What Is a Cyber-Attack?

A cyber-attack is any malicious activity designed to compromise, interfere with, deny access to, or destroy information systems or their data. Cyber-attacks seek to unlawfully access or damage computers, networks, and computing systems to inflict harm. Such assaults can incapacitate or take control of digital environments, as well as modify, obstruct, erase, manipulate, or expropriate data stored within these frameworks.

Perpetrated by single entities or collectives, cyber-attacks deploy diverse tactics for motives ranging from monetary profit and operational disruption to retribution or engaging in cyberwarfare. Threats can be from internal users who fall victim to a phishing attack or an outsider who finds a vulnerability in a web application and exploits it. Cyber-attacks are a primary concern for businesses that can lose millions in lost revenue, brand damage, and litigation costs should a threat successfully breach a system and steal data.

An adversary’s motivation to launch a cyber-attack informs their chosen tactics and targets. The reasons behind digital onslaughts are as varied as they are complex, underscoring the multifaceted nature of cybersecurity threats.

• Financial gain: Arguably the most common driver, financial gain compels attackers to engage in illicit activities such as deploying ransomware, orchestrating phishing campaigns, or spreading malware. These endeavors can siphon funds directly from victims or hold critical data for ransom.
• Data theft: Hackers infiltrate systems to pilfer sensitive information that can be sold on dark markets, leveraged for competitive edges, used in hacktivism efforts, or even used maliciously against individuals.
• Curiosity or amusement: A subset of cyber incidents occurs not out of malice but curiosity or a desire for entertainment. Some individuals test their hacking abilities—driven by a sense of challenge rather than profit.
• Cyber warfare: Attackers launch these strategic assaults to undermine national security or destabilize critical infrastructures. Such operations might disrupt essential services like electricity and communications with objectives ranging from psychological impact to tactical advantage in broader geopolitical conflicts.
• Ideological motivations: Certain cyber-attacks stem from deep-seated ideological convictions wherein perpetrators target entities that represent opposing viewpoints. Their actions seek not just disruption but also public shaming—to starkly highlight perceived injustices or differences.
• Personal grievances: Sometimes, the source of a cyber-attack is closer to home. Discontented employees or insiders with access might initiate attacks out of spite or personal vendettas. These actions can range from data theft to deliberate sabotage to harm their current or former employers in retribution for perceived wrongs.
• Ego-driven actions: Individuals engage in cyber-attacks to stroke their egos. For example, an ex-employee seeks revenge against their previous company. They aim to demonstrate their value by exposing vulnerabilities, causing disruption, and proving how indispensable they were—a quest driven more by pride than any material gain.

The myriad motivations behind cyber-attacks make it clear that defending against them requires more than technological solutions. It necessitates a social awareness approach that considers human factors as well. Recognizing the diverse motives helps organizations develop comprehensive cybersecurity strategies. By doing so, they not only address potential technical weaknesses but also foster a culture of vigilance and resilience.

Cyber-attacks are primarily the work of a diverse array of perpetrators, ranging from state-sponsored groups to independent non-state actors. Drawing upon a warning issued by the Cybersecurity and Infrastructure Security Agency (CISA), alongside the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI), a spotlight has been cast on the alarming potential of cyber threats.

These threats are often orchestrated by Chinese state-sponsored actors, as evidenced in incidents involving the group known as Volt Typhoon—also recognized by monikers such as Vanguard Panda and BRONZE SILHOUETTE. This group has penetrated the IT frameworks of various critical infrastructure sectors within the United States, including communications, energy, transportation systems, and water and wastewater systems.

The landscape of cyber warfare is vast and complex. According to data from the European Repository of Cyber Incidents (EuRepoC), between 2000 and 2023, there were 2,506 politically motivated cyber-attacks worldwide, executed by 679 identified actors or groups. These incidents spanned politically charged and apolitical attacks targeting political figures, parties, or infrastructure, carried out by sovereign entities and non-state actors driven by political motives.

Statistically, a significant portion of these attacks traces back to specific nations, with nearly 12 percent originating from China, closely followed by Russia at 11.6 percent. Iran and North Korea also figure prominently, responsible for 5.3 percent and 4.7 percent of such incidents, respectively. However, a large fraction of these cyber offenses—45 percent—remains unattributed, leaving the country of origin for many attacks unidentified.

The analysis further reveals that approximately one-third of politically motivated cyber-attacks are conducted by state-affiliated groups or directly by the states themselves. An equivalent proportion is executed by non-state actors pursuing political agendas. Concerningly, about half of the recorded attacks target political entities, including public figures and political parties, while nearly 20 percent are aimed at vital infrastructures.

This diverse array of perpetrators highlights the global and varied nature of cyber threats, emphasizing the need for robust cybersecurity measures and international cooperation to safeguard critical infrastructures and democratic institutions.

Cyber-attacks target a range of resources with vulnerabilities to exploit. These nefarious activities primarily target:

• Money: Hackers often directly target financial assets. This could involve draining bank accounts through fraudulent transactions or deploying ransomware to lock users out of their systems until a ransom is paid.
• Financial data: Accessing an organization’s financial records can provide insights into its accounts, revenue streams, and financial health, which attackers can use for market manipulation or direct theft.
• Client lists: Possessing detailed lists of a business’s clients can enable attackers to launch targeted phishing campaigns, leveraging the trust between the business and its clients for deceptive ends.
• Customer data: The theft of personally identifiable information (PII) or other sensitive personal data like social security numbers, credit card details, and home addresses poses significant risks to individuals’ privacy and financial security.
• Email addresses and login credentials: By obtaining email addresses and passwords, attackers gain unauthorized access to private communications and potentially all linked digital services that share those credentials. This enables further attacks, such as account takeovers.
• Intellectual property: Stealing intellectual property, like trade secrets or product designs, undermines the competitive advantages of businesses in their respective industries. Such IP can range from proprietary software code to innovative manufacturing techniques that took years of research and development.
• Network infrastructure: Attackers try to disrupt network infrastructure—servers, routers—to cause operational interruptions within organizations.
• Employee personal information: Targeting employees’ personal information compromises individual privacy and facilitates spear-phishing tactics explicitly designed around stolen identities.
• Health records: In healthcare breaches, medical histories and insurance details become prime targets for potential misuse in fraud schemes.

The above illustrates the vast scope of potential cyber-attack targets. Perpetrators choose a target based on their motives—from immediate monetary gain through cyber extortion and ransomware scenarios to long-term espionage goals jeopardizing intellectual properties.

Every day, attackers focus on breaching internet resources. Compromises plague large and small businesses, but not every incident makes national news. Small businesses often don’t consider themselves a target of cyber crime, but attackers know that small businesses lack the resources necessary to detect sophisticated attacks.

Here are a few of the latest cyber-attacks:

• The MOAB breach in January 2024, commonly referred to as the “Mother of all Breaches,” involved the discovery of a database containing a staggering 26 billion leaked data records. The breach impacted numerous companies and organizations, including major names like Tencent QQ, Weibo, MySpace, Twitter, Deezer, LinkedIn, Adobe, Canva, and Dropbox. Due to the vast amount of exposed information, the breach poses serious risks involving identity theft, phishing schemes, targeted cyber-attacks, and unauthorized access to personal and sensitive accounts.
• In February 2024, hackers minted 1.79 billion in crypto tokens from the PlayDapp gaming platform. The attack centered on the unauthorized use of a stolen private key to generate and steal over 1.79 billion PLA tokens, the primary cryptocurrency used on the PlayDapp platform. The hacker’s unauthorized wallet minted 200 million PLA tokens valued at $36.5 million, creating quite a stir in the cryptocurrency community.
• A massive cyber-attack in January 2024 involved the scraping of data from Trello. On this popular project management platform, the personal details of more than 15 million users were put up for sale on the dark web. The breach, carried out by cyber criminals known as “emo,” compromised sensitive information, including users’ email addresses, names, and usernames.
• The ransomware attack on Johnson Controls International in September 2023 resulted in expenses exceeding $27 million. The cyber criminals behind the attack, known as Dark Angels, claimed to have stolen over 27 TB of data from Johnson Controls and demanded a $51 million ransom for the decryption and deletion of the stolen files.
• In August of 2023, Dollar Tree was hit by a supply chain cyber-attack by a third-party service provider named Zeroed-In Technologies. The attack affected approximately 2 million people by compromising personal information such as names, birth dates, and social security numbers.

Three of these recent cyber incidents occurred within a single month. That’s not surprising when you consider that a new vulnerability is discovered daily, giving attackers the leverage necessary to steal data. No business should assume that it’s not a target. Every business should prioritize cybersecurity to protect its digital assets and customer data.

We’re accustomed to reading about significant breaches that affect government agencies and millions of users. However, the reality is that more minor breaches are a daily occurrence; they just don’t make the headlines. In fact, the past few decades have seen unprecedented cyber-attacks that taught their targeted victims the importance of cybersecurity.

Here are a few of the biggest data breaches in history:

• 1999 – NASA and the US Department of Defense. In 1999, NASA suffered a data breach when a 15-year-old hacker exploited a router vulnerability and stole source code for software used to control temperature and humidity for NASA’s space station. The breach caused 21 days of downtime and cost NASA $41,000.
• 1999 – The Melissa Virus. The first large mass-mailing macro leveraged Microsoft Word and Outlook to send email messages to all victim contacts. When these contacts opened the attached Word document, their contacts received the same message. The virus spread exponentially and cost $80 million worldwide.
• 2017 – WannaCry. Although ransomware was around for years before WannaCry launched, the world had never seen this level of sophisticated cyber-attack that quickly crippled business systems across the globe. It spawned several variants and continues to be the foundation for many ransomware attacks.
• 2017 – Equifax. After months of leaving outdated software installed on web servers, Equifax experienced a massive data breach when attackers exploited unpatched software and stole millions of consumers’ financial and personal information. The carelessness on Equifax’s part cost them millions of dollars in litigation and reparations.
• 2020 – World Health Organization. During coronavirus research, attackers accessed 25,000 email addresses and passwords for the World Health Organization and Gates Foundation. It’s unclear how attackers gained access, but it’s thought that it could have come from a phishing attack.

According to the 2024 World Economic Forum’s Global Risks Report, cybersecurity and AI threats are identified as among the most significant global risks for the next decade, emphasizing the critical importance of addressing cyber threats and vulnerabilities on a global scale.

The global average cost per data breach was $4.45 million in 2023, based on IBM’s latest Cost of a Data Breach Report. Additionally, the average cost of a ransomware attack in 2023 was $4.54 million, with the average ransomware payment skyrocketing by 518% in 2021 to $570,000. The United States holds the title for the highest cost of a data breach for the 12th consecutive year, with an average cost of $5.09 million, which is $9.44 million total globally.

Digital crime and cyber-attacks increased by 600% “post-pandemic,” mainly because users now work from home and don’t have enterprise-level cyber defenses on their personal devices. Worldwide, costs are estimated to skyrocket by 2025 to over $10.5 trillion globally, up from $3 trillion in 2015.

The costs associated with a cyber-attack are severe and can strain an organization financially. Indirect costs to consider include:

• Revenue loss.
• Downtime, causing a loss of productivity.
• Reputational damage leading to lower sales and constrained growth.
• Business continuity issues.
• Litigation and reparation costs.

“Cyber-attack” is an umbrella term used to describe a digital threat. These threats use various exploits and vectors, but they all cause downtime, data damage, theft, and malware installation. The type of threat determines the incident response steps necessary to eradicate the threat, but every breach requires the right experts to investigate, contain, and remove vulnerabilities.

Here are a few common threats that organizations should consider when defining their cybersecurity plan:

• Phishing: Email is the most common form of attack, but attackers also use text messages and voice calls to trick users into divulging sensitive information. A successful phishing attack can be avoided by using email security and filters.
• Malware: Any malicious code or executables on the network could open the organization to sophisticated malware attacks, such as ransomware. Attackers install malware using phishing attacks, malicious web pages, and USB devices.
• Man-in-the-middle (MitM): When users connect to corporate networks using public Wi-Fi hotspots, they open their devices to the risk of MitM attacks. VPN connections help stop these attacks.
• Distributed denial-of-service (DDoS): Administrators have no warning before a DDoS occurs, so its swift and sudden attack exhausts resources and causes downtime. Some cybersecurity systems detect a DDoS early during the attack so administrators can react quickly.
• SQL injection: Malformed SQL statements injected into the input and sent to a database server can be leveraged to retrieve data, damage database objects (e.g., tables), and elevate permissions. Developers should always validate SQL input and avoid building queries from strings and user input.
• Zero-day exploit: Targeting software vulnerabilities before a patch is available enables cyber-attackers to exploit them in organizations using the software.
• DNS tunneling: DNS tunneling is a stealthy attack method that allows attackers to communicate non-DNS traffic over DNS channels for malicious purposes like data exfiltration and command and control callbacks.
• Spoofing: These cyber-attacks involve a malicious actor impersonating a legitimate entity to gain unauthorized access, deceive users, or carry out fraudulent activities. Spoofing can include tactics like IP spoofing, email spoofing, or website spoofing.

Recent trends and statistics involving cyber-attacks reveal a landscape of increased frequency and sophistication in cyber threats. Here are some key insights worth noting:

• Frequency and impact: According to a report from Astra, there are 2,200 cyber-attacks per day, with a cyber-attack happening every 39 seconds on average. In the US, a data breach costs an average of $9.44 million, and cyber crime is predicted to cost $9.5 trillion in 2024.
• Types of attacks: The most common types of attacks on small businesses include phishing/social engineering (57%), compromised/stolen devices (33%), and credential theft (30%), according to Ponemon Institute’s Global Risk Report.
• Industries targeted: Industries like banks, financial institutions, healthcare institutions, and corporations are common targets due to the sensitive data they hold.
• Human error is the costliest mistake: Based on the World Economic Forum’s Global Risks Report, which surveyed over 1,000 participants, 95% of all cybersecurity breaches can be traced to human error.
• Web application vulnerabilities: According to a report by Positive Technologies, 98% of web applications are vulnerable to attacks that can lead to malware, redirection to malicious websites, and more. Seventy-two percent of vulnerabilities are due to flaws in web application coding.
• Global costs: Worldwide cybercrime costs are estimated to reach $10.5 trillion annually by 2025, emphasizing the need for enhanced cybersecurity measures. The global average cost of a data breach in 2023 was $4.45 million, based on IBM’s Cost of Data Breach Report.
• Data breach detection: Research by Thought Lab Group indicates the average time to detect a data breach is 118 days, highlighting the importance of improving detection capabilities for faster response times.
• Preparation and protection: Organizations are advised to invest in network security solutions like Intrusion Detection Systems (IDSs), conduct penetration testing, and consider using AI tools for cybersecurity.
• Cyber insurance: One in three US companies has purchased data breach insurance coverage or cyber liability insurance. The cyber insurance market is projected to reach $20 billion by 2025, according to experts at Alliance Global.

These statistics underscore the vital importance of robust cybersecurity measures to protect against the growing threat of cyber-attacks across various sectors.

Detecting cyber-attacks is an intricate dance of vigilance and sophisticated technology. As digital threats evolve, so too do the methods for identifying them. Below are key cybersecurity measures that organizations and individuals can employ to spot potential breaches:

• Intrusion Detection Systems (IDS): These systems are the watchtowers of network security, continuously monitoring network traffic for suspicious activity or known threats based on a database of signatures. An IDS alerts administrators about possible incidents, allowing for swift action.
• Security Information and Event Management (SIEM) Solutions: SIEM platforms offer a more holistic approach by aggregating data from various sources within an IT environment (firewalls, antivirus programs) and applying analytics to detect anomalies that could indicate malicious activities.
• Endpoint Detection and Response (EDR): EDR tools focus on endpoint devices (computers, mobile devices) where they monitor behaviors in real-time. By analyzing patterns and spotting deviations from normal operations, these solutions help identify potentially harmful actions caused by malware or other attacks.
• Antivirus Software: While traditional antivirus software primarily guards against known viruses through signature-based detection, modern versions have evolved to use heuristic analysis techniques to predict new malware variants based on code behavior similarities with existing specimens.
• Firewalls: Acting as gatekeepers between secure internal networks and untrusted external ones such as the Internet. Firewalls enforce rules that block unauthorized access while permitting outward communication—a foundational layer in preventing intrusions.
• Behavioral Analytics Tools: Employing user and entity behavior analytics (UEBA), these tools analyze patterns related to human interaction with systems and data over time. Deviations from established norms might signal account compromises or insider threats.

Each measure has unique strengths in contributing to an overarching defensive strategy against cyberattacks. By integrating multiple layers of detection mechanisms—an approach often referred to as “defense-in-depth”—organizations enhance their ability to detect and effectively respond to cyber adversities.

To prevent cyber-attacks, every organization needs a strategy. Strategies cover the infrastructure, software, policies, and training necessary to stop threats. No strategy can eliminate risk 100%, but it can reduce it significantly and provide ways for organizations to respond and recover quickly.

Here are a few ways organizations can prevent data breaches and downtime from attacks:

• Create cybersecurity policies: These policies usually require a professional to cover every vector. Policies tell administrators and employees how to handle attacks such as phishing, social engineering, spam, and physical threats (e.g., piggybacking).
• Penetration test software: Before deploying to production, always conduct a security review and penetration test of code to catch vulnerabilities. Remediate these vulnerabilities before deployment.
• Offer company-wide security training: Train all employees to detect phishing and social engineering and to report it rather than engage with attackers. Proofpoint security awareness training offers a unique people-centric approach that can reduce successful phishing attacks and malware infections by up to 90%. Their solution has been named a “Leader” by Gartner in its Magic Quadrant for six years in a row.
• Employ strict password policies and MFA: Require all employees and accounts associated with the organization to create unique and strong passwords to enhance security. Enable multifactor authentication (MFA) to add an extra layer of security and reduce the risk of being hacked.
• Implement threat intelligence and monitoring applications: Most organizations use a SIEM (security information and event management) to help them analyze events and alert administrators to suspicious network activity.
• Deploy intrusion detection systems: An intrusion detection system (IDS) helps administrators detect and block potential attacks. These systems work with prevention systems to automatically block access should an attacker find a vulnerability.
• Keep frequent backups: Backups are the ultimate failsafe should ransomware or other malware damage data and applications. A backup strategy is a part of a good disaster recovery plan and improves business continuity.
• Install firewalls and use secure Wi-Fi networks: Ensure Wi-Fi networks are secure to prevent unauthorized access and potential infections. Use firewalls to protect networks from various types of cyber-attacks and unauthorized access.

A global leader in cybersecurity, Proofpoint helps organizations protect against cyber-attacks by offering a comprehensive suite of cybersecurity solutions that focus on safeguarding data, detecting and blocking advanced threats, ensuring compliance, and providing visibility into potential risks. Proofpoint reinforces organizations’ cybersecurity posture through a strategic combination of products and solutions, including:

• Email Security and Protection: Proofpoint helps protect against advanced email threats like malicious attachments, URLs, zero-day threats, ransomware, polymorphic malware, weaponized documents, credential phishing attacks, and business email compromise (BEC).
• Advanced Threat Protection: Proofpoint’s ATP solution provides a comprehensive defense mechanism against advanced cyber threats that target people through email, mobile apps, and social media. It’s designed to identify known threats as well as new, never-before-seen attacks that utilize malicious attachments and unsafe URLs.
• Identity Threat Detection and Response: This solution provides zero-hour threat detection, URL defense, attachment defense, and data loss prevention (DLP) capabilities to identify and block advanced threats effectively.
• Information Protection and Security: Proofpoint’s data protection solutions include email encryption, social media account protection, outbound filtering, and robust DLP features to safeguard sensitive data and prevent data loss incidents.
• People-Centric Security: Proofpoint emphasizes a people-centric approach to cybersecurity by considering employees as the new perimeter. By defending users wherever they work and providing the right insights, technology, and training, Proofpoint helps organizations strengthen their first line of defense against cyber threats.

Through these measures and a commitment to continuous innovation and global intelligence gathering, Proofpoint equips organizations with the tools needed to proactively detect, respond to, and mitigate cyber-attacks effectively. For more insight, contact Proofpoint.