What is a Cyberattack?

August 15, 2022

Cyberattack Definition

A cyberattack is an attempt by cybercriminals, hackers or other digital adversaries to access a computer network or system, usually for the purpose of altering, stealing, destroying or exposing information.

Cyberattacks can target a wide range of victims from individual users to enterprises or even governments. When targeting businesses or other organizations, the hacker’s goal is usually to access sensitive and valuable company resources, such as intellectual property (IP), customer data or payment details.

In recent years, cyberattacks have become more sophisticated, increasing the need for a comprehensive cybersecurity strategy and tooling. The shift to the cloud, as well as the explosion of connected devices, are two driving factors behind the need for organizations to modernize and strengthen their digital security capabilities.

What are the Most Common Types of Cyberattacks?

Cybersecurity threats can come in many forms. Here we explore five common types of cyberattacks:

Malware

Malware — or malicious software — is any program or code that is created with the intent to do harm to a computer, network or server. In malware attacks, hackers can employ phishing techniques or exploit network vulnerabilities to access the system.

Ransomware

Ransomware is a type of malware that denies legitimate users access to their system and requires a payment, or ransom, to regain access. A ransomware attack is designed to exploit system vulnerabilities and access the network. Once a system is infected, ransomware allows hackers to either block access to the hard drive or encrypt files on the computer.

Phishing

Phishing is a type of cyberattack that uses email, SMS, phone or social media to entice a victim to share sensitive information — such as passwords or account numbers — or to download a malicious file that will install viruses on their computer or phone.

Man-in-the-Middle Attacks (MITM)

A man-in-the-middle (MITM) attack is a type of cyberattack in which a malicious actor eavesdrops on a conversation between a network user and a web application. The goal of a MITM attack is to surreptitiously collect information, such as personal data, passwords or banking details, and/or to impersonate one party to solicit additional information or spur action.

Denial-of-Service (DoS) Attacks

A Denial-of-Service (DoS) attack is a malicious, targeted attack that floods a network with false requests in order to disrupt business operations. In a DoS attack, users are unable to perform routine and necessary tasks, such as accessing email, websites, online accounts or other resources that are operated by a compromised computer or network. While most DoS attacks do not result in lost data and are typically resolved without paying a ransom, they cost the organization time, money and other resources in order to restore critical business operations.

Learn More

Hackers are always using new and creative techniques to alter, steal or erase data. To stay up to date and read about all the types of cyber attacks you need to know, check out this post:Top 14 Most Common Cyberattacks

Who is Behind Cyberattacks?

A threat actor, also known as a malicious actor, is any person or entity that intentionally causes harm in the digital sphere. They exploit weaknesses in computers, networks and systems to carry out disruptive attacks on individuals or organizations.

Most people are familiar with the term “cybercriminal.” The term “threat actor” includes the typical cybercriminals, but also a whole lot more. Ideologies such as hacktivists (hacker activists) and terrorists, insiders and even internet trolls are all considered threat actors.

2022 CrowdStrike Global Threat Report

The 2022 Global Threat Report highlights some of the most prolific and advanced cyber threat actors around the world. These include nation-state, eCrime and hacktivist adversaries. Read about the most advanced and dangerous cybercriminals out there:

Download Now

Below are some recent cyberattack examples that posed the biggest risk to digital security:

Lemonduck Cryptomining Attack

The recent cryptocurrency boom has driven crypto prices through the roof in the last couple of years. As a result, cryptomining activities have increased significantly as attackers are looking to get immediate monetary compensation. LemonDuck, a well-known cryptomining botnet, targeted Docker to mine cryptocurrency on Linux systems.

Read about the attack here: LemonDuck Botnet Targets Docker for Cryptomining Operations >

Follina Vulnerability

The Follina vulnerability, classified as a zero-day, can be invoked via weaponized Office documents, Rich Text Format (RTF) files, XML files and HTML files. The CrowdStrike Falcon® platform protects customers from current Follina exploitation attempts using behavior-based indicators of attack (IOAs). As described in depth in this CrowdStrike blog about Follina, the Falcon sensor has detection and prevention logic that addresses exploitation of this vulnerability.

Log 4j2 Vulnerability

Log4j2 is an open-source, Java-based logging framework commonly incorporated into Apache web servers. Between late November and early December 2021, a critical vulnerability (CVE-2021-44228) impacting the Log4j2 utility was reported, resulting in several fixes and code revisions from the vendor.

Read about the vulnerability here: Log4j2 Vulnerability “Log4Shell” (CVE-2021-44228) >

PartyTicket Ransomware Attack

On Feb. 23, 2022, destructive attacks were conducted against Ukrainian entities. Industry reporting has claimed the Go-based ransomware dubbed PartyTicket (or HermeticRansom) was identified at several organizations. Analysis of the PartyTicket ransomware indicates it superficially encrypts files and does not properly initialize the encryption key, making the encrypted file with the associated .encryptedJB extension recoverable.

Read about the attack here: PartyTicket Ransomware Reportedly Targeting Ukrainian Entities >

Ways to Prevent an Advanced Cyberattack

Securing your organization’s digital assets has the obvious benefit of a reduced risk of loss, theft or destruction, as well as the potential need to pay a ransom to regain control of company data or systems. Here are a few best practices to keep in mind when thinking about defending against cyber threats:

  • Understand cyber threats: Stay informed about the latest cyber threat tactics and don’t click suspicious links.
  • Have secure networks: Avoid public Wi-Fi networks where cybercriminals can see what you browse. Instead, install a virtual private network (VPN) to ensure a secure connection to the internet.
  • Install security software: Protect all devices with security software and make sure to keep the software updated.
  • Employee training: Provide education to employees at your organization so they understand common cyber attack tactics and best practices.

To mitigate damages from a cyberattack, use these best practices:

  • Backup your data: Back up your important files in the cloud or on an external hard drive. If you have had a ransomware incident, you can wipe your device and reinstall based on the backup.
  • Secure your backup data: Threat actors often look for data backups to encrypt or delete along with the attack. Make sure to back up your important data separately from the system where the data is used.
  • Install security software: An endpoint protection solution can detect cyberattacks and stop the encryption of files on your network before the the threat spreads.

CrowdStrike Cyberattack Prevention Solution

A comprehensive cybersecurity strategy is absolutely essential in today’s connected world. CrowdStrike Falcon® Platform’s single lightweight-agent architecture prevents attacks on endpoints on or off the network. CrowdStrike’s expert team proactively hunts, investigates and advises on activity in your environment to ensure cyber threats are not missed.

Key Features:

AI-Powered Next-Generation Antivirus

Falcon Prevent™ protects against the entire threat spectrum without requiring daily updates. The best prevention technologies like machine learning, AI, indicators of attack (IOAs), exploit blocking and more are combined to stop ransomware and malware-free and fileless attacks.

Intelligent EDR

Falcon Insight™ prevents silent failure by capturing raw events for automatic detection of malicious activity, providing unparalleled visibility, proactive threat hunting and forensic investigation capabilities.

Industry Leading Threat Intelligence

CROWDSTRIKE FALCON® INTELLIGENCE™ enables full understanding of threats in an environment and the ability to automatically investigate incidents and accelerate alert triage and response. CrowdStrike Falcon® Intelligence automatically determines the scope and impact of threats found in your environment.