A cyber attack is any type of offensive maneuver that targets computer information systems, infrastructures, computer networks, or personal computer devices. Depending on context, cyber attacks can be part of cyberwarfare or cyberterrorism. A cyber attack can be employed by nation-states, individuals, groups, society or organizations. A cyber attack may originate from an anonymous source.
In computers and computer networks, a cyber attack is an attempt to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use of an asset. A cyberattack may steal, alter, or destroy a specified target by hacking into a susceptible system. Cyber attacks can range from installing spyware on a personal computer to attempting to destroy the infrastructure of entire nations. Legal experts are seeking to limit the use of the term to incidents causing physical damage, distinguishing it from the more routine data breaches and broader hacking activities.
The Most Common types of Cyber Attacks
The success of a spear phishing attack is dependent on an end user clicking on a link embedded in a crafty email. Unfortunately, the unlimited nature of human creativity together with Social Engineering have strengthened the odds that at least one target in a phishing attack will click on that security compromising link.
For over a decade, SQL Injection has been one of the most common application layer attack techniques. It takes advantage of public-facing applications that respond to user-supplied data. By inserting customized queries attackers can bypass security measures and cause the applications to take malicious actions.
DDOS (Distributed Denial-of-service)
DDoS attacks are able to incapacitate an online service or website by overwhelming it with activity from hundreds or thousands of computers participating in a botnet.
Privileged account management
A common precursor to many security attacks is the theft of credentials or an escalation of permissions. Gaining access to privileged accounts is the key to accessing valuable data contained in file shares or databases.
Web applications: XSS
Many Web applications contain vulnerabilities that allow attackers to use Cross Site Scripting (XSS) to misrepresent a website. As a result, attackers are often able to get victims who interact with these illegitimate web pages to unwittingly click on a malicious script or capture login credentials.
Most people are never aware of their participation in a botnet Army since the impact on an individual system is minimal. However, when hundreds of these unobtrusive Bots are instructed to forward transmissions to a single Web application, they can represent a serious security threat.
Deadly effects of cyber attacks
The researchers, from Kent's School of Computing and the Department of Computer Science at the University of Oxford, set out to define and codify the different ways in which the various cyber-incidents being witnessed today can have negative outcomes. They also considered how these outcomes. Overall the researchers identified five key themes can be classified as Physical/Digital, Economic, Psychological, Reputational, and Social/societal.
Each category contains specific outcomes that underline the serious impact cyber-attacks can have.
Under the Physical/Digital category, there is the loss of life or damage to infrastructure, while the Economic category lists impacts such as a fall in stock price, regulatory fines or reduced profits as a possibility.
In the Psychological theme, impacts such as individuals being left depressed, embarrassed, ashamed or confused are listed, while Reputational impacts can include a loss of key staff, damaged relationships with customers and intense media scrutiny.
Finally, on a Social/Societal level, there is a risk of disruption to daily life such as an impact on key services, a negative perception of technology or a drop in internal morale in organizations affected by a high-level incident.
Future of cyber attacks
Cyber attacks have become increasingly sophisticated and dangerous.
Since the late 1980s cyber attacks have evolved several times to use innovations in information technology as vectors for committing cyber crimes. In recent years, the scale and robustness of cyber attacks has increased rapidly, as observed by the World Economic Forum in its 2018 report: "Offensive cyber capabilities are developing more rapidly than our ability to deal with hostile incidents."
NATO recently recognized cyberspace as a military operational domain. NATO’s main cyber efforts, however, remain focused on the military defense of the organization itself. While recognizing the importance of civilian networks and the risks they face, NATO lacks the legal or policy levers to address these questions directly.
A study from teams at the University of Oxford and University of Cambridge warned that AI could be used as a tool to hack into drones and autonomous vehicles and turn them into potential weapons.
Guy Caspi, CEO of cybersecurity startup Deep Instinct, said, “Such attacks, which seem like science fiction today, might become reality in the next few years.”
Caspi also said, “Autonomous cars like Google’s (Waymo) are already using deep learning, can already raid obstacles in the real world. So, raiding traditional anti-malware system in the cyber domain is possible.”
Another study, by U.S. cybersecurity software giant Symantec, said that 978 million people across 20 countries were affected by cybercrime in the previous years. As a result, victims of cybercrime lost a total of $172 billion - an average of $142 per person.
The fear for many is that AI will bring with it the dawn of new forms of cyber breaches that bypass traditional means of countering attacks.
User behavior analytics and SIEM can be used to help prevent these attacks. Data must be protected and enforced by technology itself, not just by cyber or regulation. The very technology compromising our privacy must itself be leveraged to bring real privacy to this data-driven age.
Stock photo from PabloLagarto