What are cyberattacks and how to prevent them

When it comes to cyberattacks, criminals tend to use the internet to enrich themselves or harm others. Cyberattacks draw on different attack patterns that tend to be adapted to the motivation behind an attack. However, users aren’t entirely defenseless. With the right security strategies, you can secure and defend yourself.

What is a cyberattack?

A cyberattack is a targeted assault on IT systems or networks aimed at stealing data, sabotaging systems, or causing other forms of damage. Criminals deliberately target specific individuals, businesses, organisations, or government agencies. Every attack is driven by a motive—though these motives can vary widely:

• Theft: As with most criminal acts, cybercrimes are often motivated by greed. Often cyberattacks are all about stealing data that can be resold or used to access individual bank accounts.
• Blackmail: Criminals may infect company or private user systems so that these can no longer be used, at least not by those with limited IT knowledge. They can then extort considerable sums promising to release the IT infrastructure upon payment.
• Sabotage: Attacks aren’t always motivated by money. Some attacks are financed by competitors. For example, one company may want to damage a competitor to be more successful.
• Activism: Hacktivism continues to grow in popularity. Here, politically motivated cybercriminals use their skills to damage the reputation of those they disagree with or to generate attention for political goals through attacks.
• Espionage: Industrial espionage and espionage of government continues to shift online. The focus of these attacks is on accessing knowledge.

What are the various types of cyberattacks?

Types of cyberattacks tend to vary as much as the motivation for them. In many cases, attack patterns are combined in order to inflict damage as effectively and broadly as possible.

Phishing

Phishing emails use social engineering tactics to manipulate people into ignoring security concerns, downloading disguised malware, or revealing sensitive information. Variants of this method include smishing (via SMS) and vishing (via phone).

Man-in-the-Middle (MITM)

In a Man-in-the-Middle attack, the attacker positions themselves between two internet participants—such as a client and a server. This allows cybercriminals to intercept and steal sensitive data like passwords. These attacks often exploit malware or unsecured Wi-Fi connections, and commonly involve fake certificates or various spoofing techniques.

Denial-of-Service (DoS)

If the sole purpose of an attack is to take down a web service, Denial-of-Service attacks (DoS) are often used. In these cases, a server is flooded with so many requests that it becomes unresponsive. Larger-scale attacks are carried out through Distributed Denial-of-Service attacks (DDoS). To do this, cybercriminals often rely on botnets—networks of hundreds of computers infected with malware. Without the owners’ knowledge, these devices are used to participate in the cyberattack.

SQL Injection

In an SQL injection, attackers exploit SQL interactions in a web application where user inputs are not properly filtered—such as insecure input fields. Through comment sections or search forms, cybercriminals can manipulate the SQL database to access, alter, or delete sensitive data.

Zero-day exploits

Zero-day exploits are security vulnerabilities in software or hardware that attackers exploit before the manufacturer or development community becomes aware of them and can release a patch. The term ‘zero day’ refers to the fact that there is no warning time. These exploits pose a serious threat, as traditional security measures typically cannot detect them. Attacks can occur via infected email attachments, compromised websites, or directly through vulnerabilities in operating systems and applications.

Well-known cyberattacks

In recent years, big cyberattacks on companies and public authorities have become increasingly common. On one hand, this is due to large-scale, high-profile cyberattacks carried out by groups like the hacker collective Anonymous. On the other hand, there are also widespread reports of major data breaches that have impacted not only the targeted companies but also thousands of users.

WannaCry

One well-known cyberattack happened in 2017 using the WannaCry ransomware. Although the attacks were not targeted, they were orchestrated in such a way that hundreds of thousands of PCs got infected in a short time. The cybercriminals used a backdoor in older Windows systems to this end. This was originally discovered by the US intelligence agency NSA but not immediately disclosed. Computers not running an installation of a recently published security patch were affected.

The attackers used this exploit to inject malware, which encrypted all data. Users could no longer use their systems. Instead, they were shown a message asking them to pay $300 (around £240) in bitcoin. Although numerous security experts advised against paying the ransom, the criminals managed to extort over $130,000 (around £100,000)in cryptocurrency.

Project Chanology

In recent years, hacker group Anonymous has repeatedly caused a stir. One attack by the group concerned Scientology. In 2007, the organisation banned an interview with famous member Tom Cruise. Anonymous activists considered this a form of censorship and announced retaliatory strikes via video message.

Shortly thereafter, the hackers began overloading Scientology’s servers with DDoS attacks. This allowed the attackers to paralyse the website for a short time to disrupt the organisation’s activities. They also sent countless faxes and made prank calls. After the initial illegal digital attacks on Scientology, activism shifted to legal protests outside the organisation’s branches.

SolarWinds hack

One of the most serious cyberattacks in recent years was uncovered in 2020. The SolarWinds hack involved a supply chain attack that compromised the software delivery process of the company SolarWinds. SolarWinds provides network management software used by many businesses and government agencies around the world. Hackers gained access to SolarWinds’ internal systems and manipulated an update of its Orion software, which was then installed by thousands of customers.

This backdoor gave the attackers access to sensitive networks of U.S. government agencies, IT firms, and major corporations. Affected organisations included the U.S. Department of the Treasury, the Department of Commerce, Microsoft, and FireEye. What made the attack particularly alarming was that it went undetected for months, as the perpetrators acted with extreme caution and covered their tracks. It was only after cybersecurity firm FireEye discovered unusual activity in its own systems that the full extent of the breach became clear.

Yahoo! Hack

In 2013 and 2014, the Yahoo! group suffered several attacks on its databases. The attackers stole several billions of data records, including poorly encrypted passwords or completely unencrypted answers to security questions. These were offered on illegal marketplaces across the Dark Web. Buyers on these platforms hoped that the stolen passwords were also being used on other sites or for online banking, allowing them to profit from the data.

In response to the attacks, Yahoo! required its users to reset their passwords and choose new answers to security questions, which were then more securely encrypted. Additionally, Yahoo! had to pay over $100 million (around £80 million) in damages to affected users.

How to protect yourself from a cyberattack

Cybercriminals are constantly developing more complex ways to breach systems and steal data. Even cybersecurity experts are often a step behind. However, that doesn’t mean you’re defenseless against cyberattacks. With the following tips on cybersecurity, you’ll be well prepared to face potential threats.

How can you prevent cyberattacks?

Attackers tend to exploit security vulnerabilities in outdated systems. One of the best preventative measures users can take is to regularly update their operating system and software. To find out about updates or patches, simply activate the automatic update function. This also applies to antivirus programs.

Criminals don’t always use malware for cyberattacks. Password-protected areas tend to be attacked more directly. Brute Force attacks (trying out password combinations), Rainbow Tables (tables with hash values) or password dictionaries (collections of typical passwords) can be used to crack weak passwords. Strong passwords and two-factor authentication are among the most effective preventive measures against cyberattacks.

How can you spot a cyberattack?

Many attacks succeed simply because they go unrecognised. This is especially true with phishing, where you should be cautious with emails from unknown senders. Never download or open attachments or click on links in messages like these. The same level of caution applies when browsing the web: even seemingly harmless websites can pose threats. Avoid downloading software from sites you don’t fully trust. A missing SSL certificate can be a strong indicator of an untrustworthy source.

System admins also have additional ways to detect cyberattacks. Servers keep log files by default which track suspicious activities. For example, an increased number of unsuccessful password entries indicates a brute force attack. In addition, you can monitor your IT infrastructure. Malware produces side effects such as a slowed network connection which may be a sign of a cyberattack.

How can you do during an attack?

Especially in the case of DDoS attacks, there are ways to keep your online presence accessible despite the attack. Using a Content Delivery Network (CDN) makes it nearly impossible for cybercriminals to completely take down a website. Even if your own server is overwhelmed, the site can still be accessed through the network of mirrored content.

If you’re facing a cyberattack, there are official resources in the UK that can assist you. Agencies like the National Cyber Security Centre (NCSC) and Action Fraud have specialised units focused on cybercrime and cybersecurity. You can report cyber incidents and get support through the Action Fraud website or visit the NCSC’s website for guidance and tools to help mitigate attacks.

What protection is available in a worst-case scenario?

There’s no such thing as 100% protection against cyberattacks, which is why it’s essential to prepare for the worst-case scenario. One key step is to use strong encryption methods to ensure that sensitive data is rendered useless to unauthorised individuals even if it gets stolen.

A solid backup strategy is equally important. Ransomware attacks, for example, lose their impact if you’ve stored your critical data securely elsewhere. The 3-2-1 backup rule helps ensure your files are always protected.