A cyber-attack is any type of offensive manoeuvre employed by individuals or organisations that targets computer information systems, infrastructures, networks or personal digital devices by various malicious means usually originating from an anonymous source that either steals, alters or destroys information or network/device capabilities following the “hack” of a susceptible system. “Malware” is a general term to describe malicious software designed with the intention of perpetrating some form of cyber-attack.
“Hackers” attack for as many reasons as traditional trouble-makers commit crimes and vandalise. There’s financial incentive. Holding a large company to ransom might be a lucrative ploy, especially for a computer-savvy crook with few other economic opportunities. Stealing the intimate details of an individual’s private life can give cyber-criminals leverage to extort cash too. But it’s not always money they’re after. “Hacktivism” describes the act of committing cyber-attacks with the intention of making a political protest, or an ideological statement. The disparate underground network ‘Anonymous’ is a face, if you will, of this kind of computer hacking. ‘Anonymous’ regularly attacks networks belonging to corporations and government agencies that they perceive to have acted immorally or illegally, by preventing users from accessing websites or defacing an organisation’s home page with digital graffiti. Picket-signs of the IT age. And there are hackers who disrupt networks or break through security measures merely to make the point that they can do it, or for fun, or as a test, to stretch their intellectual legs. Some common types of cyber-attack:
Self-replicating computer programs that infect a device or network, attaching themselves to another program or file in order to reproduce. Often difficult to detect, computer viruses, like their microbial namesakes, hide inside a system and take advantage of its own processes or software to execute its code and wreak potential havoc on the host.
Like viruses, but can attach to a system without needing another file or program to reproduce. Worms are sophisticated programs that replicate rapidly across an infected network and are highly contagious to other networks that interact with the host. Large-scale worms are employed at the government level for mass-scale espionage.
Just like in the epic tale of Troy, these are programs built to appear as something harmless, even useful, which actually conceal a hidden and unwanted agenda. Most often users and network administrators won’t know a Trojan horse has corrupted their systems, often with the goal of, again like in the tale, breaking in to a system and then opening the “doors” from the inside allowing other malware to get in.
Involve the modification and dissemination of incorrect and correct information to confuse or mislead. Attacks manifest as defamatory renderings of otherwise appropriate information, the turning of unbiased fact into propaganda, and stock-manipulation schemes. A traditional con made more powerful with the help of computers.
Malware that restricts access to a computer system and demands that a user pay money to the operators of the malware to re-allow access.
DoS and DDoS attacks
“Denial of service” attacks prevent legitimate users from accessing online services, usually by the sending of excessive spam messages that confuse the server to the point where it is unable to operate effectively. Distributed denial of service, DDOS, attacks are larger scale disruptions utilising a network of corrupted systems to flood a server and disrupt an organisation’s digital operations.
Not traditionally a hack, but rather a traditional type of con that utilises the impersonal nature of email and trusting human natures in order to trick individuals into providing private information, network access, money, even romantic love is egregiously solicited through email scams.
‘Phishing’ and ‘spear-phishing’
Baiting an individual or organisation into giving hackers the access or information they want. Phishing usually involves spam – unwanted emails – being sent to millions of account-holders around the world. With a million hooks in the water, there are bound to be some bites. “Spear-phishing” is targeted. Emails land in a user’s inbox and appear to be legitimate, looking like a letter from a client or a memo from a business associate or a message from your bank encouraging you to disclose details such as passwords, account access keys, and private client or business information. Without vigilance, targeted fake communications – spear-phishing lures – can easily go unnoticed by the bleary-eyed office worker who opens the dodgy email at 5pm just before heading home.
Actually not a type but a tactic, employed by cyber-criminals with specific targets. The combination of new, sometimes confusing, digital technologies with the traditional vulnerabilities of individuals – gullibility, trust, uncertainty, hope, anxiety, fear – makes “human hacking’”one of the most successful means of committing a scam. As many have said, “you can have the best security software in the world, it’s only as good as your people”. You’re only as secure as the least vigilant staff member who uses your network and might click on a link they shouldn’t, open a dubious email, leave passwords lying around or, worse, tell passwords to an unknown caller claiming to be from Microsoft. Three-quarters of successful cyber-attacks utilise “social engineering” methods akin to the traditional tricks of the con-artistry trade in combination with some basic computer network knowledge. The danger with this evolving trend is that it doesn’t require vast arrays of expensive supercomputers or servers, or significant programming expertise to be successful. All these cyber-criminals need is a decent understanding of human psychology, and the patience to build up knowledge of the target and familiarity with their operations, to “case the joint”, and wait for the right well-informed, well-prepared moment to strike.