Cyber Attacks

A cyber attack is a deliberate or malicious attempt by an individual or organisation to breach the information system of another individual or organisation. Usually, the attacker seeks some type of benefit from disrupting the victim’s network, (Cisco, 2024). The manner in which cyber attacks occur can be in a number of repeated stages, it is important to understand what these may potentially look like. Typically, cyber attacks can be categorised as either targeted or untargeted.

Untargeted cyber attacks are random, with the choice of victim being simply those whose device is vulnerable. They take advantage of the openness of the internet and consist of techniques including:

• phishing – sending out emails to large numbers of people asking for sensitive information (such as bank details) or diverting them to a fake website
• water holing – building a fake website or compromising a legitimate one so as to exploit the visitors
• ransomware – can include disseminating disk encrypting extortion malware
• scanning – attacking large portions of the open Internet at random

Targeted attacks are choice individuals or businesses that have been singled out for a specific reason. Typically, a targeted attack can be more detrimental as it will have been specifically tailored to the defence systems, processes and personnel around the device(s). Targeted attacks may include:

• spear-phishing – emailing targeted individuals that may contain an attachment with malicious software, or a link that downloads malicious software
• deploying a botnet – deliver a DDOS (Distributed Denial of Service) attack
• subverting the supply chain – attack devices or software being delivered to the organisation

Regardless of whether or not the cyber attack, or cyber threat, is targeted or untargeted, the likelihood is bespoke technology and software will be deployed in order to carry it out. There is also a high chance that the attack will be repeat and in stages. The stages of a cyber attack is better known as the Cyber Kill Chain developed by Lockheed Martin, consist of:

• Reconnaissance
• Weaponization
• Delivery
• Exploitation
• Installation
• Command & Control
• Actions on Objectives

On a larger scale, these cyber attacks can be deemed cyberwarfare or cyberterrorism and, therefore, committed by what is called cyberterrorists. Cyberwarfare is on a national and international level, whereby a nation or international organisation targets another’s computer or information. Cyberterrorism is the same but done with the intent to incite violence, cause harm, or threaten the loss of life, to achieve political or ideological gains by means of intimidation.

Business and governments alike can protect their devices and information from cyber attacks by hiring cyber talent. An individual who has undertaken training and gained qualifications in cyber security, has the know-how to tackle and defend against cyber threats. Typically, cyber security professionals look at:

• Fundamentals and competency when utilising open-source Linus OS
• Understanding the technologies, products, and procedures used to combat cybercrime
• Identifying tactics, techniques, and characteristics of cyber criminals
• Managing business continuity for cloud computing
• Risk management and cloud security risk infrastructure

Whether a cyber security analyst or a penetration tester, cyber security professionals are the best defence to protect against cyber criminals.

If you’re looking to get your foot in the door fighting cyber crime, our Cyber Security course is the best way to upskill and ready yourself for a career. Grasp current information and system security technology practices, as well as the security methods and defences which are central in successfully protecting against cyber threats.

Visit our courses page for more detail about our Cyber Security course and others. If you have any questions regarding any of our courses, feel free to get in touch with one of our dedicated team on 0121 450 3900.