Cyberattack
A cyberattack (or cyber attack) occurs when there is an unauthorized action against computer infrastructure that compromises the
The rising dependence on increasingly complex and interconnected computer systems in most domains of life is the main factor that causes vulnerability to cyberattacks, since virtually all computer systems have bugs that can be exploited by attackers. Although it is impossible or impractical to create a perfectly secure system, there are many defense mechanisms that can make a system more difficult to attack.
Perpetrators of a cyberattack can be criminals,
Cyberattacks can cause a variety of harms to targeted individuals, organizations, and governments, including significant financial losses and identity theft. They are usually illegal both as a method of crime and warfare, although correctly attributing the attack is difficult and perpetrators are rarely prosecuted.
Definitions
A cyberattack can be defined as any attempt by an individual or organization "using one or more computers and computer systems to steal, expose, change, disable or eliminate information, or to breach computer information systems, computer networks, and computer infrastructures".
Prevalence
In the first six months of 2017, two billion data records were stolen or impacted by cyber attacks, and ransomware payments reached US$2 billion, double that in 2016.[6] In 2020, with the increase of remote work as an effect of the COVID-19 global pandemic, cybersecurity statistics reveal a huge increase in hacked and breached data.[7] The worldwide information security market is forecast to reach $170.4 billion in 2022.[8]
Vulnerability
Over time, computer systems make up an increasing portion of daily life and interactions. While the increasing complexity and connectedness of the systems increases the efficiency, power, and convenience of computer technology, it also renders the systems more vulnerable to attack and worsens the consequences of an attack, should one occur.[9]
Despite developers' goal of delivering a product that works entirely as intended, virtually all
Protection
A system's architecture and design decisions play a major role in determining how safe it can be.
The majority of attacks can be prevented by ensuring all software is fully patched. Nevertheless, fully patched systems are still vulnerable to exploits using zero-day vulnerabilities.[24] The highest risk of attack occurs just after a vulnerability has been publicly disclosed or a patch is released, because attackers can create exploits faster than a patch can be developed and rolled out.[25]
Software solutions aim to prevent unauthorized access and detect the intrusion of malicious software.[26] Training users can avoid cyberattacks (for example, not to click on a suspicious link or email attachment), especially those that depend on user error.[4][27] However, too many rules can cause employees to disregard them, negating any security improvement. Some insider attacks can also be prevented using rules and procedures.[27] Technical solutions can prevent many causes of human error that leave data vulnerable to attackers, such as encrypting all sensitive data, preventing employees from using insecure passwords, installing antivirus software to prevent malware, and implementing a robust patching system to ensure that all devices are kept up to date.[28]
There is little evidence about the effectiveness and cost-effectiveness of different cyberattack prevention measures.[26] Although attention to security can reduce the risk of attack, achieving perfect security for a complex system is impossible, and many security measures have unacceptable cost or usability downsides.[29] For example, reducing the complexity and functionality of the system is effective at reducing the attack surface.[30] Disconnecting systems from the internet is one truly effective measure against attacks, but it is rarely feasible.[19] In some jurisdictions, there are legal requirements for protecting against attacks.[31]
Attack process and types
The cyber kill chain is the process by which perpetrators carry out cyberattacks.[32]
- Reconnaissance: would-be attackers search for information about the system in order to target it. They may seek out social engineering attacks to obtain more information about the target's systems.[32]
- Weaponization: after finding a vulnerability, attackers build an exploit to gain access, and malware to carry out the attack.[33]
- Delivery: once complete, the malware is delivered to the target.Drive-by-download does not require any clicks, only a visit to a malicious website.[34] Sometimes insiders are behind the attack and can use their credentials to bypass security.[35] Some attacks are delivered indirectly via associated companies that have a business relationship with the target. Others may be delivered by directly accessing hardware, particularly in the cases of bribery or blackmail.[33]
- Exploitation: the attacker's software is executed on the targeted system, and often creates a backdoor to enable remote control by the attacker.[33]
- Many attackers will not launch an attack right away.[36] The attacker often seeks to persist after system interruption (such as crash or restart), evade detection, and escalate privileges, [37] and secure multiple channels of communication with its controllers.[36] Other common actions include responding to remote controls and collecting and copying data to a device controlled by the attacker (data exfiltration).[37]
Activity
After the malware is installed, its activity varies greatly depending on the attacker's goals.
Ransomware is software used to encrypt or destroy data; attackers demand payment for the restoration of the targeted system. The advent of cryptocurrency enabling anonymous transactions has led to a dramatic increase in ransomware demands.[42]
Perpetrators and motivations
The stereotype of a hacker is an individual working for himself. However, many cyber threats are teams of well-resourced experts.
Motivations and aims also differ. Depending whether the expected threat is passive espionage, data manipulation, or active hijacking, different mitigation methods may be needed.[39]
Software vendors and governments are mainly interested in undisclosed vulnerabilities (
Targets and consequences
Targets of cyberattacks range from individuals to corporations and government entities.[9] Many cyberattacks are foiled or unsuccessful, but those that succeed can have devastating consequences.[19] Understanding the negative effects of cyberattacks helps organizations ensure that their prevention strategies are cost-effective.[26] One paper classifies the harm caused by cyberattacks in several domains:[60]
- Physical damage, including injury or death or destruction of property[61]
- Digital damage, such as the destruction of data or introduction of malware[61]
- Economic losses, such as those caused by disrupted operations, the cost of investigation, or regulatory fines.[61]
- Psychological harm, such as users being upset that their data has been leaked[62]
- Reputational damage, loss of reputation caused by the attack[63]
- Negative externalities to society at large, such as consumers losing access to an important service because of the attack.[64]
Consumer data
Thousands of
After a data breach, criminals make money by selling data, such as usernames, passwords, social media or customer loyalty account information, debit and credit card numbers,[67] and personal health information (see medical data breach).[70] This information may be used for a variety of purposes, such as spamming, obtaining products with a victim's loyalty or payment information, prescription drug fraud, insurance fraud,[71] and especially identity theft.[41] Consumer losses from a breach are usually a negative externality for the business.[72]
Critical infrastructure
Corporations and organizations
There is little empirical evidence of economic harm (such as reputational damage) from breaches except the direct cost[77] for such matters as legal, technical, and public relations recovery efforts.[78] Studies that have attempted to correlate cyberattacks to short-term declines in stock prices have found contradictory results, with some finding modest losses, others finding no effect, and some researchers criticizing these studies on methodological grounds. The effect on stock price may vary depending on the type of attack.[79] Some experts have argued that the evidence suggests there is not enough direct costs or reputational damage from breaches to sufficiently incentivize their prevention.[80][81]
Governments
Government websites and services are among those affected by cyberattacks.[76] Some experts hypothesize that cyberattacks weaken societal trust or trust in the government, but as of 2023[update] this notion has only limited evidence.[75]
Responses
Responding quickly to attacks is an effective way to limit the damage. The response is likely to require a wide variety of skills, from technical investigation to legal and public relations.[82] Because of the prevalence of cyberattacks, some companies plan their incident response before any attack is detected, and may designate a computer emergency response team to be prepared to handle incidents.[83][84]
Detection
Many attacks are never detected. Of those that are, the average time to discovery is 197 days.
Evidence collection is done immediately, prioritizing volatile evidence that is likely to be erased quickly.[88] Gathering data about the breach can facilitate later litigation or criminal prosecution,[89] but only if the data is gathered according to legal standards and the chain of custody is maintained.[90][88]
Recovery
Containing the affected system is often a high priority after an attack, and may be enacted by shutoff, isolation, use of a sandbox system to find out more about the adversary
Attribution
Attributing a cyberattack is difficult, and of limited interest to companies that are targeted by cyberattacks. In contrast,
Legality
Most states agree that cyberattacks are regulated under the laws governing the
In many countries, cyberattacks are prosecutable under various laws aimed at
Many jurisdictions have data breach notification laws that require organizations to notify people whose personal data has been compromised in a cyberattack.[111]
References
- ^ Asbaş & Tuzlukaya 2022, p. 303.
- ^ Li & Liu 2021, p. 8179.
- ^ Li & Liu 2021, pp. 8177–8179.
- ^ a b Li & Liu 2021, p. 8183.
- ^ Tjoa et al. 2024, p. 14.
- ^ Fosco, Molly (30 October 2018). "Will Artificial Intelligence Save Us From the Next Cyber Attack?". Fast Forward. OZY. Retrieved 30 October 2018.
- ^ Sobers, Rob (16 March 2021). "134 Cybersecurity Statistics and Trends for 2021". Inside Out Security. Varonis. Retrieved 27 February 2021.
- ^ "Forecast Analysis: Information Security, Worldwide, 2Q18 Update". Gartner. Retrieved 27 February 2022.
- ^ a b c Linkov & Kott 2019, p. 1.
- ^ Ablon & Bogart 2017, p. 1.
- ^ a b Ablon & Bogart 2017, p. 2.
- ^ Daswani & Elbayadi 2021, p. 25.
- ^ Seaman 2020, pp. 47–48.
- ^ Daswani & Elbayadi 2021, pp. 26–27.
- ^ Sloan & Warner 2019, pp. 104–105.
- ^ Haber & Hibbert 2018, p. 10.
- ^ Tjoa et al. 2024, p. 65.
- ^ Linkov & Kott 2019, pp. 2, 7.
- ^ a b c Linkov & Kott 2019, p. 2.
- ^ Tjoa et al. 2024, p. 3.
- ^ Linkov & Kott 2019, p. 7.
- ^ Linkov & Kott 2019, pp. 19–20.
- ^ a b Tjoa et al. 2024, p. 15.
- ^ Ablon & Bogart 2017, p. 3.
- ^ Libicki, Ablon & Webb 2015, pp. 49–50.
- ^ a b c Agrafiotis et al. 2018, p. 2.
- ^ a b Linkov & Kott 2019, p. 20.
- ^ Daswani & Elbayadi 2021, pp. 31–32.
- ^ Tjoa et al. 2024, p. 63.
- ^ Tjoa et al. 2024, pp. 68, 70.
- ^ Tjoa et al. 2024, pp. 4–5.
- ^ a b Skopik & Pahi 2020, p. 4.
- ^ a b c d Skopik & Pahi 2020, p. 5.
- ^ a b c Al-Turjman & Salama 2020, p. 242.
- ^ Al-Turjman & Salama 2020, pp. 243–244.
- ^ a b Tjoa et al. 2024, p. 3.
- ^ a b Skopik & Pahi 2020, p. 6.
- ^ Skopik & Pahi 2020, pp. 5–6.
- ^ a b Tjoa et al. 2024, p. 17.
- ^ Al-Turjman & Salama 2020, p. 243.
- ^ a b Al-Turjman & Salama 2020, p. 244.
- ^ Hyslip 2020, p. 828.
- ^ Tjoa et al. 2024, p. 3.
- ^ Tjoa et al. 2024, p. 9.
- ^ a b c Tjoa et al. 2024, p. 16.
- ^ Tjoa et al. 2024, pp. 16–17.
- ^ Libicki, Ablon & Webb 2015, pp. 44–45.
- ^ Libicki, Ablon & Webb 2015, pp. 44, 46.
- ^ Hyslip 2020, p. 831.
- ^ Perlroth 2021, p. 42.
- ^ Perlroth 2021, p. 58.
- ^ Sood & Enbody 2014, p. 117.
- ^ a b Hyslip 2020, p. 816.
- ^ Hyslip 2020, pp. 831–832.
- ^ Hyslip 2020, p. 818.
- ^ Hyslip 2020, p. 820.
- ^ Hyslip 2020, p. 821.
- ^ Hyslip 2020, pp. 822–823.
- ^ Hyslip 2020, p. 828-829.
- ^ Agrafiotis et al. 2018, p. 7.
- ^ a b c Agrafiotis et al. 2018, p. 9.
- ^ Agrafiotis et al. 2018, pp. 10, 12.
- ^ Agrafiotis et al. 2018, p. 10.
- ^ Agrafiotis et al. 2018, pp. 7, 10.
- ^ Crawley 2021, p. 46.
- ^ Fowler 2016, pp. 7–8.
- ^ a b Fowler 2016, p. 13.
- ^ Fowler 2016, pp. 9–10.
- ^ Fowler 2016, pp. 10–11.
- ^ Fowler 2016, p. 14.
- ^ Fowler 2016, pp. 13–14.
- ^ Sloan & Warner 2019, p. 104.
- ^ Lehto 2022, p. 36.
- ^ Vähäkainu, Lehto & Kariluoto 2022, p. 285.
- ^ a b c Shandler & Gomez 2023, p. 359.
- ^ a b Lehto 2022, passim.
- ^ Makridis 2021, p. 1.
- ^ Fowler 2016, p. 21.
- ^ Agrafiotis et al. 2018, p. 5.
- ^ Makridis 2021, pp. 1, 7.
- ^ Sloan & Warner 2019, p. 64.
- ^ Tjoa et al. 2024, p. 92.
- ^ Bareja 2021, pp. 13, 16.
- ^ Tjoa et al. 2024, pp. 91–93.
- ^ Bareja 2021, pp. 13–14.
- ^ Tjoa et al. 2024, p. 94.
- ^ a b Oppenheimer 2024, p. 39.
- ^ a b c Tjoa et al. 2024, p. 95.
- ^ Fowler 2016, pp. 81–82.
- ^ Fowler 2016, p. 83.
- ^ Fowler 2016, pp. 120–122.
- ^ Fowler 2016, p. 115.
- ^ Fowler 2016, p. 116.
- ^ Fowler 2016, pp. 117–118.
- ^ Fowler 2016, p. 124.
- ^ Fowler 2016, p. 188.
- ^ a b Skopik & Pahi 2020, p. 1.
- ^ Li & Liu 2021, p. 8177.
- ^ Skopik & Pahi 2020, pp. 1, 6.
- ^ Skopik & Pahi 2020, p. 12.
- ^ Skopik & Pahi 2020, p. 16.
- ^ Fowler 2016, p. 44.
- ^ Solove & Hartzog 2022, p. 58.
- ^ a b Aravindakshan 2021, p. 299.
- ^ Lilienthal & Ahmad 2015, p. 399.
- ^ a b Verbruggen, Yola (10 January 2024). "Cyberattacks as war crimes". International Bar Association. Retrieved 8 April 2024.
- ^ Aravindakshan 2021, p. 298.
- ^ "Key Issues: Offences against the confidentiality, integrity and availability of computer data and systems". Cybercrime Module 2. United Nations Office on Drugs and Crime. Retrieved 8 April 2024.
- ^ Aravindakshan 2021, p. 296.
- ^ Wilkinson, Isabella (2 August 2023). "What is the UN cybercrime treaty and why does it matter?". Chatham House. Retrieved 8 April 2024.
- ^ Solove & Hartzog 2022, p. 10.
Sources
- Ablon, Lillian; Bogart, Andy (2017). Zero Days, Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits (PDF). Rand Corporation. ISBN 978-0-8330-9761-3.
- Al-Turjman, Fadi; Salama, Ramiz (2020). "An Overview about the Cyberattacks in Grid and Like Systems". Smart Grid in IoT-Enabled Spaces. CRC Press. ISBN 978-1-003-05523-5.
- Agrafiotis, Ioannis; Nurse, Jason R C; Goldsmith, Michael; Creese, Sadie; Upton, David (2018). "A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate". Journal of Cybersecurity. 4 (1). ISSN 2057-2085.
- Asbaş, C.; Tuzlukaya, Ş. (2022). "Cyberattack and Cyberwarfare Strategies for Businesses". Conflict Management in Digital Business: New Strategy and Approach. Emerald Group Publishing. pp. 303–328. ISBN 978-1-80262-773-2.
- Aravindakshan, Sharngan (2021). "Cyberattacks: a look at evidentiary thresholds in International Law". Indian Journal of International Law. 59 (1–4): 285–299. .
- Bareja, Dinesh O. (2021). "By Failing to Prepare, You Are Preparing to Fail". Security Incidents & Response Against Cyber Attacks. Springer International Publishing. pp. 13–29. ISBN 978-3-030-69174-5.
- Crawley, Kim (2021). 8 Steps to Better Security: A Simple Cyber Resilience Guide for Business. John Wiley & Sons. ISBN 978-1-119-81124-4.
- ISBN 978-1-4842-6654-0.
- Fowler, Kevvie (2016). Data Breach Preparation and Response: Breaches are Certain, Impact is Not. Elsevier Science. ISBN 978-0-12-803451-4.
- Haber, Morey J.; Hibbert, Brad (2018). Asset Attack Vectors: Building Effective Vulnerability Management Strategies to Protect Organizations. Apress. ISBN 978-1-4842-3627-7.
- Hyslip, Thomas S. (2020). "Cybercrime-as-a-Service Operations". The Palgrave Handbook of International Cybercrime and Cyberdeviance. Springer International Publishing. pp. 815–846. ISBN 978-3-319-78440-3.
- Lehto, Martti (2022). "Cyber-Attacks Against Critical Infrastructure". Cyber Security: Critical Infrastructure Protection. Springer International Publishing. pp. 3–42. ISBN 978-3-030-91293-2.
- Li, Yuchong; Liu, Qinghui (2021). "A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments". Energy Reports. 7: 8176–8186. .
- Libicki, Martin C.; Ablon, Lillian; Webb, Tim (2015). The Defender's Dilemma: Charting a Course Toward Cybersecurity (PDF). Rand Corporation. ISBN 978-0-8330-8911-3.
- Linkov, Igor; Kott, Alexander (2019). "Fundamental Concepts of Cyber Resilience: Introduction and Overview". Cyber Resilience of Systems and Networks. Springer International Publishing. pp. 1–25. ISBN 978-3-319-77492-3.
- Lilienthal, Gary; Ahmad, Nehaluddin (2015). "Cyber-attack as inevitable kinetic war". Computer Law & Security Review. 31 (3): 390–400. .
- Makridis, Christos A (2021). "Do data breaches damage reputation? Evidence from 45 companies between 2002 and 2018". Journal of Cybersecurity. 7 (1). .
- Oppenheimer, Harry (2024). "How the process of discovering cyberattacks biases our understanding of cybersecurity". Journal of Peace Research. 61 (1): 28–43. .
- Perlroth, Nicole (2021). This Is How They Tell Me the World Ends: Winner of the FT & McKinsey Business Book of the Year Award 2021. Bloomsbury Publishing. ISBN 978-1-5266-2983-8.
- Seaman, Jim (2020). PCI DSS: An Integrated Data Security Standard Guide. Apress. ISBN 978-1-4842-5808-8.
- Shandler, Ryan; Gomez, Miguel Alberto (2023). "The hidden threat of cyber-attacks – undermining public confidence in government". Journal of Information Technology & Politics. 20 (4): 359–374. .
- Skopik, Florian; Pahi, Timea (2020). "Under false flag: using technical artifacts for cyber attack attribution". Cybersecurity. 3 (1): 8. ISSN 2523-3246.
- Sloan, Robert H.; Warner, Richard (2019). Why Don't We Defend Better?: Data Breaches, Risk Management, and Public Policy. CRC Press. ISBN 978-1-351-12729-5.
- ISBN 978-0-19-094057-7.
- Sood, Aditya; Enbody, Richard (2014). Targeted Cyber Attacks: Multi-staged Attacks Driven by Exploits and Malware. Syngress. ISBN 978-0-12-800619-1.
- Tjoa, Simon; Gafić, Melisa; Kieseberg, Peter (2024). Cyber Resilience Fundamentals. Springer Nature. ISBN 978-3-031-52064-8.
- Vähäkainu, Petri; Lehto, Martti; Kariluoto, Antti (2022). "Cyberattacks Against Critical Infrastructure Facilities and Corresponding Countermeasures". Cyber Security: Critical Infrastructure Protection. Springer International Publishing. pp. 255–292. ISBN 978-3-030-91293-2.