Discover Who the Attackers Are
There are many different attacker profiles, each with different skills, resources and motivations. They may be part of an organized group or operate alone. The way they prefer to operate and the sectors they prefer to target also vary from one attacker to another, depending on their objectives.
Other terms for attackers you may come across include malicious hackers, cyberattackers, threat actors and cyberpirates.
What are the different attacker profiles and what motivates them?
Let’s find out in this video:
In our example of ransomware on the Everwell Hospital, Jo’s objective is financial gain by extracting a ransom payment or by selling on the health data stolen from the hospital’s information system.
Like everything else in the world of cybersecurity, attackers are constantly evolving and adapting to new means of protection. A few major trends have emerged over the past few years:
Attackers are becoming much more professional in how they operate and are often part of large organizations that are run like any other business. Attackers specialize in a particular area: some develop the attack tools, others monitor targets, and so on.
Increasing numbers of attack tools are available on the dark web, where attackers can find phishing campaigns and malware in all price ranges!
As organizations’ IT systems become increasingly interconnected, the attack surface is increasing. This is also true for private individuals, whose use of smart devices and appliances continues to grow, giving attackers a new way of gaining access to a target.
You’ve now learned about typical attacker profiles and what motivates them, but what kind of attacks can they carry out? Let’s find out!
Discover the Most Common Types of Attack
Cyberattacks are everywhere! When you read about them in the news, you’ll often come across complicated words like “denial of service,” “malware,” “ransomware” and so on.
What types of attack can affect organizations or individuals?
We'll be looking at some of the most common attacks and their key features, but if you want to find out about recent attacks, I suggest you search for them on your favorite news sites! Wikipedia also provides some examples.
Distributed Denial-of-Service (DDoS) Attacks
The aim of a DDoS attack is to prevent an organization from operating normally by, for example, making its website unavailable. In more technical terms, an army of bots sends a large number of requests to the website all at the same time. The site struggles to cope with the huge number of incoming requests and crashes, meaning it’s no longer available to users inside or outside the organization. It becomes saturated.
This type of attack affects an organization’s operations and damages its brand image. It’s often used to sabotage an organization.
Social Engineering Attacks
Social engineering attacks are designed to exploit human errors or behavior to gain access to information or services. You’re already familiar with phishing, the social engineering technique that led Sam into Jo’s trap! Phishing can also be a way of penetrating an information system in preparation for a larger-scale attack.
The impacts of this type of attack are mainly financial and legal, as the attacker gains unauthorized access to data. Cybercriminals often use it to steal data, and other types of attackers use it when looking for a way into an information system.
Phishing is the type of attack that most affects private individuals like you. You’ve probably received emails, text messages or even phone calls trying to trick you into disclosing personal information (passwords, credit card details, etc.). You need to keep your wits about you to detect these phishing attempts!
Malware Attacks
The aim of a malware attack is to paralyze an organization’s information system or an individual’s computer. You may have already heard of certain types of malware, including worms, Trojan horses and computer viruses.
These days, attackers often combine these different types of attack to break into a target information system. As you saw with the attack on the Everwell Hospital, Jo used a phishing email to introduce malware onto a computer, which she then used to spread the ransomware.
Supply Chain Attacks
Another type of attack involves attacking a target via one of its suppliers. This is known as a supply chain attack. There are two stages to the attack: the first on the supplier’s information system, then the second on the final target. The increasing use of outsourced services (software, cloud providers, etc.) has made this type of attack much easier.
For example, an attacker could attack Company A by breaking into the computer system of the software vendor that supplies Company A with its payroll software. If Company B, which supplies the payroll software, is not adequately secured, an attacker can easily introduce malicious code into the software. It’s not just Company A that uses this software, though. So, when the malicious code is rolled out during a routine software update, it could make it easier for an attacker to break into the other customers’ information systems, too.
Let’s Recap!
In this chapter, you learned that cyberattacks are now happening everywhere.
You’re now familiar with the main attacker profiles and know that their resources and motivations are varied.
You also know which types of attack are the most common.
So, you now have a good understanding of the ecosystem on the attacker’s side. If you’d like to find out more about defenses against cyberattacks and the various job roles involved, it’s time to move on to the next part. But not until you’ve done the quiz!
