How Cyber Attacks Happen

Cyber attacks have become a recurring theme in news headlines in recent years. So much of our lives are now live online that these cyber attacks have the potential to disrupt everything from the safety of our finances to how we consume news.

Below, we look at the key information for understanding what cyber attacks are and the potential damage they can cause.

What is a cyber attack?

The term ‘cyber attack’ can refer to many different scenarios, but essentially it is an attempt by an individual or group to compromise a computer system, network or device with the intention of causing harm. These attacks can be against governments, businesses or individuals and are not always necessarily large-scale or wide-ranging.

A cyber attack can cripple a computer system, meaning a business loses money because its website is inaccessible or it can stop a government body from offering an essential service. It could also lead to large amounts of sensitive data being stolen, which can then affect individuals on a personal or financial level. In some cases, it can even cause physical damage - such as in 2015 when a steel plant in Germany was hacked.

How are cyber attacks carried out?

Many cyber attacks are opportunistic, with hackers spotting vulnerabilities in a computer system’s defences and exploiting them. This may involve finding flaws in the code of a website, that allows them to insert their own code and then bypass security or authentication processes. It could also mean they install ‘malware’ – software which is specifically designed to damage a system – via a vulnerable third party site.

Although terminology such as ‘cyber attacks’ and ‘hackers’ may conjure up images of sophisticated teams of computer experts with high-tech equipment, poring over lines of code, the reality is often quite different. Cyber attacks are much more likely to occur through mundane errors like a user choosing an easy-to-guess password or not changing the default password on something like a router.

‘Phishing’ is also a common way to gain access to a system, this involves extracting personal information under false pretences. For example, you may receive a very official looking email that asks you to change your password, which has actually been sent by hackers attempting to trick you. This is exactly what happened to a top official in the Democratic Party in the run-up to the 2016 US election, leading to the release of 60,000 private emails.

Another method of attack is a Distributed Denial of Service (DDoS), where vast amounts of traffic are sent to a system in order to crash it. A system can only handle so many requests at one time, much like a switchboard receiving too many phone calls, and will eventually crash. Once this happens, genuine users can no longer access the service, meaning lost revenue for the organisation and potentially more serious repercussions if the service was essential, e.g. a healthcare system.

Why do cyber attacks happen?

Cyber attacks are usually either criminally or politically motivated, although some hackers enjoy bringing down computer systems a thrill or sense of achievement.

Politically motivated cyber attacks may occur for propaganda reasons, to harm the image of a particular state or government in the minds of the public. It might also have more pernicious intent, such as to leak sensitive intelligence, private communications or embarrassing data. Cyber attacks could potentially go even further, for example, government-backed hackers could theoretically create software to corrupt and destroy a weapons program, or other crucial infrastructure.

Cyber attacks can also lead to data breaches – where large amounts of information are leaked online and then used by criminals to commit financial fraud. Data such as credit card details, purchase histories and names and addresses can be all some fraudsters need to carry out identity theft. Research indicates that criminals may also stockpile personal data over time, increasing their ability to use it for financial gain. For example, they may collect a name and address from one breach and a credit card number from another, combining the two to commit identity theft.

What do cyber attacks mean for individuals?

Large cyber attacks may not always have a direct and immediate effect on individuals, but cyberwarfare and cybercrime, much like conventional war and criminality, will have a broader influence on society and security. A DDoS attack in October 2016 caused several popular websites including Twitter, Spotify and Reddit, to crash, which naturally had a direct impact on individuals wanting to use those services.

Data breaches can have a direct effect on individuals when criminals get hold of enough information to steal their identity and carry out various fraudulent activities. The key way to prevent this kind of crime is to ensure that you follow best practice when it comes to passwords and sharing information online.

Regularly changing your password and not using the same one for multiple accounts can prevent hackers gaining access in the event of a breach. Familiarising yourself with how fraudsters might try to ‘phish’ for information and being wary of any requests to change or confirm passwords is also key. If you own smart devices, ensure that you change any default usernames or passwords they have, so they can’t be easily accessed.

Related Articles