Hello, potential victims 🙂
Why am I addressing you like that?
Nothing more than some dark humor on my part. Kinda.
If you’re on the internet – and seeing you here tells me that you are already online – you can be a target. Keep reading to find out how to protect yourself. (It’s easy, I promise!)
The topic of the day is “What is a cyberattack?”. You may think you are aware of what lurks online, but I can assure you most of us have no actual idea how other people and the malware they’ve created can affect us, our machines or our company.
That’s exactly why TechJury exists. To help you be prepared, to help you see what the majority can’t, and most of all – to be sufficiently informed about how the Web works.
Let’s start with some numbers to illustrate the damage cyber security attacks can cause, so we can get this show on the road.
- There is a hacker attack in the US every 39 seconds.
- More than 4,000 ransomware attacks occur every day.
- On average, 23.69% of internet user computers worldwide experienced at least one malware-class attack.
- 91% of the cyber attacks that took place in 2017 began with a phishing email.
- The average cost of lost/stolen records per individual is $141
- Damage related to cyber crime is projected to hit $6 trillion annually by 2021
- Over 75% of the healthcare industry has been infected with malware over the last year
- More than half of China’s computers are infected with malware. (57.24%)
What We Have On This Page
So What Is a Cyberattack, Exactly?
In short, the term “cyber attack” applies for any situation where a hacker, or a group, attempts to compromise a computer system, network or device with the intention of causing harm.
These attacks target anything from governments and companies to everyday online users. They vary in nature and have different ways of inflicting harm.
We can separate them into two major categories:
- Attacks that aim to cripple a system, or eventually to knock it out.
- Attacks for gaining access to a system and/or its data.
These two categories are divided into several types of cyber attacks, and we will examine them in detail in the next section.
The attacks we will discuss are probably the biggest threat to mankind right now. Even more than nuclear weapons, as Warren Buffet pointed out.
This is all the more reason to delve a little deeper and see the reasons behind such harmful activities. I will explain why attacks happen, who executes them, and who their victims are.
1. “Money, Money, Money”
(Just like the Swedish pop group ABBA sang more than four decades ago.)
It’s the number one reason that motivates hackers to invent new ways to access a system. The numbers are, as you might expect, mind-blowing!
Cyber security attacks will cost the world economy up to $6 trillion in 2021, while the damage in 2015 was “only” $3 trillion.
Now, this is the total amount of money we will all spend one way or another for improving security. This includes hiring experts and covering the losses, suffered from companies and individuals. In that case, how much do cybercriminals actually earn?
Cybercrime generates $1.5 billion in profits, while individual cybercriminals earn up to $521 000 annually. And where do you think most hackers originate from? Care to guess? And the winner is.. China!
The P.R.C. is the home of cybercriminals, responsible for nearly 41% of all network attacks. Compare the income level we just mentioned to China’s minimum wage of $161.07-$348.02 (different for every province) and you can see how the lifestyle, which hacking provides, could be pretty tempting.
Here is how much each type of attacks contributes to the $1.5 billion in profits:
2. Political or Social Motivation
Internet activists, also known as hacktivists, use technology to further a political agenda or a social change. This may seem innocent in an ideological sense. However, most hacktivists look for and steal information that can harm their intended victim/s, or stop the normal functioning of their target organization.
The latter happens by performing a DoS attack (Denial-of-Service, see below for details), which could qualify as one of the major cyber attacks. A good example of a DoS attack is when in 2007 Estonia was hit by massive waves of traffic, aimed at different institutions. The result was the crashing of online banking services, media, and government bodies. This attack was also considered an example of cyber-warfare. Often hacktivists are hired to perform such attacks, using botnet armies in order to reach certain goals.
3. For the Intellectual Challenge
Most hackers, when asked, claim this is reason #1 for hacking. As you might expect, not all of these hackers actually break the law.
With that said, being able to execute different types of cyber security attacks and outsmart billion-dollar-corporations and governments might be more profitable on the wrong side of the law, for those who care about that sort of thing.
These are the three main motivators behind every cyber attack. We’ve covered the “Why”. Now let’s take a peek at the “Who”.
Right, so Who Are the People Behind These Attacks?
We’ve all seen hacker movies like “Hackers”, “Swordfish”, and “Blackhat”. They help paint the image of the hacker as a lone male with a dark hoodie.
You might already suspect this, but Hollywood largely romanticizes the hacker lifestyle for profit. This description actually fits only a small percentage of hackers. On the contrary, the main players behind major cyber attacks are :
- Organized criminals – The modern large-scale cybercrime organization looks more like a corporation than a few hoodied individuals in a basement. Like drug cartels, they are very agile and often more organized than the security experts trying to stop them. They are responsible for 50% of all breaches in 2018
- Insiders– Over a quarter of data breaches (28%) involve insider help. These are employees of a business or government administration. It could happen unwillingly, even by installing infected malware from an email, thus allowing the cybercriminal to gain access to the network.
- Nation-states – The Nation State Actors know exactly what they’re doing. Without danger of legal prosecution and with huge resources at their disposal, they can cause mayhem overseas or can be hired for espionage or propaganda. State-affiliated actors are responsible for 12% of data breaches.
- Hacktivists – These guys and girls are a special breed of hackers. They are motivated by ideology and they hack for a cause. One of the most famous groups of hacktivists is “Anonymous”.
- Criminals – Not everyone is a team player. Most common cyber attacks are executed by a single person. Statistics show this is most often a young white male.
Who Are the Most Common Victims of Cyber Attacks?
In general, it could be anyone – individuals, companies or government institutions.
The sky is the limit for hackers. In the UK alone almost half of the businesses (43%) and 19% of the charity organizations suffered a cyber attack in the last 12 months. The percentage rises to 72 among large-sized businesses.
To make this easier to process, here is a chart that shows you the most common targets of cyber crimes:
Individuals account for 30% of all attacks, despite the fact that any spoils from such attack would be miniscule in comparison. Still, this can easily be explained by the facts that 1) it is easier to hack a person than a company and 2) the aftermath of such attacks is way less harsh than if a hacker gets caught messing with an organization or a government body.
Types of Cyber Attacks
I already mentioned the two major intentions of cyber attacks. 1) to cripple or destroy a system or 2) to take control of it and/or its data. Now we will divide them into their more specific categories. Then we’ll take a look at how exactly each type of attack is conducted. We will also consider the measures you can take to protect yourself and/or your business. Without further ado, let me introduce you to the different types of cyber attacks:
What is it?
Short for malicious software, malware is the main weapon of cyber attacks. It is designed to damage a system. Viruses, worms, trojans, and adware are all examples of malware, which you could see in our infographic. They are capable of rendering the computer or network inoperable or granting access to the attacker.
How is it delivered?
In the past malware was delivered manually to the system via a floppy disk or a CD. Nowadays 92% of malware is delivered by email.
How to protect your system from malware?
The best way to prevent malware-caused infection in your system is to avoid spam emails. Also helps if you use an antivirus program and keep it regularly updated. This will go a long way to make you immune to being infected by malware.
What is it?
Phishing attacks are typically delivered through email, posing as a request from a trusted source (your bank for example). They provide a link, leading to a fake site, often designed just like the real website. There, unsuspecting users would enter their personal information (like username and password), which at this point would be stolen. 56% of organizations identify phishing attacks as their biggest cybersecurity threat.
How is it delivered?
How to protect yourself from phishing?
Be sensible when reading your emails and browsing the web. Don’t open any attachments and links in emails that claim to come from trusted sources, unless you are 100% sure they’re legitimate. Another way to stay on the safe side is by using a password manager, which can determine the vulnerability of the pages you visit. Also, in order to avoid cyber threats, use the HTTPs protocol with sites that support it.
What is it?
This is malware used for locking users out of their computer and then keeps them from accessing their information until a “ransom” is paid. Typically the payment is made to an anonymous wallet via Bitcoin or another cryptocurrency. More than 4000 ransomware attacks occur every day, so be careful.
How is it delivered?
By clicking compromised links in email or social networks, or via drive-by downloads.
How to protect yourself?
The best way is to minimize the effects of such computer attacks taking place. Back up your files regularly and use the tips I gave you above. Also, it is advised never to pay the ransom if your computer is attacked.
Denial-of-Service (DoS) attack
What is it?
These attacks aim to disrupt a network by sending huge volumes of traffic and data until the network is flooded and stops functioning. Its subtype – Distributed-Denial-of-Service (DDoS) is created by an army of botnet computers that attack the servers with overwhelming packages of data. The biggest example of such a network attack is the attack on GitHub, which knocked off the site by sending 1.35 Tb of data per second at its peak, while the sites average traffic was about 100 Gb/s.
How to protect your website?
In general, it is very hard to stop a DDoS attack once it starts. Your ISP can help by blackholing the traffic intended for your website.
There are also other attacks, like „Man-in-the-middle“, also known as eavesdropping. In this case, the criminal places himself between you and the network you are connected to in order to steal data.
Another popular type of cyber attacks is called Cryptojacking – when an actor uses your devices’ resources to mine cryptocurrencies without you knowing it. It installs a hidden piece of malware on your machine to achieve this. Just as a heads up – most of the attacks happen via emails.
The Web is a tricky place to navigate. Considering how much we’re dependent on the internet, it’s likely that WWIII will be fought entirely online.
Thankfully not all hackers are bad. The so-called White Hat Hackers are the opposite of the criminal elements that are performing different types of cyber attacks.
Granted, if cybercrime was a country it would have the GDP of Russia. Still, the world is investing more and more into cybersecurity. The success rate of focused cyber attacks is only 17% now and keeps going down. And while this is still a concerning number, it’s an indication of the things to come.
Q: What Is a cyber attack tool?
A: Cybercriminals use a wide array of tools to help them in their work. The list includes web vulnerability scanners, password crackers, port scanners and so on. 90% of hackers also use some sort of encryption to cover their tracks. Blackhat hackers also create tools of their own.
Botnets are a prime example of such tech. Used mostly for DDoS attacks, botnets are essentially a network of infected systems, controlled by the criminal.
Luckily, white hat hackers use the same tools to improve security. More and more businesses and people are also becoming aware of these threats, which helps immensely as well.
Q: What is a disruptive cyber attack?
A: Disruptive attacks are deployed with the intent of disabling crucial business functions. Ransomware, Cryptojacking and DDoS attacks are perfect examples of a disruptive cyber attack. Especially DDoS attacks might be on the rise in the near future, considering the increase in IoT devices. These are almost tailor-made to become part of a hacker’s botnet thanks to their weak security.
Disruptive malware can have a long and lasting effect on businesses. Thankfully there are security platforms that can stop it dead in its tracks before it reaches its destination.
Q: What is cyber security?
A: Cyber security is the method of protecting programs, systems or networks from a cyber attack. It is a growing industry since cybercriminals are on the rise as well.
It costs a lot to be digitally safe, but it costs way more to be careless. The US government is going to spend $15 billion on cybersecurity alone in 2019.
There is an increasing hunger for cybersecurity specialists worldwide, and the companies are paying top dollar. Considering your next job?
Hopefully, at this point, you have the basic idea of what a cyber attack is, and how to deal with one, if need be. Just before I say goodbye, just to lighten up the mood after all this talk about cyber attacks – here is an interesting fact:
Hackers stole 10 GB of data from an American casino. They gained access to the casino’s network via … a FISH TANK! The casino’s newly acquired attraction was apparently connected to a PC to monitor water cleanliness and temperature. With no security, it became an easy target for criminals, who used it as a gateway to the casino’s entire network. Pretty original, huh?