A cyber-attack is any attempt to gain unauthorized access to a computer,
computing system or computer network with the intent to cause damage. Cyber- attacks aim to disable, disrupt, destroy or control computer systems or to alter, block, delete, manipulate or steal the data held within these systems.
A cyber-attack can be launched from anywhere by any individual or group
using one or more various attack strategies.
People who carry out cyber-attacks are generally regarded as cybercriminals.
Often referred to as bad actors, threat actors and hackers, they include individuals who act alone, drawing on their computer skills to design and execute malicious attacks. They can also belong to a criminal syndicate, working with other threat actors to find weaknesses or problems in the computer systems -- called vulnerabilities -- that can be exploited for criminal gain.
Types of Cyber-attacks: -
Cyber-attacks most commonly involve the following:
1. Malware, in which malicious software is used to attack information
systems. Ransomware, spyware and Trojans are examples of malware. Depending on the type of malicious code, malware could be used by hackers to steal or secretly copy sensitive data, block access to files, disrupt system operations or make systems inoperable. 2. Phishing, in which hackers socially engineer email messages to entice recipients to open them. The recipients are tricked into downloading the malware contained within the email by either opening an attached file or embedded link. 3. Man-in-the-middle, or MitM, where attackers secretly insert themselves between two parties, such as individual computer users and their financial institution. Depending on the details of the actual attack, this type of attack may be more specifically classified as a man-in-the- browser attack, monster-in-the-middle attack or machine-in-the- middle attack. It is also sometimes called an eavesdropping attack. 4. DDoS, in which hackers bombard an organization's servers with large volumes of simultaneous data requests, thereby making the servers unable to handle any legitimate requests. 5. SQL injection, where hackers insert malicious code into servers using the Structured Query Language programming language to get the server to reveal sensitive data. 6. Zero-day exploit, which happens when a newly identified vulnerability in IT infrastructure is first exploited by hackers. 7. Domain name system (DNS) tunnelling, a sophisticated attack in which attackers establish and then use persistently available access -- or a tunnel -- into their targets' systems. 8. Drive-by, or drive-by download, occurs when an individual visits a website that, in turn, infects the unsuspecting individual's computer with malware. 9. Credential-based attacks happen when hackers steal the credentials that IT workers use to access and manage systems and then use that information to illegally access computers to steal sensitive data or otherwise disrupt an organization and its operations.