Demystifying Cybersecurity: Understanding Attacks, Reasons, and Solutions

Pahan Kawindu
10 min readDec 13, 2023

--

In today’s interconnected world, where information flows freely and our reliance on technology grows ever-deeper, the risk of cyber attacks looms large. These malicious acts pose a significant threat not just to financial well-being, but also to data security, reputation, and even individual safety. To navigate this ever-evolving digital landscape, it’s critical to gain a comprehensive understanding of the diverse types of cyber attacks, the motivations behind them, and the most effective solutions available to build a robust and resilient digital environment for all.

What is a Cyber Attack?

A cyber attack is any malicious attempt to exploit vulnerabilities in computer systems, networks, or devices. These attacks can be carried out by individuals, criminal groups, or even state actors, and their goals can vary widely.

Types of Cyber Attacks.

Most common types of Cyber Attacks

The realm of cyber threats is vast and continually evolving, with attackers perpetually innovating new methods and tactics. Among the prevalent forms of cyber-attacks are:

  • Malware : Harmful software like viruses, worms, Trojans, ransomware, and spyware is crafted to inflict damage on computer systems. These malicious programs infiltrate, corrupt, or hold data hostage, posing severe threats to data integrity, system functionality, and user privacy.
  • Phishing : Deceiving victims through enticing links or infected attachments to install malware or pilfer personal data is the essence of phishing. It manipulates trust, tricking users into taking actions that compromise system security, leading to data theft or system compromise.
  • Ransomware : Ransomware is malicious software that encrypts or locks files, demanding payment to unlock them. It effectively holds data captive until the demanded ransom is paid for access restoration.
  • Passwords Attacks: Utilizing advanced techniques like brute force attacks, dictionary attacks, or keyloggers, cyber attackers attempt to breach passwords. These methods leverage computational power, predefined wordlists, or covert software to decipher passwords, breaching system access and compromising security.
  • SQL Injection : Cyber attackers employ sophisticated methods like SQL injection to infiltrate a website’s database. Through this technique, they insert malicious code, exploiting vulnerabilities, to pilfer sensitive data. Using SQL commands, they bypass security measures, extracting valuable information, jeopardizing user privacy and site integrity.
  • Distributed Denial-of-service (DDoS) Attacks : DDoS attacks flood servers or networks with an excessive volume of traffic, rendering them inaccessible to genuine users. Attackers utilize botnets — networks of compromised devices — to amplify traffic, overpowering the target server’s capacity. For instance, amplification attacks exploit vulnerable protocols, magnifying traffic volume to disrupt services.
  • Zero-day Attacks : This refers to zero-day exploits, taking advantage of software vulnerabilities unknown to the vendor and lacking available patches. Cyber attackers leverage these vulnerabilities, exploiting weaknesses before developers become aware and release fixes. Sophisticated techniques like fuzzing or reverse engineering uncover these undisclosed flaws, enabling attackers to breach systems without mitigation measures in place.
  • Social Engineering : A tactic that manipulates individuals into revealing sensitive data or carrying out actions advantageous to the attacker. Techniques like pretexting or baiting exploit human trust or curiosity. Paraphrase: Social engineering involves manipulating individuals to disclose sensitive information or conduct actions benefiting the attacker by exploiting human tendencies.
  • Supply Chain Attacks : This tactic involves targeting a company’s interconnected network, focusing on its vendors or partners as entry points to breach the main organization’s systems and data. Attackers exploit interlinked relationships, utilizing techniques such as supply chain attacks or third-party compromises. For instance, infiltrating a supplier’s system might provide access to the primary company’s network, allowing attackers to navigate through interconnected systems to reach sensitive data or infrastructure.
  • Insider Threats : This pertains to insider threats involving employees or trusted individuals misusing their authorized access to internal systems and data for malicious intents. Techniques like privilege escalation or data exfiltration can be utilized. This involves exploiting elevated privileges or intentionally leaking sensitive information for personal gain, potentially causing significant harm to the organization’s security and integrity.
  • Man-in-the-Middle (MitM) Attacks : This describes a MitM attack, where cyber assailants intercept communications between two entities to eavesdrop or manipulate the exchanged data. Advanced tools like ARP spoofing or DNS hijacking are employed. These methods enable attackers to secretly access and potentially modify the transmitted information, compromising its confidentiality or integrity without the parties’ knowledge.
  • Cross-Site Scripting (XSS) : Injecting malicious code into a website allows attackers to compromise user data or control browsing sessions when executed by the user’s browser. This method, such as Cross-Site Scripting (XSS), exploits vulnerabilities to achieve this infiltration.
Ransomware world domination

Reasons for Cyber Attacks

Some common motivations for cyber attacks include,

01. Financial gain. Cybercriminals pursue financial gain through distinct avenues: first, by directly aiming to acquire funds or valuable assets using methods like banking trojans, fraudulent transactions, or crypto-jacking. Additionally, attackers focus on obtaining financial details to execute unauthorized transactions or to vend the data on the dark web. Another method involves holding data or systems hostage, leveraging urgency by demanding a ransom for their release, thereby exploiting the situation for immediate financial gain.

02. Data Theft. These motivations can be categorized into three key areas: accessing personal data, corporate secrets, and government intelligence. This involves the theft of personal information like names, addresses, social security numbers, or health records, often utilized for identity theft or fraudulent schemes. Breaching organizations is another goal, focusing on stealing intellectual property, trade secrets, or proprietary information to achieve a competitive edge or to trade with rival entities. Espionage activities are directed at government agencies or entities, seeking to obtain classified information, potentially compromising national security or diplomatic relations.

03. Disruption. There are two distinct categories: critical infrastructure targeting and denial of service. Critical infrastructure targeting involves attacking systems governing crucial services such as power grids, transportation, or healthcare, intending to cause chaos, disrupt services, and potentially jeopardize lives. On the other hand, denial of service involves overwhelming systems or networks, rendering them inaccessible, which disrupts operations and services, impacting both revenue and reputation.

04. Espionage. Two specific motivations include accessing classified information and engaging in corporate espionage. This involves infiltrating government or corporate networks to obtain confidential data, plans, or strategies, often for political, economic, or strategic advantages. Additionally, the aim is to steal intellectual property, trade secrets, or business plans to gain an edge in the market or to subvert rival competitors.

05. Reputation Damage. These motivations fall into two categories: character assassination and brand sabotage. Character assassination involves disseminating false information, leaking sensitive data, or defacing websites with the intention of damaging the reputation of individuals, organizations, or governments. Conversely, brand sabotage aims to damage the credibility, trust, and customer loyalty of companies through cyber attacks, impacting their financial standing and market position.

Cyber Attack categorize by region

Cyber Attacks Examples

Kaseya Ransomware Attack. In July 2021, Kaseya, a US software provider, faced a severe supply chain attack. Cybercriminals exploited vulnerabilities in their VSA product, unleashing ransomware on customer machines. These vulnerabilities, like credentials leaks and authentication flaws, were used in a fake software update, infecting systems.

The attack, executed by the “REvil” cybercrime group from Russia, impacted a fraction of Kaseya’s clients, notably managed service providers (MSPs) and their customers. Reports suggested that around 800–1500 small to mid-sized companies fell victim to the “REvil” ransomware following this breach.

Kaseya Ransomware Attack

Amazon DDoS Attack. In February 2020, Amazon Web Services (AWS) encountered a colossal distributed denial of service (DDoS) attack. Clocking in at 2.3 Tbps (terabits per second), this attack was a record-breaker, boasting a packet forwarding rate of 293.1 Mpps and an astounding request rate per second (rps) of 694,201. This assault stands as one of the most massive DDoS attacks ever documented, and AWS successfully managed to mitigate its impact.

Amazon DDoS Attack

Microsoft Exchange Remote Code Execution Attack. In March 2021, a massive cyber attack hit Microsoft Exchange, a widely-used enterprise email server. Exploiting four zero-day vulnerabilities, attackers gained entry to Exchange servers. These vulnerabilities facilitated Remote Code Execution (RCE), allowing complete server compromise and data access.

Attackers on affected servers stole sensitive data, injected ransomware, and discreetly deployed backdoors. The impact was significant, affecting nine US government agencies and over 60,000 private businesses.

Microsoft RCE vulnerabilities

Twitter Celebrities Attack. In July 2020, Twitter faced a breach when three attackers targeted high-profile accounts by tricking employees in a phone phishing scam. They gained access to Twitter’s internal systems, compromising well-known accounts like Barack Obama, Jeff Bezos, and Elon Musk.

Using these accounts, the attackers orchestrated bitcoin scams, collecting over $100,000. The US Justice Department charged three suspects, including a 17-year-old, within two weeks of the incident.

Celebrity Twitter Accounts were hacked

Solar Winds Supply Chain Attack. In December 2020, a significant supply chain attack hit SolarWinds, a Texas-based IT company, named after the victim. APT 29, linked to the Russian government, orchestrated this attack, compromising SolarWinds’ software platform, Orion.

The attackers injected malware, called Sunburst or Solorigate, into Orion’s updates distributed to SolarWinds customers. This attack, deemed severe cyber espionage, breached numerous US federal agencies, including those overseeing critical infrastructure and military operations, along with numerous Fortune 500 companies.

SolarWinds supply-chain attack

Cyber Attack Prevention

Many organizations rely on various security tools to thwart cyber attacks. However, it’s crucial to note that these tools alone aren’t sufficient. They need skilled IT and security personnel or outsourced services to adeptly manage and leverage these tools in tackling threats effectively.

  • Implementing a layered security approach. It’s about blending diverse security technologies and strategies — think firewalls, intrusion detection systems, anti-virus software, and encryption — to craft a robust defense. This comprehensive approach involves weaving together various tools and practices to create an all-encompassing shield against cyber threats.
  • Regularly updating software and firmware. Staying current with software and firmware updates is like keeping your armor reinforced. These updates often pack security patches, sealing off vulnerabilities that attackers tend to exploit. It’s essentially fortifying your defenses to stay a step ahead of potential cyber threats.
  • Creating strong passwords and practicing good password hygiene. Crafting robust passwords and steering clear of using the same one across different accounts is a bit like locking up your digital world. Strong, unique passwords act as individual keys, safeguarding your online identity. It’s the smart move to keep your virtual doors locked tight against potential breaches.
  • Being aware of phishing and social engineering scams. Empowering users with knowledge about phishing and social engineering is like arming them with a shield against cyber sneakiness. Understanding these tactics helps steer clear of digital traps, ensuring they navigate the online world safely. It’s like giving them a secret decoder ring to spot and dodge these clever cyber schemes.
  • Practicing safe browsing habits. Steering clear of sketchy websites, suspicious links, and dodgy attachments is akin to keeping your digital fortress secure. By avoiding these cyber wildlands, you’re essentially putting up barriers against potential malware invasions. It’s like having a keen eye to spot and dodge digital landmines, ensuring a safer online journey.
  • Backing up data regularly. Imagine having a secret vault for your precious data — a backup plan for the digital unexpected! This backup treasure chest ensures your important information remains safe and sound, even if cyber trouble strikes, offering a lifeline against loss or corruption during a cyber onslaught.
  • Having an incident response plan. Picture it as a cyber emergency drill — a well-thought-out plan in the face of digital chaos! Preparing for cyber-attacks is like having a playbook ready, ensuring organizations can spring into action, respond effectively, and limit the impact of these virtual storms. It’s all about being ready to dodge, weave, and minimize the damage caused by cyber threats.

While the threat of cyber-attacks may seem daunting, remember that knowledge is power. By understanding the landscape of cyber threats and implementing sound security practices, we can build a more resilient and secure digital world for ourselves and future generations. Let’s embrace the challenge and navigate the digital landscape with an informed and proactive approach, ensuring that our online interactions are filled with progress, not peril.

References

[1] “Amazon ‘thwarts largest ever ddos cyber-attack,’” BBC News, https://www.bbc.com/news/technology-53093611 (accessed Dec. 12, 2023).

[2] J. T. & D. Molloy, “Twitter hack: 130 accounts targeted in attack,” BBC News, https://www.bbc.com/news/technology-53445090 (accessed Dec. 12, 2023).

[3] “What is a cyberattack?,” IBM, https://www.ibm.com/topics/cyber-attack (accessed Dec. 11, 2023).

[4] “10 most common types of cyber attacks today — crowdstrike,” crowdstrike.com, https://www.crowdstrike.com/cybersecurity-101/cyberattacks/most-common-types-of-cyberattacks/ (accessed Dec. 13, 2023).

[5] “What is a cyber attack: Types, examples & prevention: Imperva,” Learning Center, https://www.imperva.com/learn/application-security/cyber-attack/ (accessed Dec. 13, 2023).

--

--