Cyberattacks come in all shapes and sizes. They’re launched by criminal organizations, state actors, and even amateur hackers. They range from phishing, which exploits people’s psychology to steal passwords, to brute force attacks that try out many combinations of usernames and passwords until they find the one that works. They also include ransomware, which encrypts data and demands payment in untraceable cryptocurrency.
Ransomware
Ransomware is malware encrypting files on an organization’s system, prompting the victim to pay a ransom to restore access. Attackers often demand cryptocurrencies like Bitcoin, which can be hard to trace, as payment. The varieties of cyber attacks start with phishing, such as a malicious link or attachment in an email. It is one reason employee cybersecurity training and education are essential to any organization’s defenses. The massive WannaCry and NotPetya attacks of 2017 showed how vulnerable many networks are. Those attacks used zero-day vulnerabilities and lateral movement to spread rapidly across networks, holding data hostage and causing massive outages.
Ransomware has become a popular revenue model for attackers, and 2023 research from Proofpoint found that 64% of organizations affected by ransomware paid the criminals’ demands. However, paying the ransom does not guarantee the attacker will release encrypted files. Instead, it can signal other cybercriminals that an organization is a good investment and a likely target. The best way to avoid being held for ransom is to have a robust backup strategy and use enterprise cybersecurity tools.
Botnets
Modern malware often employs botnets for its attacks. These enslaved devices are controlled remotely by hackers known as bot-herders. Bots are a significant cybersecurity threat for several reasons. They provide the hacker with a powerful and resilient attack platform that can scale to massive sizes. They can support phishing campaigns to steal login credentials and other sensitive information. They can also be used to deliver bot malware, such as a keylogger that logs keyboard activity. They can be recruited to participate in Distributed Denial-of-Service (DDoS) attacks that swarm websites and services with traffic to disrupt their operations.
Additionally, bots can commit financial crimes, such as collecting credit card data and selling it on the Dark Web or engaging in cryptojacking to mine Bitcoin at consumers’ cost. Creating a botnet begins with the hacker prepping and exposing a victim’s device to malware infection. They then use the infected device to attack the computer or other connected devices in several stages. The final step is mobilization, in which the bot-herder sends commands to infected machines or devices, and they carry them out.
Malware
Malware can crack weak passwords, delve deep into systems and spread through networks. It can also encrypt files, spam you with ads or slow your computer down. Cybercriminals use malware attacks against individuals, businesses and governments. Stealing data, credentials and payment information is a common goal of malware. Attackers often try to steal highly valuable data from their targets, such as login credentials for high-profile accounts or intellectual property. Cybercriminals can spoof the target’s domain or website by using techniques like DNS poisoning, and they can use tools similar to AI-enabled “fishing” tactics (phishing, spear phishing, vishing, etc.). Ransomware is another incredibly common form of malware attack. Attackers encrypt the victim’s files and demand a ransom payment. Ransomware attacks have been used to blackmail hospitals, schools and retail store customers, but they are increasingly targeted at businesses. Attackers see businesses as a larger target with a bigger payoff.
Denial of Service
Denial of Service (DoS) attacks typically use malware to overwhelm systems with meaningless online requests, blocking legitimate traffic. It can be accomplished in various ways, including spoofing free Wi-Fi and performing man-in-the-middle attacks on mobile devices. Attackers may be motivated by a variety of reasons. Some are simply seeking kudos from other hackers by bringing down well-known websites. In contrast, others are extorting, targeting companies and demanding large sums to restore their services. Some attackers will also use this opportunity to steal data, such as customer information, passwords or intellectual property, by leveraging the compromised system for lateral movement within the network. It can be done by encrypting or deleting files and installing malicious software. A sophisticated phishing attack can also involve impersonating the email address of a company executive, such as a CEO, to trick an employee into transferring money or sensitive information to them. It is known as the Business Email Compromise (BEC). It can be more advanced with AI voice generation technology to mimic a CEO’s voice and request funds from the victim over the phone.
Phishing
Phishing is a popular cyberattack that allows fraudsters to steal personal data such as account passwords, financial information and even credit card details. These data are often sold on the dark web, which can be used for everything from fraudulently withdrawing money to ransomware attacks. The basic episode starts with a message impersonating an authentic organization, with the attackers hoping to trick recipients into divulging sensitive information. Attacks can be carried out through email (phishing), phone calls (vishing), social media, SMS messaging services (smishing) and a variety of other methods. They can also involve spoofing websites that mimic official organizations, such as the one used in an attack against Twitter in 2020, where attackers impersonated help desk staff to trick users into authenticating on a fake site and sending their credentials to the hackers.
