What is a Cyberattack? Types and Defenses

Published

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

A cyberattack is any action taken by a cyber criminal in an attempt to illegally gain control of a computer, device, network, or system with malicious intent. Cyber criminals may damage, destroy, steal, encrypt, expose, or leak data as well as cause harm to a system.

Cyberattacks are on the rise, with cyber criminal trends and techniques becoming increasingly sophisticated and creative. However, basic cybersecurity tools and practices, like patching, strong passwords, and multi-factor authentication (MFA), “can prevent 80 to 90% of cyberattacks,” said Anne Neuberger, deputy national security advisor for cyber and emerging technologies, during a White House press conference in Sept. 2021.

Also read: Best Antivirus Software of 2022

Contents:

Cyberattack Statistics

Driven by the global pandemic, the increase in remote and hybrid work, and unprepared network defenses, cyberattacks have been rising exponentially. The 2022 SonicWall Cyber Threat Report found that all types of cyberattacks increased in 2021. Encrypted threats spiked 167%, ransomware increased 105%, and 5.4 billion malware attacks were identified by the report.

These new attacks affect everything from private citizens and businesses to government systems; healthcare organizations; public services; and food, water, and fuel supply chains. CEOs who say that cybersecurity is the biggest threat to short-term growth have doubled in the past year.

Cisco Umbrella, analyzing the threat environment for 2022, found that 86% of organizations experienced phishing, 69% experienced unsolicited crypto mining, 50% were affected by ransomware, and 48% experienced some form of information-stealing malware.

In 2015, global cyber crime had a cost of about $3 trillion, and the cost is expected to rise to $10.5 trillion by 2025, according to the report Cyberwarfare in the C-Suite from Cybersecurity Ventures.

“This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined,” the report warned.

The average cost of a breach is $3.6 million per incident, according to the World Economic Forum (WEF) Global Cybersecurity Outlook 2022 report, while IBM reports that the number is now $4.24 million. Organizations can lose up to 280 days as they identify and respond to an incident, and some even go out of business. Staying ahead of attackers is a constant battle and the cost is “unsustainable,” 81% of WEF survey respondents say.

Major cyberattacks at companies like SolarWinds and Colonial Pipeline raised the public visibility of cybersecurity greatly in 2021, elevating it to a Presidential priority.

Also read: The Best Wi-Fi 6 Routers Secure and Fast Enough for Business

Types of Cyberattacks

Cyberattacks are constantly evolving and adapting to find vulnerabilities as cybersecurity measures are strengthened and updated. There are many types of cyberattacks, with top trends for 2022 including mobile attacks, ransomware, COVID-related scams and hacks, zero-click attacks, malicious QR codes, phishing, cryptojacking, and IoT malware attacks, among others.

Ransomware

Ransomware is the fastest-growing trend. In this type of attack, criminals take control of a system or network and encrypt valuable data, often making it impossible for organizations to continue their normal operations. Restoration is offered in exchange for a ransom, usually in cryptocurrencies. Ransomware attacks can also threaten to release sensitive information.

In May, cybersecurity researchers revealed that ransomware attacks are increasing their aggressive approach by destroying data instead of encrypting it. Law enforcement agencies continually advise ransomware targets not to pay.

Also read:

Mobile attacks

The global widespread use of smartphones—along with a public perception that downplays the importance of mobile cybersecurity—has led to a significant increase in malware mobile attacks. Proof Point’s Human Factor 2022 reports over 100,000 daily telephone-oriented attacks. Mobile attack techniques include SMS, phishing, phone calls, deep fakes, and malicious apps that can steal personal and financial data, extort, and conduct other illegal activities.

Also read: Mobile Malware: Threats and Solutions

Phishing

Phishing attacks continue to dominate cyber threats. Attackers use different techniques to trick victims into giving away sensitive information like passwords, social security numbers, and financial data, or tricking them into clicking or downloading malware.

To accomplish this, cyber criminals have perfected the skills of impersonating or mimicking official organizations when contacting victims.

Also read: Complete Guide to Phishing Attacks: Different Types and Defenses

Crimeware and spyware

Crimeware is a type of malware that cyber criminals use to commit identity theft or gain financial information to execute transactions. Other techniques to steal personal data include the use of keyloggers that record all keystrokes and can reveal information.

On the other hand, spyware malware can breach a device and access specific functions like webcams, website history, cookies, or even record conversations on a phone. Rootkit malware is used by attackers to gain administrator-level access to a system or a network. With these permissions, the attacker can steal or encrypt data, deploy spyware, and even use a device or an entire network for illegal purposes, like conducting bulk mass attacks, crypto mining, and others.

See the Top Rootkit Scanners

Other methods

With the rise of the digital economy, e-wallets, cryptocurrencies, and digital assets, the way the world does business has transformed. Capital markets, insurance, financial services, and banking are now online. This presents a unique opportunity for cyber criminals.

QR payments are being tampered with, NFT accounts hacked, digital wallets emptied, and sensitive information compromised. The techniques used in digital financial crimes are varied. Zero-click attacks that do not require any action from the user are of particular concern for cybersecurity experts.

Backdoors—malware that gives access to a device without the users’ permission—can also be used in these types of crimes. Botnets, viruses, and worm-style attacks are also being adapted for this new era.

Also read:

Preventing Cyberattacks

It’s important to have state-of-the-art cybersecurity defenses and strategies in place to prevent attacks altogether. While these strategies won’t be 100% fool-proof, they’re a great start toward protecting your data from being stolen or changed. And every attack stopped saves a lot of money in costs avoided so security tools generally show a pretty good return on investment (ROI).

Backup and encryption

Backups are critical in cybersecurity and can cover anything, including system images, executables, and source codes. Ransomware attacks can be coded to find online backups and destroy them or encrypt them.

So keeping backups offline is of paramount importance. An organization should always have offline encrypted backup, and these should be tested regularly. Hardware backups are also a good option, as primary systems can be damaged or become unavailable.

Backup solutions today provide fast recovery. Some of the best are Veeam, Acronis, Cohesity, Arcserve, Commvault, and Veritas.

Security information and event management (SIEM)

Security information and event management is a system that gives users 360-degree real-time visibility into their entire IT infrastructure, which allows users to respond to threats almost instantly. SIEM tools can scan massive amounts of data in just seconds as well as identify threats and alert users.

Some of the best SIEM tools are Securonix, LogRhythm, IBM QRadar, McAfee ESM, Splunk, Exabeam, Fortinet, and Dell/RSA.

Endpoint detection and response (EDR)

In the new era of hybrid work, endpoints have become the new workplace. However, most malware attacks by 2022 come from endpoints and, usually, unaware employees. Educating and training employees is a must-do in modern endpoint security. 

In addition, endpoint detection and response tools are a great way to continuously monitor all endpoint devices. From laptops to smartphones, virtual desktops, or IoT, an organization may have thousands of active endpoints at any given time. EDR can detect a cyberattack, alert, and respond through automated remediation.

Some top EDR tools are Crowdstrike Falcon, SentinelOne, Trend Micro, Microsoft Defender for Endpoints, Symantec, Bitdefender, Cynet, Palo Alto Cortex XDR, and Trellix.

Next-generation firewalls (NGFW)

Firewalls have come a long way. The next-generation firewall (NGFW) goes well beyond the capabilities of a traditional firewall. They are the third-generation and the current security standard.

They combine the traditional firewall capabilities of monitoring and inspecting incoming and outgoing traffic, but also include other features like application awareness and control, intrusion detection and prevention systems (IDPS), deep packet inspection (DPI), and cloud-delivered threat intelligence. NGFWs can also provide log analysis and dashboard management for insight into traffic patterns.

The best NGFW vendors include Barracuda, Check Point, Cisco, Forcepoint, Fortinet, Huawei, Juniper, Palo Alto Networks, and Sophos.

Cybersecurity training and awareness

Cybersecurity training and awareness have evolved to respond to modern threats. Cyber criminals are targeting not just IT personnel but all level employees through phishing. Attacks will often mimic official emails, webpages, SMS, or phone calls to trick workers into giving out sensitive information, downloading, or clicking on malware.

Training and education resources aim to inform workers about the trends and techniques they might encounter, and how to deal with them accordingly. Ninjio, ESET, KnowBe4, Cofense, CybSafe, Elevate Security, Mimecast, Proofpoint, and Living Security are among the top cybersecurity training tools for employees.

Stopping Cyberattacks with Incident Response Tools

Cybersecurity works on three different levels: prevention, detection, and response.

For those times when hackers manage to succeed, you want to have a detailed incident response plan and incident response tools in place to rapidly identify cyberattacks, respond, and restore. Companies offering incident response tools will monitor endpoints and networks in the cloud, on-premises, or hybrid.

In today’s highly active environment, cyberattacks are inevitable. CISA says there is one ransomware attack every 14 seconds, causing digital operations to shut down, exploiting businesses, and stealing data. The difference between responding to an incident without preparation and reacting to it professionally through an incident response plan can translate into millions of dollars in costs, reputation and clients lost, and months of work delayed.

Therefore, any good incident response tools should incorporate the three As—awareness, attribution, and ammunition—in their offering in order to prepare for or even prevent an attack. While features, or ammunition, may be different for each organization, they should be able to provide the ability to identify as well as execute manual and automatic actions to respond swiftly.

However, any good incident response tool should have features for real-time threat intelligence to provide you with awareness, which is key to reducing impact and increasing the learning curve of an incident response plan as it evolves.

In the event of an attack, an incident response tool should be able to quickly attribute where the attack came from as well as its intention and technique. The tools can identify phishing, malware, virus, login discrepancies, data leaks, and other incidents. They also monitor system logs, NetFlow, endpoints, Active Directory, and emails, among other things.

Incident response monitoring tools do log analysis, log management, intrusion detection (IDS), NetFlow analysis, and vulnerability scans. Incident response plans also include remediation and recovery, and data and incident forensic tools identify and preserve evidence to empower recovery, conduct analysis, and learn to update security. In addition, system backup and recovery tools are also essential to avoid impacts and downtime.

Services offered by incident response tools include active 24/7/365 monitoring, deployment of expert personnel onsite, press and stakeholder management during an incident, instant notifications, forensic research, and the provision of tools that enable quick identification and reaction to cyberattacks.

And if you’re ready to start your search, some of the best incident response tools and software include ManageEngine Log360, Cynet, Mandiant, Secureworks, Sygnia, BAE Systems, and Cybriant.

Read next: How to Create an Incident Response Plan

Ray Fernandez Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

This field is required This field is required

Get the free Cybersecurity newsletter

Strengthen your organization’s IT security defenses with the latest news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

This field is required This field is required