exposure or control of resources may extend beyond the one initially identified as vulnerable, including gaining access to an organization's Wi-Fi network, social media, operating systems or sensitive information like credit card numbers.
Confidentiality, integrity and availability are known as the CIA triad and are the basis of information security.
When you are thinking about how passive and active cyber attacks affect the CIA triad, a good rule of thumb is:
- Passive cyber attacks compromise confidentiality
- Active cyber attacks compromise integrity and availability
There are six common infrastructure cyber attack targets:
- Control systems: Control systems that activate and monitor industrial or mechanical controls such as controlling valves and gates on physical infrastructure.
- Energy: Cyber criminals may target electric grids or natural gas lines that power cities, regions or households.
- Finance: Financial infrastructure is often the target of cybercrime due to the increasing interconnectivity of computer systems and financial systems.
- Telecommunications: Denial-of-service (DoS) attacks often target telecommunications that runs through the Internet reducing the ability to communicate.
- Transportation: Successful cyber attacks on transportation infrastructure has a similar effect to telecommunications attacks, impacting the schedule and accessibility of transport.
- Water: Water infrastructure is often controlled by computers making it a big target for cybercriminals and one of the most hazardous if compromised. Sewer systems can also be compromised.
A cyber threat is the potential for violation of cyber security that exists when there is a circumstance, capability, action or event that could cause a data breach or any other type of unauthorized access.
Any vulnerability that can be exploited is a cyber threat. Cyber threats can come in both intentional and accidental ways:
- Intentional cyber threat: An example is a cyber criminal installing the WannaCry ransomware attack, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.
- Accidental cyber threats: Poorly configured S3 bucket security leading to a big data breach. Check your Amazon S3 security or someone else will.
This is why understanding the difference between cyber security and information security, as well as how to perform a cyber security risk assessment is more important than ever. Your organization needs to have a set of policies and procedures to manage your information security in accordance with risk management principles and have countermeasures to protect financial, legal, regulatory and reputational concerns.
Should a cyber attack lead to a security incident, your organization should have steps to detect, classify, manage and communicate it to customers where applicable. The first logical step is to develop an incident response plan and eventually a cyber security team.
To detect cyber attacks, a number of countermeasures can be set up at organizational, procedural and technical levels.
Examples of organizational, procedural and technical countermeasures are as follows:
- Organizational countermeasure: providing cyber security training to all levels of your organization.
- Procedural countermeasure: sending out vendor assessment questionnaires to all third-party vendors.
- Technical countermeasure: installing antivirus, antimalware, anti spyware software and network intrusion detection systems (NIDS) on all computers and continuously monitoring your vendors and your organization for data leaks.
Successful cyber attacks can lead to a loss of sensitive customer data including personal information and credit card numbers. This gives cyber criminals the ability to sell their personal details on the dark web, demand ransom, or harass your customers.
Not to mention the huge regulatory, financial, legal and most importantly reputational impact of breaches. Hackers can also use personal information for impersonation or identity theft.
For instance, they may use your customer's name to buy illegal products or gain access to more personal information like credit card numbers.
Cyber attacks can also disrupt your key business activities DDoS attacks have the power to completely shut down your website. Even if you're a large business you're not necessarily protected. In 2016, DDoS attacks took down PayPal and Twitter.
Researchers at the University of Kent, identified at least 57 negative impacts from cyber attacks ranging from threats to life, causing depression, regulatory fines and disrupting daily activities. Overall the researchers group the negative impacts into five key areas:
The paper titled A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate can be found in the Journal of Cybersecurity (Oxford University Press).
Protecting your business against cyber attacks can take different forms. From creating strong passwords to using sophisticated cyber security software, the list is long.
Here are four good places to start protecting your business against cyber attacks:
- Enforce strong security practices: Ensure every level of your organization uses strong passwords and password managers to reduce the threat of a leaked or cracked password resulting in unauthorized access. Further, educate your employees about phishing scams and not downloading email attachments from unknown senders. Read our password security checklist for more information.
- Back up and ensure there is an audit trail for important business information: With a secure backup and audit trail for all key business information, you won't know whether there has been a data breach or unauthorized access or changes to your data
- Encrypt all business data and customer information: Ensure all business and customer data is strongly encrypted, so if it is exposed there is less chance cyber criminals will be able to access customer information or trade secrets.
- Use sophisticated cyber security software: Antivirus and antimalware software is important but is often not sufficient. Your organization needs to be continuously monitoring for data exposures and sending automated vendor security questionnaires out.
Many nation states actors are committing cyber attacks against one another including the United States, United Kingdom, Ukraine, North Korea and Russia. That said, China and the US have the two most sophisticated cyber warfare capabilities. Outside of nation states there are also non-nation states entities that perform cyber terrorism to shutdown critical national infrastructure like energy, transportation and government operations or to coerce and intimidate the government or civilian population. This is part of the reason why China and the United States have invested heavily in cyber warfare programs.
The People's Liberation Army (PLA) has a cyber warfare strategy called "Integrated Network Electronic Warfare" that guides computer network operations and cyber warfare tools. The strategy links network warfare tools and electronic warfare weapons against an opponent's information systems during conflict.
The PLA believe that seizing control of an opponent's information flow and establishing information dominance is fundamental to warfare success. By focusing on attacking infrastructure to disrupt transmission and information processing gives the PLA cyber dominance over their enemies. The PLA may use electronic jammers, electronic deception and suppression techniques to achieve interruption.
They may also use more traditional techniques like viruses or hacking techniques to sabotage information processes. The key focal point is to weaken the enemy's cyber abilities to maximize the physical offensive.
The United States focuses on security plans in response to cyber warfare, acting in defense rather than attacking. The responsibility for cyber security is divided between the Department of Homeland Security (Homeland Security), the Federal Bureau of Investigation (FBI) and the Department of Defense (DOD)
Recently Cyber Command was formed as a dedicated department to tend to cyber threats to ensure the President can navigate and control information systems via the Internet. Cyber Command is a military subcommand under US Strategic Command and is responsible for protecting military cyber infrastructure. Cyber Command is made up of Army Forces Cyber Command, Twenty-fourth Air Force, Fleet Cyber Command and Marine Forces Cyber Command.
Both state and non-state actors target the United States in cyber warfare, cyber espionage and other cyber attacks, so Cyber Command was designed to dissuade potential adversarial attacks by conducting cyber operations of its own.
UpGuard BreachSight's typesquatting module can reduce the cyber risks related to typosquatting, along with preventing breaches, avoiding regulatory fines and protecting your customer's trust through cyber security ratings and continuous exposure detection.
We can also help you continuously monitor, rate and send security questionnaires to your vendors to control third-party risk and improve your security posture, as well as automatically create an inventory, enforce policies, and detect unexpected changes to your IT infrastructure.