Top 5 Cyberattacks and How They Happen
“There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.” — Former Executive Chairman and CEO of Cisco John Chambers
Every day, countless businesses fall victim to cybercrime. With cyberattacks constantly evolving and growing at an unprecedented rate, and industry regulations getting stricter, cybersecurity has become even more challenging. Cyberattacks are inescapable as long as businesses continue to operate online and in today’s digital-first world, solely conducting business offline is not an option.
For cybercriminals, the size of a company doesn’t matter as long as they can make a profit. Any individual or company with an online presence can become a target. When it comes to cyberattacks, it’s only a matter of time. The only way to overcome these threats is to prepare in advance so you can quickly respond to and recover from catastrophic cybersecurity incidents. The first step to building a more resilient business is knowing what you are up against. After all, you can’t defend against something you know nothing about.
In this article, we take a closer look at the top five cyberattacks, the top five attack vectors and how to better protect your business and data against the ever-growing cyberthreats.
What is a cyberattack?
Cisco defines cyberattack as “a malicious and deliberate attempt by an individual or organization to breach the information system of another individual or organization.” Cybercriminals launch highly advanced cyberattacks in an attempt to steal, leak, modify or destroy sensitive information by gaining unauthorized access to an organization’s networks or systems. Motivations behind cyberattacks can be broadly classified into three categories — personal, criminal and political. While financial gain is the primary motive behind most cyberattacks, other reasons include cyberterrorism, disruption, retribution (disgruntled employees), espionage (competitor), intellectual challenge (competition among hackers) and sometimes, just for fun or out of boredom.
How do cyberattacks happen?
To better understand how cyberattacks happen, let’s divide them into two categories — targeted and untargeted cyberattacks.
Targeted cyberattacks
Targeted cyberattacks, as the name suggests, are aimed at a particular person, organization, group or nation. In these types of attacks, threat actors operate with specific aims and objectives where they single out a certain organization(s) that is of interest to them or are paid to target. Targeted attackers operate with long-term goals; therefore, these types of attacks can take months to execute — from initial investigation to launching the attack. Some of the commonly used methods in targeted attacks include social engineering, phishing, tailor-made malware, persistent campaigns and botnets.
Previously, targeted attacks were typically aimed at government bodies and military bases. However, now their targets have diversified to include enterprises, cyber defense assets, media and communications and critical infrastructures, such as hospitals and healthcare.
Untargeted cyberattacks
Untargeted cyberattacks are the most common and prevalent forms of malicious threats. Unlike targeted attacks, where the scam is specifically tailored to attack the victim, untargeted attackers do not target specific individuals or organizations. Threat actors aim to target as many computers, individuals and organizations as possible. Malware, worms or viruses are indiscriminately sent through emails to hundreds or thousands, or even millions of email addresses via the internet. Untargeted cyberattacks are easier to execute but are less destructive than targeted attacks.
Stages of cyberattacks
Both targeted and untargeted cyberattacks have a number of common stages. Listed below are four main phases that are common in most cyberattacks.
- Survey: This stage is also known as intelligence gathering, where threat actors look to gather as much information as they can. They leverage publicly available information through social media or domain name management services to learn about targets’ IT environments, organizational structure, computers, systems and so on.
- Point of entry: Once threat actors gather essential information and identify potential vulnerabilities, the next step is to exploit those vulnerabilities. At this stage, the attackers try to break into an organization’s network or services using various delivery methods, such as malicious emails, the dissemination of infected USB drives and zero-day exploits.
- Breach: This stage is where the action takes place. Once they’re able to successfully breach an organization’s defenses by exploiting vulnerabilities, they can achieve full control over the targets’ networks or devices, make changes that may render devices useless or gain access to other accounts and information.
- Affect: Data exfiltration is the main objective in most cyberattacks. Once inside a system or network, the threat actor identifies critical assets and isolates them, paving the way for future exfiltration. Threat actors move laterally, exploring other systems, carrying out activities, seeking valuable information (intellectual property, trade secrets or customer information) and systems they can gain access to or infect.
What are the top five cyberattacks?
Last year, we witnessed a barrage of cyberattacks, wreaking havoc on businesses, government organizations and individuals alike. Unfortunately, the threats still loom large. IBM Security® X-Force® investigated and analyzed the trends and attack patterns. Let’s take a closer look at the top five cyberattacks, according to IBM’s X-Force Threat Intelligence Index 2022.
1. Ransomware
Ransomware accounted for 21% of all attacks in 2021 and continues to be the top attack type as per X-Force. Although the X-Force research and Sophos’ The State of Ransomware 2021 report found that the number of ransomware attacks is declining, the severity and cost of remediation of ransomware attacks are increasing significantly.
The main motives behind a ransomware attack are data theft and ransom. Earlier, “the double extortion” tactic was popular among threat actors, where they used to demand a double ransom — first for the decryption key and second, to delete data from their servers. However, an alarming new trend is now seen in ransomware attacks — the “triple extortion” tactic, where attackers steal and encrypt a victim’s data and also threaten to launch a distributed denial of service (DDoS) attack on affected organizations.
One of the recent examples is the attack on Bernalillo County in New Mexico, which forced most government buildings to shut down. The incident also impacted residents, education sector and the county jail.
2. Unauthorized server access
Accounting for 14% of all cybersecurity incidents, server access attacks were the second-most common type of cyberattacks. Asia experienced most of these attacks. While the motive behind these attacks is unclear, the X-Force research found that in many of the cases, threat actors were able to deploy malware or employ penetration testing tools on a server. In some cases, threat actors were able to take advantage of a known vulnerability like CVE-2020-7961, allowing them to execute remote code on a server. In many of the cases, they were able to successfully exploit vulnerabilities in Microsoft Exchange Servers to gain unauthorized access.
Altoona Area School District in Pennsylvania suffered an attack on their routing server in 2021. It took several measures to contain the incident; however, in 2022, it came to light that personal information of its employees was leaked on the dark web.
3. Business email compromise (BEC)
Business email compromise occupied the third spot with 8% of all attacks. BEC attacks saw a decline in areas where multifactor authentication (MFA) was widely implemented, for example, North America. However, in geographies like Latin America, where MFA is not as widely implemented, BEC attacks saw a significant increase (20%). The report found that threat actors were able to successfully execute BEC attacks by shifting focus on geographies that lacked widespread implementation of MFA.
In 2021, One Treasure Island, a non-profit organization based in San Francisco, suffered a major BEC attack where cybercriminals hacked the organization’s bookkeeper’s email account. The hackers added themselves to an email thread, manipulated a legitimate invoice and siphoned $650,000 from the non-profit organization.
4. Data theft/exfiltration
Closely following BEC attack is data theft or exfiltration, which is responsible for 8% of all cyberattacks. Data theft is the act of illegally stealing sensitive information, such as passwords, software code or intellectual property, for financial gain or to sabotage an organization.
Flagstar Bank, one of the largest banks in the United States, fell victim to a data breach in 2021. The incident resulted in leakage of sensitive information of 1.5 million customers.
5. Credential harvesting
Credential harvesting is another top attack type, accounting for 7% of all attacks. Last year, credential harvesting was a fairly popular method used against financial services, retail and wholesale, and healthcare and transportation industries. Credential harvesting is the process of gathering usernames, passwords and email addresses, which threat actors can sell on the dark web or use to launch coordinated cyberattacks. Threat actors leverage phishing emails, spoofed domains and login pages to convince unsuspecting targets to log in using their corporate username and password.
In 2020, Twitter fell victim to a spear phishing attack that compromised several high-profile accounts of political leaders, businessmen, celebrities and renowned companies. Hackers posed as Twitter’s security team and convinced their employees to divulge the credentials to access internal systems and tools.
What are the top five attack vectors?
Now that you have a clear understanding of the top cyberattacks that threaten productivity and business continuity, let’s delve a little deeper and explore the top attack vectors that threat actors use to gain access and target networks and systems.
1. Phishing
According to the IBM report, phishing was the top attack vector in 2021, superseding vulnerability exploitation, which occupied the top position in 2020. More than 40% of cybersecurity incidents involved phishing. BEC and ransomware attackers heavily rely on phishing campaigns as starting points to gain entry into victim computers and networks.
Social engineering penetration testing attacks conducted by X-Force Red, found that the average click rate for a simulated campaign was 17.8%. However, when vishing (voice phishing) phone calls were added to phishing campaigns, the click rate increased significantly to 53.2%. By adding vishing to the mix, the effectiveness of attacks increased threefold.
2. Vulnerability exploitation
Vulnerability exploitation may have dropped down to No. 2 on the list; however, vulnerability exploitation-related cybersecurity incidents increased by 34% in 2021 compared to 2020. Threat actors take advantage of a weakness, flaw or error in an organization’s security systems or software to compromise victim networks and devices. The Log4J vulnerability was one of the major contributors to the sharp increase in this attack vector in 2021. The report found that as the number of vulnerabilities is increasing year-over-year, the tools available to exploit these vulnerabilities are also increasing steadily.
3. Stolen credentials
Stolen credentials sit in the third place of the top five attack vectors. Stolen credentials were linked to 9% of all cybersecurity incidents in 2021. Along with phishing, threat actors also frequently used stolen credentials to gain initial access to the target networks for further attacks. It’s interesting to note that while phishing increased, stolen credentials declined by 50% in 2021 compared to 2020. Organization-wide implementation of MFA can play a key role in preventing hackers from infiltrating your systems.
4. Brute force
At number four, brute force accounted for 6% of all attacks. Brute force was among the primary methods used by threat actors to breach media organizations in Europe, Latin America, Middle East, Africa, North America and Asia. A brute-force attack is a trial-and-error method where threat actors attempt to compromise an account by guessing the password. Attackers try to forcefully access user account(s) by trying to match a list of passwords against a username with the hope that one of the combinations matches. This continues until the attacker finds the correct match.
5. Remote desktop protocol (RDP)
Remote desktop protocol (4%) emerged as the fifth most used attack vector in 2021. RDP allows IT administrators to fix issues in Windows computers or servers that run RDP server software. It allows employees to work from home or remotely by providing secure, remote access to their work computers. Hackers aim to exploit RDP security vulnerabilities to gain unauthorized access and move laterally to gather sensitive information and other valuable assets. RDP exploits reduced by nearly 50% in 2021 as remote environments have been hardened since the initial shift to working remotely during the COVID-19 pandemic.
Defend your organization with Unitrends Unified BCDR
As cyberattacks continue to evolve and become more sophisticated than ever before, they pose new and unique challenges for organizations. Large volumes of mission-critical data that now live in multiple locations, only exacerbate the situation further. Modern businesses may implement various security solutions to protect themselves; however, the harsh reality is that no organization is safe from cyberattacks.
When all things fail, a reliable business continuity and disaster recovery (BCDR) solution can not only help you mitigate the risks of cyberattacks but also enable you to continue critical business operations with little or no interruption.
Unitrends Unified BCDR brings together state-of-the-art backup, ransomware detection and cloud-based business continuity into a powerful, all-in-one platform that enables you to protect your data no matter where it lives — physical, virtual or SaaS environments.
Our innovative solutions, such as Unitrends Helix, Unitrends Ransomware Detection, Recovery Assurance, immutable cloud storage, dark web monitoring and phishing defense, help strengthen your organization’s overall security posture and build a more resilient business.
Request a demo today to see Unitrends in action and get all your backup- and recovery-related questions answered.