Last updated May 2023
The world’s consumers are going digital. So, unfortunately, are criminals. Experts says cybercrime could cost the global economy $23.84 trillion by 2027. How can we fight back? Information helps. So here is a breakdown of the main forms of cyberattack…
Back in 1988, when the Internet was just a collection of networked computers based mostly in universities, a student named Robert Tappan Morris had a question: exactly how many computers were connected?
He wrote a simple program to get the answer. It would travel across the network and simply ask each machine to send a signal back. Unfortunately, it worked too well. As the program copied itself and sent more messages, it clogged up the entire network. It disabled tens of thousands of systems – and cost hundreds of thousands of dollars to fix.
Without planning it, Morris had launched what is now called a distributed denial of service. Some believe the 'Morris worm' to be the world's first cyberattack.
Regrettably, it was not the last. Today, cybercrime is everywhere. We can define a cyberattack as "the process of attempting to steal data or gain unauthorized access to computers and networks. A cyberattack is often the first step an attacker takes in gaining unauthorized access to individual or business computers or networks before carrying out a data breach."
And the impact of cybercrime is growing every year. One report estimates its global cost at $8.44 trillion in 2022, but rising to $23.84 trillion by 2027.
How can we characterise these costs? Here are some:
- Damage and destruction of data
- Stolen money
- Ransom payments
- Lost productivity
- Theft of intellectual propertyTheft of personal and financial data
- Post-attack business disruption
- Investigation costs
- Restoration and deletion of hacked data and systems
- Reputational harm
As the above estimate suggests, this kind of crime can be extremely lucrative. Also, the criminals’ point of view, it is quite low risk. It is obviously much safer to sit behind a laptop and plan attacks than it is to rob a bank or burgle a house.
Today, 35 years after the Morris worm, there is much more to cybercrime than the distributed denial of service. In fact, there are hundreds of different methods of attack. Some target end users directly and use various (often social engineering) techniques to trick the target into exposing sensitive information. Other types of cybercrime target organisations, and use a range of technical methods to steal data.
Let's explore the main types of cyberattack:
This might be the most familiar form of cyberattack. In a phishing attack, the fraudsters sends messages (via email or text etc) that seem to be from a legitimate source. The aim is to encourage the target to send back sensitive data, click on a fake link, download malware etc. Phishing is extremely common and is evolving all the time. Attackers can choose their 'trusted source' depending on what is current: package deliveries, hospital results, COVID tests etc.
This is a more targeted form of phishing in which the target is a single individual. Here, the attacker does research in order to write convincing and personalised messages. For example, the message might come from a modified email that appears to be from a colleague. When the target is a senior member of a large organisation, this is called 'whale phishing'. In these attacks, the fraudster will trick the target into either giving up sensitive information, transferring money or paying a ransom. The latter often works because of embarrassment and/or fear of reputation damage.
The name speaks for itself. In a “man in the middle” attack, the attacker inserts him or herself between two parties trying to communicate. The two parties could, for example, be a consumer and a payment provider. They don't sense anything is wrong. But in the background the attacker is reading or even modifying the instructions passing between the two.
Demanding a ransom from a cyber victim is a common technique. With ransomware, the methodology is quite specific. It involves the victim downloading a particular type of malware, which encrypts/disables the organisation's workstations. The attacker then charges a ransom in return for instructions on how to deactivate the malware.
A pharming attack happens when a criminal hijacks the DNS (domain name system) server of a website. This means that when a user types in the URL, he or she is redirected to an imposter site that looks like the real thing. Once there, the user will enter their details, which the attacker intercepts.
Brute force attack
The ultimate aim of most cyberattacks is to acquire access information. Attackers have developed many stealthy ways to do this. But sometimes they don't need to be clever. They just use brute force. This is most common with passwords, where an attacker will use a program to try millions of different combinations. When they get it right, they are in.
Several of the attack methods described above can involve forms of malware. Malware is short for malicious software. It describes a type of computer program the user downloads without knowing. Once installed, it either changes how a computer functions, deletes data or spies on the user/network. Some malware programs can also replicate themselves across multiple workstations.
Types of malware include:
- Trojan horse – a malicious program hidden inside a legitimate one
- Spyware – hides on the device to monitor activity and steal sensitive information
- Adware – displays unwanted and sometimes malicious advertising
- Worm – a standalone program that replicates itself to infect other computers without requiring user action
- Viruses – a piece of code that will lie dormant until the infected host file or program is activated. It then replicates across the network
- XSS attacks – Cross-Site Scripting is a type of injection, in which malicious scripts are injected into trusted websites
- SQL injection – This method injects malicious code that modifies database information
Mobile attacks: smishing, vishing and caller ID spoofing
Widespread smartphone user has led fraudsters to develop specifically mobile related attacks. Vishing is done by voice. Here, the attacker uses a pre-recorded voice message to trick the target. Smishing uses a fake text (SMS) message from a trusted organisation. Meanwhile caller ID spoofing fakes the name and number that appear on the phone screen to fool the recipient into believing the call is legitimate. The desired action is usually to direct the target to a website and to enter personal information.
This form of mobile attack targets the 4 digit passcodes that companies use the authenticate their customers. The attacker will steal a phone and convince the mobile carrier to send a new SIM card. Now, as the 'legitimate' owner of the handset, the attacker can request a new code for (for example) a banking app installed on the device.
Distributed denial-of-service (DoS)
A DDoS attack floods a network with requests. The network then becomes overwhelmed and breaks down. A DDoS attack is a little different from most other types of attack because it does not enable the criminal to access sensitive data. Instead, the aim is either to create mischief, demand a ransom or make a disabled network more vulnerable to other types of attack.
Criminals often user bots to launch DDoS. Bots make it possible to control thousands of hijacked PCs (collectively called a botnet).
Interested to learn more? Carry on reading our Part 2 on ways to prevent from cyberattacks or the below related content:
The bad security habits you need to give up immediately
The dangers of public Wi-Fi
How strong are my passwords?
6 Tactics to Keep Your Email Secure