Demystifying cyberattacks and threats
Information & Communications Technology and Media | 26 Nov 2020
Cyberattacks and threats come in all shapes and sizes. Some are overt ransomware attacks, while others are covert threats where criminals infiltrate a system to gain valuable data. Read more about the basics of cybersecurity HERE.
What is a cyber threat or cyberattack?
A cyberattack is mounted against our digital devices via cyberspace. Cyberattacks can cause electrical blackouts, failure of military equipment and breaches of national security secrets. They can result in the theft of valuable, sensitive data like medical records, for example, when hackers attacked SingHealth searching for Prime Minister Lee Hsien Loong’s records. They can disrupt phone and computer networks or paralyze systems, making data unavailable, affecting the functioning of life as we know it.
According to Gartner, “Cybersecurity risks pervade every organization and aren’t always under IT’s direct control. Business leaders are forging ahead with their digital business initiatives, and those leaders are making technology-related risk choices every day. Increased cyber risk is real — but so are the data security solutions.”
Types of cyberattacks
Listed below are six common types of cyber threats, although not exhaustive, and the list is sure to grow as technology and devices develop and increase.
A software that performs a malicious task on a target device or network, e.g. corrupting data or taking over a system. Malicious software usually infiltrate networks through a vulnerability, such as staff clicking on an unsolicited email attachment or legitimate-looking download, or installing a risky application. Once in the system, malware can block access to key components of the network (ransomware), install malware or additional harmful software, covertly obtain information by transmitting data from the hard drive (spyware), and/or disrupt certain components and render the system inoperable.
There are several different types of malware, including:
- Adware: A malware that spreads through advertising software.
- Botnets: Consists of networks of computers infected with malware, through which cybercriminals do tasks online without the user’s permission.
- Ransomware: Ransomware continues as the top online threat targeting public and private organizations. The attackers encrypt data to lock the target system and demand a ransom so that the user may have access to the data again. These attacks range from low-level nuisances to serious incidents, such as when the entire city of Atlanta’s municipal government data was locked in 2018.
- Spyware: A program that secretly records what the user does, capturing data such as credit card details, so that cybercriminals can make use of that data.
- Trojans: Cybercriminals trick users into uploading Trojans, a malware which enters a target system disguised as legitimate software, but which produces malicious code once inside the host system. The attackers can then cause damage or collect data.
- Virus: A self-replicating program that attaches itself to a clean file and spreads throughout a computer system, infecting files with malicious code.
Phishing is an attack where the recipient is tricked into disclosing confidential information or downloading malware. This is done when the recipient clicks on a hyperlink in malicious communications designed to appear legitimate, reputable, or from well-known sources. When the phishing link is clicked, cybercriminals have access to sensitive data like credit card, personal or login information. Spear Phishing is a more sophisticated form, where the attacker learns about the victim and impersonates someone he/she knows and trusts to con the victim.
3) “Man in the Middle” (MitM) attack
A MitM attack is one where a cybercriminal intercepts communication between two individuals to steal data. For example, an attacker could intercept data being passed from the victim’s device and the network on an unsecure WIFI network. The sender and recipient believe they are communicating directly with one another, but the cybercriminals can view all of the victim’s information without being noticed.
4) Denial of Service attack or Distributed Denial of Service attack (DDoS)
A denial-of-service attack floods systems, servers, or networks with traffic to exhaust resources and bandwidth. This results in the system being unable to fulfil legitimate requests. Attackers can use multiple compromised devices to launch the DDoS attack. A website crashing from an overload of demand is an example. The attack leaves the system unusable and prevents the organisation from carrying out vital functions.
IoT devices like industrial sensors are vulnerable to DDoS attacks, also enabling unauthorised access to data collection by the device. Given their numbers, geographic distribution, and often out-of-date operating systems, IoT (internet of things) devices are a prime target for cyberattacks.
5) Zero-day attacks
These attacks occur when a network vulnerability is announced but before a patch or solution is implemented. Attackers target the disclosed vulnerability during this window of time.
6) SQL (structured language query) injection
An SQL injection is a cyberattack when an attacker inserts malicious code into a server. The attacker uses SQL and forces the server to reveal information it normally would not, and take control of and steal data from a database. The attacker can do this by simply submitting a malicious code into a vulnerable website’s search box.
Sources of cyber threats
In identifying a cyber threat, it might be more important to know who is behind the threat than knowing the technology or TTP (Tactics, Techniques and Procedures). TTPs will constantly evolve but there will always be someone who falls for a clever trick, and so there will always be someone with a motive. This is the real source of the cyber threat.
For example, in June 2016, SecureWorks revealed details of Russian Threat Group-4127 attacks on Hillary Clinton’s presidential campaign emails. In September, Bill Gertz of The Washington Times reported another cyberattack by presumed “hostile foreign actors” on Hillary Clinton’s emails. However, not all cyber threats come from foreign countries. Some of the common sources of cyber threats include those from nation states or governments, terrorists, industrial spies, organized crime groups, hacktivists and hackers, business competitors, or disgruntled insiders.
Cyber threat intelligence is necessary for enterprises
Advanced threat attackers like nation states, cybercriminals and cyber espionage actors are the greatest information security threat to enterprises today. Many businesses struggle to detect these threats due to their covert nature, resource sophistication, and intentional “low and slow” approach. The sophisticated, organised, and persistent attackers are often only discovered in the digital traces they leave behind. Therefore, enterprises need threat intelligence which can then leads to actionable insights, such as: What does the threat mean? How do you resist? What action should you take?
This article is contributed by Moses Ku, Manager (Engagement), IndSights Research.