Cyber attacks are a common threat in the modern online landscape. In short, the goal of a cyber attack can be to destroy or steal data, bring down important systems or critical infrastructure, gain access to computer systems and steal money. The methods for carrying out a cyber attack span from inserting malicious code into an application or website, infecting the targeted device with malware or making the device a part of a larger network of devices used to carry out further cyber attacks. Whether you call them bad actors, cyber criminals or hackers, the individuals and groups behind cyber attacks can cause serious damage when successful. Cyber attacks are a common tool in warfare as well, so both individuals and larger targets, such as entire countries, should be prepared against them.
7 types of cyber attacks
It probably does not come as a surprise that there are many kinds of cyber attacks as cyber criminals try to use every trick in their toolbox. Next, we will look at a few common methods for carrying out a cyber attack. Unfortunately, the types of cyber attacks are not limited to just these.
DDoS (DoS and DDoS)
In a DDoS attack, the aim is to take down the target, such as a server, by bombing it with a large number of requests. As a consequence, the targeted service is not available or becomes difficult to use.
XSS attacks
Cross-site scripting, or XSS in short, means that hackers insert malicious code into a web application, using a vulnerability they have discovered. XSS attacks are a way for cyber criminals to steal sensitive data and spread malware.
Trojans
Trojans are a way for cyber criminals to sneak in malicious software inside files, such as attachments in an email. Once a Trojan is inside the victim’s device it can steal data and bring other viruses with it.
Zero-day attacks
Zero-day vulnerabilities refer to holes in a software’s protection that have not yet been fixed. When these vulnerabilities are not patched, cyber criminals may exploit them in what has become to be known as a zero-day attack, or zero-day exploit.
Phishing
The goal of phishing is to trick the victim to reveal their private information, such as passwords and online banking credentials. Phishing attacks are carried out using malicious links and malware disguised as email attachments.
Ransomware
Ransomware attacks are used to lock infected devices and encrypt files. To regain access to them, the victim has to pay a ransom, usually using a cryptocurrency such as Bitcoin.
Man-in-the-middle attacks
Man-in-the-middle attacks involve an attacker inserting themselves into a connection between two parties and impersonating the other person or application. By hijacking the connection, the attacker can steal sensitive information or direct the victim to malicious sites.
Goals of cyber attacks
The motives behind cyber attacks vary and depend a lot on who is behind the attack. Here are a few common reasons why nations and criminals may carry out a cyber attack.
Monetary gain
Not surprisingly, many cyber criminals are after money. A common way to steal money as a consequence of a cyber attack is by utilizing ransomware. Ransomware is a type of malware that can encrypt devices, making them impossible to use, or lock files. The victim regains control of their device or data only after they pay a ransom — or that’s what the criminals tell their victims. The ransom is often paid with a cryptocurrency, such as bitcoin.
Political goals
Hackers with a political agenda, or hacktivists, can carry out cyber attacks to get their point across. As the presidential elections of 2016 in the United States showed, cyber attacks and the use of disinformation can be used to influence elections and sway voters’ political opinions.
Espionage and stealing sensitive data
A cyber attack can be carried out to gain individuals’ personal information or other sensitive data. For example, a company may try to steal its competitors’ business secrets to get an upper hand against their rivals. Spyware, which is malware used to spy on the infected device, is a way for hackers to steal information, such as financial information and passwords, as well as to conduct espionage.
How cyber attacks affect individuals
As mentioned, even individuals are not safe from the threat posed by cyber attacks. In addition to the many types of cyber attacks that are used against normal people, they can cause all sorts of harm. These include:
loss of personal information, such as passwords
stolen personal files, such as pictures and text documents
identity theft
financial losses
spreading of confidential data
feelings of insecurity and anxiety
defamation and loss of reputation
doxing (distribution of personal information online)
Cyber attacks are also used in modern warfare
In addition to attacks carried out by organized groups of cyber criminals, state-sponsored cyber attacks are a common threat in today’s digital environment. These state-sponsored cyber attacks can target other states, their critical infrastructure and large companies. Cyber attacks are also commonly used in modern warfare to disrupt communications, gain intel through espionage and spread misinformation. The term cyber warfare is also used.
The methods used by state-sponsored attackers include many of the same as used by individual cyber attackers and groups of cyber criminals. However, when a cyber attack is backed up by a nation-state and used in the context of war, the resources for carrying out the attack are much greater. The motivations behind state-sponsored cyber attacks are often political in nature or there is military interest behind the attack.
Countries known for engaging in cyber warfare include China, North Korea and Russia, just to name a few. For example, the Russian government has been suspected of being responsible for the NotPetya malware. Some notable targets of Russian cyber attacks include the United Kingdom, United States and Ukraine. Meanwhile, North Korea is known for funding its exploits with cyber attacks where the goal has been to obtain Bitcoins.
Many countries are guilty of cyber warfare, including the United States. For example, the United States is the home of Stuxnet, malicious software used against nuclear facilities in Iran. Unfortunately, it is often difficult to prove that a state has been behind a cyber attack, as opposed to a rogue hacker or a group of cyber criminals.