How Cyber Attacks Happen
Cyber attacks have become a recurring theme in news headlines in recent years, from large corporations losing billions of pieces of data to alleged state-sponsored hacking of emails to influence an election. So much of our lives are now live online that these cyber attacks have the potential to disrupt everything from the safety of our finances to how we consume news.
Some reports suggest that cyber attacks cost UK businesses £34 billion a year, with data breaches also affecting individuals whose information may be used by criminals to commit identity fraud. Below, we look at the key information for understanding what cyber attacks are and the potential damage they can cause.
What is a cyber attack?
The term ‘cyber attack’ can refer to many different scenarios, but essentially it is an attempt by an individual or group to compromise a computer system, network or device with the intention of causing harm. These attacks can be against governments, businesses or individuals and are not always necessarily large-scale or wide-ranging.
A cyber attack can cripple a computer system, meaning a business loses money because its website is inaccessible or it can stop a government body from offering an essential service. It could also lead to large amounts of sensitive data being stolen, which can then affect individuals on a personal or financial level. In some cases, it can even cause physical damage - such as in 2015 when a steel mill in Germany was hacked.
How are cyber attacks carried out?
Many cyber attacks are opportunistic, with hackers spotting vulnerabilities in a computer system’s defences and exploiting them. This may involve finding flaws in the code of a website, that allows them to insert their own code and then bypass security or authentication processes. It could also mean they install ‘malware’ – software which is specifically designed to damage a system – via a vulnerable third party site.
Although terminology such as ‘cyber attacks’ and ‘hackers’ may conjure up images of sophisticated teams of computer experts with high-tech equipment, poring over lines of code, the reality is often quite different. Cyber attacks are much more likely to occur through mundane errors like a user choosing an easy-to-guess password or not changing the default password on something like a router.
‘Phishing’ is also a common way to gain access to a system, this involves extracting personal information under false pretences. For example, you may receive a very official looking email that asks you to change your password, which has actually been sent by hackers attempting to trick you. This is exactly what happened to a top official in the Democratic Party in the run-up to the 2016 US election, leading to the release of 60,000 private emails.
Another method of attack is a Distributed Denial of Service (DDoS), where vast amounts of traffic are sent to a system in order to crash it. A system can only handle so many requests at one time, much like a switchboard receiving too many phone calls, and will eventually crash. Once this happens, genuine users can no longer access the service, meaning lost revenue for the organisation and potentially more serious repercussions if the service was essential, e.g. a healthcare system.
Why do cyber attacks happen?
Cyber attacks are usually either criminally or politically motivated, although some hackers enjoy bringing down computer systems for the “lulz” – in other words for a thrill or sense of achievement.
Politically motivated cyber attacks may occur for propaganda reasons, to harm the image of a particular state or government in the minds of the public. It might also have more pernicious intent, such as to leak sensitive intelligence, private communications or embarrassing data. Cyber-attacks could potentially go even further, for example, government-backed hackers could theoretically create software to corrupt and destroy a weapons program, or other crucial infrastructure.
Cyber attacks can also lead to data breaches – where large amounts of information are leaked online and then used by criminals to commit financial fraud. Data such as credit card details, purchase histories and names and addresses can be all some fraudsters need to carry out identity theft. Research indicates that criminals may also stockpile personal data over time, increasing their ability to use it for financial gain. For example, they may collect a name and address from one breach and a credit card number from another, combining the two to commit identity theft.
What do cyber attacks mean for individuals?
Large cyber attacks may not always have a direct and immediate effect on individuals, but cyberwarfare and cybercrime, much like conventional war and criminality, will have a broader influence on society and security. A DDoS attack in October 2016 caused several popular websites including Twitter, Spotify and Reddit, to crash, which naturally had a direct impact on individuals wanting to use those services.
Data breaches can have a direct effect on individuals when criminals get hold of enough information to steal their identity and carry out various fraudulent activities. The key way to prevent this kind of crime is to ensure that you follow best practice when it comes to passwords and sharing information online.
Regularly changing your password and not using the same one for multiple accounts can prevent hackers gaining access in the event of a breach. Familiarising yourself with how fraudsters might try to ‘phish’ for information and being wary of any requests to change or confirm passwords is also key. If you own smart devices, ensure that you change any default usernames or passwords they have, so they can’t be easily accessed.
- How to report identity theft
- How to protect older people from being scammed
- Using contactless mobile payments and apps
- Safeguard your personal data when using smart home assistants
- Safeguarding your family’s personal data on smart toys
- How your identity could be stolen offline
- Protect against ID theft when making mobile payments
- Online Fraud Terminology
- What is anonymous browsing?
- Distributed Denial of Service explained
- How secure is your email?
- Identity theft and fraud explained
- Financial fraud explained
- Best practices for avoiding identity theft
- Stay safe online: Creating a secure password
- Scam avoidance: A few ways to help stay secure
- Are smart gadgets putting you at risk of identity theft?
- Helping your children stay safe online
- Should you share your location on social media?
- Safeguard your personal information on video game consoles
- Would you do internet banking on your smart TV?
- How fraudsters use Wi-Fi hotspots to steal data
- How to avoid email fraud
- Preventing your child’s identity from being stolen
- Keeping your personal information secure when moving home
- Protect yourself from becoming a victim of SMS phishing
- Protect against identity theft when sharing photos online
- Safeguard your identity on mobile apps
- Your social media profile and identity theft
- What is credit card fraud – can you prevent it from happening to you?
- How fraudsters can hijack your browser
- Safeguard your identity on Facebook and other social media sites
- Going on holiday - keeping your identity safe
- How to prevent smartphone identity theft
- Shopping online – staying safe against identity theft
- How to spot and avoid romance scams
- Facial recognition and identity risk
- Dealing with phishing phone scams
- Safer Internet Day – protecting children online
- 7 Signs of Identity Theft
- How to avoid contactless card fraud
- What Are Data Breaches?
- How to Spot a Phishing Email
- ID Fraud Overview
- How Financial Crimes Are Hidden in The Dark Web
- How much do you know about the Dark Web?
- Are you losing your identity?