A cyberattack is an offensive act against computer systems, networks, or infrastructure. Cybercrimes are technology-enabled cyberattacks and are crimes executed for financial or other personal gain. Cybersecurity is the discipline and practice of preventing cyberattacks or reducing their impact.
Cybercriminals take the path of least resistance; they reach for the lowest hanging fruit. There are more and more entry points on computer systems and computer networks vulnerable to attack. There are more network endpoints and applications, more vulnerable business partners, more mobile devices and more connected devices including Internet of Things technologies.
Cybersecurity at many companies is understaffed and under-resourced. Companies are, thus, vulnerable to a capable adversary who has access to malware on the Dark Web (a difficult-to-access part of the Internet that is often used by criminals.)
Firewalls, anti-virus and intrusion prevention systems offer only a first line of defense against such threats. Other protection should include active measures such as security penetration testing where hired-gun White Hat hackers are paid to try to hack into your system and identify its vulnerabilities.
Threat Actors (the cyberattackers) include:
Cybercriminals: They are well organized and are trying to steal data to make money, often through credit card fraud or ransomware.
State Actors: They are primarily driven to destroy or disrupt company information or systems or to steal intellectual property and trade secrets for cyberespionage and economic reasons. Cyberespionage is the practice of stealing confidential information in order to covertly, unethically and/or illegally take unfair advantage of individuals, organizations or nations.
Hacktivists: They are politically motivated and want to wreak destruction on your organization, from data exposure to Denial of Service, in order to promote their own political or personal agendas.
Malicious Insider: That is generally a disgruntled employee who steals or destroys company information and may give it to a subsequent employer.
Accidental Insider: That is generally an employee who accidentally introduces risk due to poor security practices. The employee may inadvertently click on a suspicious emailed phishing link or attachment or leave a laptop unsecured and, thus, susceptible to theft.
Types of Attacks
Unauthorized Access: A hacker gains illicit access (remote or physical) to a network, system, application, database or other resource.
Denial of Service (DoS): An attack that successfully prevents or impairs the normal functioning of networks, systems or applications by using up all of its capability. Such an attack commonly uses thousands of devices accessing a site simultaneously and continually, leading to overload and inability to deliver web pages to legitimate users.
Malicious Code: Successful installation of malware (malicious software such as a virus, worm, or Trojan horse) that infects an operating system or application.
Improper Usage: A user violates the company’s acceptable computing-use policies.
Scans, Probes, Attempted Access: Activity that seeks to access or identify a computer, open ports, protocols, and/or service for a future attack.
The Stages of a Cyberattack by a Threat Actor
Reconnaissance: Research and selection of target companies and computer systems, including identification of vulnerabilities (exploits).
Weaponization: Use of remote access malware and exploits to create a deliverable payload.
Delivery: Distribution of the weapon payload to the target. Distribution may, for example, be the spread of an email phishing attachment.
Exploitation: Code is executed on the target’s computer network.
Installation: Malware is installed for current or future use on the target’s computer network.
Command and Control: Remote connection into the target’s computer network.
Actions: Using command and control of the installed malware to copy data, destroy data, or alter data, either immediately or in a future attack.