How do cyberattacks happen? What methods do hackers use to carry them out?
When we think about cyberattacks, we often imagine a computer genius doing things that are far too complex for the average person to understand, like this:
It’s true that some attacks are highly sophisticated, but others really aren’t. We can break the various elements hackers exploit down into categories to help understand them:
Software vulnerabilities
Network vulnerabilities
Access rights
Social engineering
Software Vulnerabilities
Software vulnerabilities are flaws stemming from software bugs. These exist in almost all software, from the Windows, macOS, and Linux operating systems, to programs such as Skype, Google Chrome, Firefox, Word, and others.
However, as soon as a vulnerability is found, it must be fixed. This is why software needs to be updated regularly.
Network Vulnerabilities
Vulnerabilities can also occur at the network level.
For example, if company data is communicated between computers on an unencrypted Wi-Fi network, anyone in the vicinity can easily access all the data being exchanged. This includes cookies, which sometimes contain authentication information!
In addition to that, sometimes servers are configured to only require a simple password to connect to them—or worse, no password at all—and routers are sometimes left with the default password (admin/default). (Don’t laugh! It’s more common than you’d think!)
Simple cases of negligence such as these are the cause of many cyberattacks.
Access Control
What happens when people don’t want to deal with setting access control? They give everyone administrator-level access! Logins are shared with colleagues, written on post-it notes around the office, and security goes out the window.
Obviously, this can lead to many issues. In a company where everyone has administrator rights, anyone could make a mistake with disastrous consequences.
On the other hand, it’s also risky to give all the administrator rights to just one person. What if they leave the company without sharing the passwords? What if they suddenly get amnesia?
Social Engineering
This is one of the most widely used means of attack: exploiting vulnerabilities—but this time, the human kind! You’d be surprised at how many people can be manipulated into handing over their password, even though it’s meant to stay top secret.
There are many ways to trick someone—pretending to be a manager over the phone, playing on a person’s emotions, claiming there’s an emergency, making a “copy” of a website (phishing), etc. In all of these cases, a person voluntarily provides information or installs a virus.
Cyberattacks sometimes use more than one means of attack, and these combinations can be devastating.
This is what happened at Equifax, which had an unpatched software vulnerability but also had left its access rights too open. This combination of bad practices made it easier for hackers to strike.
