How Common Types of Cyberattacks Are Evolving
Cyberattacks are ever changing. Read about cyberattacks’ evolution and best practices to protect against new threats.
- Cyberattacks have evolved, as businesses continue to adopt networked devices and digitize operations.
- Supply chain attacks and ransomware have become more common, with cybercriminals growing in sophistication.
- Cybersecurity tools are evolving to meet the challenge.
Simply put, a cyberattack is an intrusion using computers to break into other computers. Examples range from a simple “brute force” attempt, where a criminal tries infinite possible passwords, to sophisticated efforts using pilfered credentials and malware to steal data and shut down networks.
But these descriptions oversimplify the problem, because the types of cyberattacks and attackers keep evolving, along with their tools. As they do, cybersecurity companies such as Mimecast and its partners are increasingly working together to integrate and innovate the defenses against cyberattacks.
Common Types of Cyberattacks
The types of attackers are varied: Cybercriminals are most often motivated by money (accounting for more than two-third of attacks, according to the Verizon 2021 Data Breach Incident Report), but corporate espionage and state-sponsored hacks are also in the mix.[i]
Cyberattack types also vary widely, depending on the attacker, the target and the tactics used, with the risks to businesses falling into four broad categories:
- Ransomware and malware: Cybercriminals have found it profitable to break into networks, encrypt them and demand payment in exchange for the decryption key to regain control. One-third of organizations worldwide were hit in 2021, many of them more than once, with the average ransom estimated at about $250,000 per attack, according to IDC.[ii] Ransomware has become such a common attack in part because some organized crime organizations now sell “ransomware as a service” (RaaS), just as legitimate businesses sell software as a service (SaaS). For a small fee (and a cut of the profits) anyone with lesser coding talents can execute a ransomware attack. Ransomware types have also evolved in sophistication. Rather than merely hold networks for ransom, cybercriminals now engage in double- and even triple-extortion schemes that hold data hostage and threaten to publish it or sell it on the Dark Web if their demands are not met.
- Denial of service (DoS): This type of cyberattack is often used by state-sponsored actors and cyberterrorists — and increasingly by ransomware gangs. It involves knocking a network offline or launching a distributed denial of service attack (DDoS) that achieves the same effect — shutting off access by flooding a network with malicious traffic to overwhelm its capacity.
- Theft of data: Data theft was one of the original cyberattack types, with hackers stealing credit card numbers and personal information. But such data breaches, like most types of cyberattacks, have evolved in size and sophistication. According to the 2021 Ponemon Institute report, the cost of a data breach has hit a record high of $4.24 million.[iii] Compromised credentials are at the root of many of these breaches, Ponemon said, causing nearly 20% of incidents. Bad actors gain access to data in many ways, old and new. Phishing attacks reel in passwords to use as access credentials across company networks. Skimming devices planted at point-of-sale terminals harvest credit card data. Discarded, lost or stolen devices (phones, tablets, laptops) yield fonts of data. Data can also be harvested from improperly disposed documents or during a phone call from a bad guy impersonating a third party.
- Impersonation: This category covers many varieties of phishing, from the simple “claim your prize” email loaded with malware to sophisticated “social engineering” where an urgent email, allegedly from a client, colleague or vendor, convinces a user to perform some harmful task. Attacks such as “whale phishing” and “spear phishing” leverage online or stolen information about executives to trick their employees or partners into doing the cybercriminal’s bidding. The category also includes brand impersonation attacks where criminals create phony websites using lookalike web addresses, also known as “URL phishing.” Such exploits trick users into sharing sensitive information or accepting malicious downloads, all the while thinking they are doing business with a legitimate enterprise. The resulting damage to companies not only includes lost business and remediation costs, but also harm to their reputations and customer relationships.
Brief History of Cyberattack Types
More than 50 years ago, an engineer named Bob Thomas created a self-replicating program meant to move across computers as an experiment. He named it Creeper (after a character in a “Scooby Doo” cartoon) and the computer virus was born.[iv] In the 1980s, with the emergence of personal computers, viruses were weaponized, and with the arrival of the internet, the types of cyberattacks exploded globally.
The types of cyberattacks have evolved along with the technology available to carry them out. With every technology advance, a trailing wave of cybercrime follows:
- The growth of email led to growth in phishing attacks and business email compromise. Because it is cheap and high-volume, email remains the favored attack vector for fraudsters.
- The emergence of the Internet of Things (IoT) led to criminals exploiting connected devices to launch cyberattacks, such as turning smart devices into spam servers for executing DDoS attacks.
- The explosion of mobile communication has led to attacks such as “smishing,” using texts, “vishing” with voice mail and “SIM swapping,” where attackers impersonate a cellphone user and convince the mobile carrier to move that account to a new phone, gaining access to all the apps and passwords in it.
Emerging Cyberattacks Post-Pandemic
When Forrester recently polled executives, it found 92% had experienced a cyberattack that affected their business during the pandemic, and 70% had been hit three or more times.[v] The survey drew a straight line from the workplace adjustments many companies made during the lockdown to the kinds of cyberattacks they experienced.
The pivot to remote work opened new fronts in the battle for cybersecurity that will endure, as enterprises continue to support remote and hybrid work arrangements. After a year of pandemic work, 78% of companies still have some employees working remotely, according to Forrester, which found two-thirds of organizations said cyberattacks targeted remote workers. As companies phase in the “new normal,” Mimecast’s Beyond 2021: The Potential Post-Pandemic Cybersecurity Environment found up to 75% of organizations fear bad guys will exploit vulnerable work-from-home computers to break into their networks.
A number of new tools and cloud servers were deployed quickly to enable collaboration and communication among staffers working from home, adding to the possible vulnerabilities and points of attack available to criminals. Eighty percent of the organizations polled by Forrester said moving business-critical operations to the cloud during the pandemic has increased their cyber risks, and the FBI recently warned businesses to be on guard against email compromise attacks using virtual meeting platforms that have become common tools for staff communication during the work-from-home period.[vi] Almost three quarters of attacks on remote workers were the result of vulnerabilities in systems deployed during the pandemic pivot, according to Forrester.
Shifting targets in the post-COVID landscape of cyber threats include:
- Email: Bad actors have long relied on email as their No. 1 means of attack, but they have also evolved their technology during the pandemic, learning how to leverage artificial intelligence (AI) and machine learning to ramp up their exploits. New types of email-borne malware can also spot signs that it is passing through a “sandbox” or virtual machine used to quarantine suspect code, and not execute their malicious actions until they are clear of the defenses, to avoid being spotted.
- Software vulnerabilities: Businesses pressed to operate more quickly and efficiently are a soft target for cyber thieves, and a spate of supply chain attacks seen in 2020 and 2021 has put enterprises on notice to be more careful and partner with their software vendors to ensure security throughout the supply chain. The risk of this kind of cyberattack is increasing, as bad actors take advantage of software providers’ announcements of patches and updates, then race to exploit vulnerabilities before companies address them. Nokia’s annual threat study found security vulnerabilities shot up in 2020 and 2021, with the rate of infected IoT devices doubling. “2021 has become known as the year of the supply chain attack,” the report concluded.[vii]
- Remote desktop protocol (RDP): Another prevalent mode of attack in the new work environment abuses the remote desktop protocol (RDP), which facilitates home-to-office connections and device support. A joint ransomware advisory from U.S. and international cybersecurity agencies recently listed RDP among cybercriminals’ top three means of entry, alongside phishing and software vulnerabilities.[viii]
Among myriad other innovations, attackers are also using “deepfake” technology to fool security measures tied to biometric identification. Some types of cyberattacks now exploit “access brokerage,” where a hacker or malicious insider sells attackers access to a network to facilitate an exploit. And long-suffered attacks such as cryptojacking persist, as crypto miners plant malware in companies’ computers to steal the processing power they need to harvest cryptocurrency.
How to Prepare for Different Types of Cyberattacks
Protecting against all cyberattack types starts with awareness and training, but many other tools can help defenders protect against all sorts of cyberattack types:
- The Ponemon report found the cost of a data breach involving remote work was more than $1 million higher than average, so protecting that front is a cost-effective way to ensure security and business continuity. With the growth in remote work, companies lean more heavily on defenses such as secure email gateways, virtual private networks and encryption to safeguard remote operations and prevent opening back doors from employees’ homes into office systems.
- Strong security policies, enforced carefully, can prevent many types of cyberattacks. While 81% of remote workers consider data security important, they still chafe at the friction added by policies and security; 44% told Forrester it makes them less productive. Automation and AI tools that enforce compliance while reducing that friction can help maintain security among remote workers; Forrester found 65% of businesses are budgeting more spending on access management technologies in the next year.
- The best defense is a good offense when protecting from supply chain attacks, so good threat intelligence and planning can spot and remediate threats before a breach happens. After the shock of the COVID pandemic, 77% of businesses plan to spend more on solutions to manage software vulnerabilities, according to Forrester.
The Bottom Line
As the types of cyberattacks and attackers continue to evolve, so do the tools to defend against them, leveraging technologies such as AI. Learn how Mimecast is deploying AI as one of its latest innovations supporting companies’ cybersecurity.
[viii] “2021 Trends Show Increased Globalized Threat of Ransomware,” National Security Agency
Abonneer u op Cyber Resilience Insights voor meer artikelen zoals deze
Ontvang al het laatste nieuws en analyses over de cyberbeveiligingsindustrie rechtstreeks in uw inbox
Dank u voor uw inschrijving om updates van onze blog te ontvangen
We houden contact!