What Is a Cyber Attack?
A cyber attack is any attempt – successful or otherwise — by cybercriminals to access a cloud or computer network and system in order to steal data, cause disruption, expose data, or for financial gain.
When Was the First Cyber Attack?
The first known cyber attack happened long before the internet was invented, in 1834. Attackers stole financial market information by accessing the French Telegraph system. Since then, cyber attacks have evolved and now, there is a new cyber attack every minute.
What Are the Most Common Types of Cyber Attacks?
Phishing is a form of social engineering that uses fraudulent communication to trick a user into handing over credentials, valuable information, or access. Phishing most commonly occurs over email but can happen over the phone (called vishing) or via text (called smishing). Phishing continues to be a major attack vector because it continues to work — the human element involved in 82 percent of all breaches.
2. Vulnerability Exploit
Any software that isn’t updated can be exploited. Industry experts estimate that 60% of vulnerabilities remain unpatched. These kinds of vulnerabilities can exist in hardware, software, and within the cloud, and cyber criminals love to take advantage of them. Zero day attacks, where hackers use a previously unknown vulnerability to attack a system or network, are a common form of vulnerability exploits.
Security misconfigurations come from the failure to properly implement security controls on devices, networks, cloud applications, firewalls, and other systems. Misconfigurations can vary but are being taken advantage of more and more by cyber criminals. As the cloud becomes more common, cloud misconfigurations are being exposed as a major security issue that are turning into a common cyber attack vector.
4. Compromised Credentials
Almost half of all cyber attacks involve stolen or compromised credentials. In addition, it’s been estimated that billions of stolen credentials are available on the dark web—the result of both compromised databases and cyber attacks. Bad actors use these credentials to gain access to a network or system and conduct an attack. It’s becoming common that’s as part of ransomware-as-a-service, hackers can pay for compromised credentials in addition to the malware needed to conduct a ransomware attack
5. Supply Chain Vendors
Third-party attacks have been on the rise for years as organisations become digitised and more interconnected, relying more on vendors and third-party applications. Hackers gain access to a third party, and then attack all the clients attacked by that third party. That is exactly what happened with the SolarWinds attack of 2020. Unfortunately, many organisations lack detailed understanding of their third parties and the system access they have.
Ransomware is an attack where the bad actor holds a system, network, or specific assets for ransom. The most common kind of ransomware is the kind that makes data or files unreadable through encryption and requires a decryption key to restore access. Ransomware is not only skyrocketing in frequency, but ransoms and remediation costs are reaching an all-time high. There were 700 million ransomware attacks estimated in 2021. The use of ransomware-as-a-service and ransomware gangs has also increased as the attack vector proves financially lucrative. Learn more about ransomware.
7. Man-in-the-Middle Attacks
This high-tech form of eavesdropping involves a bad actor getting between you and the party to which you’re attempting to send your data or information. This kind of attack typically occurs when a user is connected to public or unprotected Wi-Fi — highlighting the importance of VPNs. Once a cyber criminal gains access to the user, they can deploy tools that will capture credentials, launch malware, or obstruct data.
8. Business Email Compromise (BEC)
This cyber attack is a kind of spear phishing attack that targets a user’s email with the hopes of financial gain. These attacks often target user’s high up within a company or with financial access and spending power. The targets for these attacks are often highly researched, and the fake email will be harder to spot compared to more broad phishing attempts. Learn more about business email compromise.
Who Conducts Cyber Attacks?
There is no shortage of hackers in the world, as each year the number of cyber attacks increases. While some are individuals — like the teenager that breached Uber and Rockstar Games through a multi-factor authentication (MFA) attack — others are gangs or even employed by nation-states.
Common kinds of cyber attackers include:
- Ransomware or cyber gangs that work together on larger attacks
- Nation-state actors conduct cyber espionage through cyber-attacks. In the wake of the Ukraine war, these kinds of attacks have become more common.
Other bad actors include hacktivists (who are hacking for a political cause), those who utilise ransomware-as-a-service, and insiders, who are exploiting their own organisation because of a grudge or for financial gain. Roughly 4 in 5 breaches can be attributed to organised crime, with external actors approximately 4 times more likely to cause breaches in an organisation than internal actors
Insider Threats and Cyber Attacks
While most cyber attacks originate externally, insider threats are a real issue — and a costly one. internal data breach’s average annual cost was $11.45 millions, with 63% of the incidents attributed to negligence, according to a 2020 Ponemon Institute Report. While some insider attacks are malicious in nature – including those seeking financial gain, disgruntled current or former employees, and those committing corporate espionage — many occur by accident. This includes users not following company security procedures, leaving data unsecure, or those who have been tricked into giving out valuable information.
The Costs of Cyber Attacks
For organisations that experience a cyber attack, the results can be expensive. There are both direct and hidden costs for organisations. Direct costs include potential ransom payment, lost business, operational disruption, reputation damage, and stolen funds.
However, there are tangential costs, often referred to as hidden costs, that organisations may not consider. These include digital forensics (restoration and remediation), public relations, customer communication, compliance fines, legal fees, and more. The total cost of cyber attacks exceeded trillions in 2021, and according to Cybersecurity Ventures, that total will rise 15 percent per year over the next five years.
While the cost varies by organisation, vertical, and the breadth of the cyber attack, costs are rising. The median cost of an attack increased from $10,000 last year to $18,000 in 2022.
It should also be noted that as cyber attack related costs have increased, so has cybersecurity spending. In 2022, spending topped $170 billion, and the financial impact of a potential hack is the main motivating factor when it comes to organisation’s cybersecurity spending.
How Cyber Attacks Have Evolved
The first modern cyber attack was in the 1960’s and it was conducted through a floppy disk. It’s safe to say attacks have changed since then.
Major developments that fueled both the frequency and sophistication of cyber attacks include:
- The creation of computer viruses (1971)
- The first internet cyber attack (1988)
- The first social engineering attack (1995)
- The proliferation of the internet (1990’s)
- The evolution of viruses and worms (2000’s)
- The beginning of cyber attacks against major organisations (2000’s)
- The rise of nation-state hacks (2010)
- The increase of spyware and malware (2010’s)
- The invention of the dark web and crypto currency(2010’s)
- The creation of, and subsequent proliferation of ransomware (2010’s)
- The abundance of phishing attacks (2010’s)
In short, cyber attacks have gone from “one human attacking one computer” to “cyber gangs attacking entire countries and industries at once.” It’s spread like, well, a computer virus, and cyber attacks aren’t going anywhere.
How to Prevent a Cyber Attack
The bad news is that cyber attacks are coming from every angle, constantly. Organisations don’t need just a firewall or multi-factor authentication or identity management — they need all of that plus end point protection, threat hunting, cloud-security, and more. Reducing cyber risk is a matter of taking both proactive and reactive steps, and involves every part of an organisation, from the IT team member to the CEO.
The National Institute of Standards and Technology (NIST) Cybersecurity Framework is a strong starting point for organisations.
The main components of this framework are:
It’s important to note that these components are not steps that can be one-and-done. It’s a continuing process of identifying vulnerabilities, fixing those vulnerabilities, responding to immediate threats, and then using intelligence from those immediate threats to then identify vulnerabilities, and so on. Security is a journey, not a destination.
While every organisation has different security and business needs, it should be said that many organisations lack some components of cybersecurity, and others find themselves in a cycle of reacting to immediate threats instead of focusing on proactive options.
Concrete steps organisations can take to protect against cyber attacks include:
- Installing security software such as firewalls and identity and access management programs
- Protecting endpoints and network perimeters from external intruders
- Educating employees about security and risks such as social engineering
- Maintaining industry compliance
How Arctic Wolf Can Help Prevent Cyber Attacks
As the leader in security operations, Arctic Wolf’s Security Operations Cloud and Concierge Security® Model combines technology with the human element to help organisations reduce their cyber risk and adapt to evolving cyber threats.
The Arctic Wolf approach uses 24×7 monitoring and detection that looks at every aspect of an organization’s security architecture and can process security events to alert organisations when major threats arise, helping them detect, respond, and remediate to those threats. In addition, Arctic Wolf takes a proactive approach to security, working with organisations to address vulnerabilities, build a security journey roadmap, and educate users and employees.