What is a Cyberattack

March 18, 2021

What Is a Cyberattack?

A cyberattack is an attempt by cybercriminals, hackers or other digital adversaries to access a computer network or system, usually for the purpose of altering, stealing, destroying or exposing information.

Cyberattacks can target a wide range of victims from individual users to enterprises or even governments. When targeting businesses or other organizations, the hacker’s goal is usually to access sensitive and valuable company resources, such as intellectual property (IP), customer data or payment details.

In recent years, cyberattacks have become more sophisticated, increasing the need for a comprehensive cybersecurity strategy and tooling. The shift to the cloud, as well as the explosion of connected devices, are two driving factors behind the need for organizations to modernize and strengthen their digital security capabilities.

Four Common Types of Cyberattacks

Cybersecurity threats can come in many forms. Here we explore four common types of cyberattacks: malware, ransomware, phishing, and man-in-the-middle attacks (MITM).


Malware — or malicious software — is any program or code that is created with the intent to do harm to a computer, network or server.

In malware attacks, hackers can employ phishing techniques or exploit network vulnerabilities to access the system. Most malware applications start by ensuring a means of persistent access, allowing the adversary to slip into the network at will. Once inside, the malware takes control of the system with the intention of transmitting sensitive information such as customer data, IP or images from a device’s camera back to the malware owner.


Ransomware is a type of malware that denies legitimate users access to their system and requires a payment, or ransom, to regain access. A ransomware attack is designed to exploit system vulnerabilities and access the network. Once a system is infected, ransomware allows hackers to either block access to the hard drive or encrypt files on the computer.

In ransomware attacks, adversaries usually demand payment through untraceable cryptocurrency. Unfortunately, in many ransomware attack cases, the user is not able to regain access, even after the ransom is paid.


Phishing is a type of cyberattack that uses email, SMS, phone or social media to entice a victim to share sensitive information — such as passwords or account numbers — or to download a malicious file that will install viruses on their computer or phone.

Major brands and government agencies often fall victim to being impersonated by phishing attackers in order to increase the success rate of retrieving information.

Man-in-the-Middle Attacks (MITM)

A man-in-the-middle (MITM) attack is a type of cyberattack in which a malicious actor eavesdrops on a conversation between a network user and a web application. The goal of a MITM attack is to surreptitiously collect information, such as personal data, passwords or banking details, and/or to impersonate one party to solicit additional information or spur action. These actions can include changing login credentials, completing a transaction or initiating a transfer of funds.

While MITM attackers often target individuals, it is a significant concern for businesses and large organizations as well. One common point of access for hackers is through software-as-a-service (SaaS) applications. Attackers can use these applications as an entryway to the organization’s wider network and potentially compromise any number of assets, including customer data, IP or proprietary information about the organization and its employees.

Other Types of Cyberattacks

Denial-of-Service (DoS) Attacks

A Denial-of-Service (DoS) attack is a malicious, targeted attack that floods a network with false requests in order to disrupt business operations. In a DoS attack, users are unable to perform routine and necessary tasks, such as accessing email, websites, online accounts or other resources that are operated by a compromised computer or network. While most DoS attacks do not result in lost data and are typically resolved without paying a ransom, they cost the organization time, money and other resources in order to restore critical business operations.

Cross Site Scripting (XSS)

Cross Site Scripting (XSS) is a code injection attack in which an adversary inserts malicious code within a legitimate website. The code then launches as an infected script in the user’s web browser, enabling the attacker to steal sensitive information or impersonate the user. Web forums, message boards, blogs and other websites that allow users to post their own content are the most susceptible to XSS attacks.

SQL Injection

SQL Injection attacks are similar to XSS in that adversaries leverage system vulnerabilities to inject malicious SQL statements into a data-driven application, which then allows the hacker to extract information from a database. Hackers use SQL Injection techniques to alter, steal or erase data.

Zero Day Attacks

A zero-day exploit is a security vulnerability or software flaw that a threat actor can target with malicious code before the software developer releases a patch.

The CrowdStrike Global Threat Report, an annual report detailing unique insights about the global threat landscape and best practices for organizations looking to amplify their cybersecurity maturity, identified several emerging trends in the cybersecurity landscape. Key findings from the 2021 Global Threat Report include:

  • Proliferation of supply chain attacks, ransomware, data extortion and nation-state threats.
  • An uptick in ransomware and big game hunting techniques, particularly in the healthcare industry as driven by nation-state adversaries seeking to steal valuable data seeking COVID-19 vaccine research.
  • Unprecedented growth in eCrime, with nearly four out of five interactive intrusions uncovered in 2020 being driven by eCrime actors.
  • Increased use of data extortion techniques accelerated by the introduction of Dedicated Leak Sites (DLS).

2022 CrowdStrike Global Threat Report

Download the 2022 Global Threat Report to find out how security teams can better protect the people, processes, and technologies of a modern enterprise in an increasingly ominous threat landscape.

Download Now

Who Is Responsible for Cyberattacks?

The 2021 Global Threat Report also highlights some of the most prolific and advanced cyber threat actors around the world. These include nation-state, eCrime and hacktivist adversaries. Our latest report identifies the following organizations as among the most advanced and dangerous cybercriminals.

Most Dangerous Cyberattacks to Date: Actor Spotlights

Wizard Spider

A big game hunter actor and established eCrime “megacorp,” Wizard Spider was the most reported criminal adversary in 2020. Activity from this adversary started off slow and sporadic but progressively ramped up operations through the remainder of the year. This criminal group is one of the most formidable adversaries thanks to its diverse toolset.

Wicked Panda

Wicked Panda Adversary

Wicked Panda, a suspected China-based adversary, continues to be one of the most prolific adversaries tracked by CrowdStrike Intelligence. The adversary began 2020 by conducting a wide-ranging campaign focused on exploiting multiple vulnerabilities.

Labyrinth Chollima
Labyrinth Chollima is a targeted intrusion adversary with a likely nexus to the Democratic People’s Republic of Korea (DPRK). It was one of the most prolific and most active targeted-intrusion DPRK adversaries tracked by CrowdStrike Intelligence.

Nation-State Actors

The CrowdStrike Intelligence team also tracks the activities of nation-states. Below are the nation-state actors identified in the 2021 Global Threat Report as posing the biggest risk to digital security:

Chinese Threat Adversaries
Chinese threat actors have been observed targeting technology, energy and healthcare sectors. During the past year, CrowdStrike has identified an uptick in China-based adversaries, due in part to the souring U.S.-Sino relations.

Iranian Threat Adversaries
Iranian hackers have boosted their efforts through the adoption of new tactics, techniques and procedures (TTPs) this year. These new TTPs include things such as strategic web compromise (SWC) campaigns and mobile malware, and have been used to target regional rivals, contain dissident activity and expand their “soft war” campaigns.

North Korean Adversaries
Despite diplomatic overtures, DPRK-based adversaries appear to have increased their activity this year. Among their goals, the financial sector and inter-Korea related intelligence stand out as priorities among DPRK actors.

Russian Threat Adversaries
Russian hackers continue to be among the most active and destructive among nation-state adversaries. Top targets include the Ukrainian government, law enforcement and military entities.

Protecting the Organization from Advanced Cyber Threats

A comprehensive cybersecurity strategy is absolutely essential in today’s connected world. From a business perspective, securing the organization’s digital assets has the obvious benefit of a reduced risk of loss, theft or destruction, as well as the potential need to pay a ransom to regain control of company data or systems. In preventing or quickly remediating cyberattacks, the organization also minimizes the impact of such events on business operations. Finally, when an organization takes steps to deter adversaries, they are essentially protecting the brand from the reputational harm that is often associated with cyber events — especially those that involve the loss of customer data.