What is a cyberattack?
There is no universally agreed definition of cyberattack. However, in most cases a cyberattack is a deliberate entry into a computer system with malicious intent.
The word cyberattack commonly describes a politically motivated attack, whether by states or non-state actors like terrorists. Cybercrime most often describes activity for purely criminal ends, although this definition is shifting as cybercrime grows in sophistication and magnitude.
Often cyberattacks use information and communication technologies (ICTs) to magnify common crimes, like intellectual property theft, harassment and fraud. Other forms of crime, like identity theft, have grown considerably in cyberspace.
Some cyberattacks are new forms of crime which can only be committed using ICTs, such as hacking and distributed denial of service (DDoS) attacks. In the last few years, cyberattacks have become more sophisticated and pose an increasing risk to national security.
There are many motives behind attacks, from sabotage and espionage to theft, fraud, ‘hacktivism’ and others.
Attacks can either be targeted – for example, the Stuxnet malware attack on Iran’s nuclear systems – or untargeted, like phishing emails which trawl vast numbers of email addresses.
Definition of a cyberattack
Cyberattacks exploit vulnerabilities in computer systems and networks of computer data, or trick users to gain illegal access, with the intent to either steal, destroy or manipulate data and systems. Attacks generally take one of three forms:
Attacks on confidentiality, designed to gain access to restricted information.
Attacks on integrity, which change, manipulate or compromise data and computer systems.
Attacks on availability, which deny or restrict rightful owners’ access to their data.
Types of cyberattack
There are many types of cyberattack and cybercrime, and their sophistication varies greatly.
is a method of fraudulently attempting to obtain sensitive information such as usernames, passwords and credit card details.
It is essentially the act of getting someone to click on a link which either allows a malicious actor to gain access to personal information or downloads malware onto a user’s device.
Phishing attacks often work by disguising malicious communications as originating from a trustworthy entity, like a bank or phone provider.
Malware (Malicious Software)
is a catch-all term for software that lets an attacker exploit, destroy or compromise a single or multiple computers or computer networks. Forms of malware include the following:
holds computers or files hostage by encrypting the data and withholding the access details from the legitimate user.
A ransom payment is normally demanded to restore affected files or systems. This has been one of the most prolific types of cyberattack during the COVID-19 pandemic.
enables the user to monitor someone else’s activities on computers, mobile phones and other devices by transmitting data covertly from the victim’s device back to the malware controller.
pretend to be legitimate software but actually carry out hidden, harmful functions. Once a trojan is installed, it may also install other types of malware.
can spread between files on a computer and have the ability to replicate themselves. They can display irritating messages, steal data or give hackers control over a computer. They can be attached to other programmes or hide in code that runs automatically when certain types of files are opened, such as in phishing emails.
Distributed Denial of Service (DDoS)
is an attack in which multiple compromised computer systems attack a target – such as a server, a website or other network resource – to disrupt the flow of traffic and cause a denial of service for users of the targeted resource.
How dangerous are cyberattacks?
Cyberattacks are most dangerous when they threaten critical national infrastructure, from energy and water supply to transport networks and healthcare provision.
Much of their threat exists due to the increasing digitization of these services, the changing nature of technology, the complexity of supply chains, and poor cybersecurity awareness.
Critical systems may contain ‘zero-day’ vulnerabilities – weaknesses that developers and users are unaware of, and which are exploited by hackers (and sometimes state actors) to build ‘back doors’ into systems, allowing them privileged, illegal access.
One of the most difficult aspects in protecting against cyberattacks is the blurring of lines between corporations and national governments. Global tech companies like Microsoft make the software that operates critical elements of national infrastructure in numerous countries, so a single point of weakness in an operating system can have far-reaching consequences.
The last few years have seen states launch attacks on software owned by corporations whose products tend to be embedded in supply chains of critical infrastructure – as an easily deniable form of retaliation, to sow disruption and to send messages about their ability to defend themselves.
Cybercrime is an enormous threat to individuals’ finances and personal data, and to their privacy and civil liberties. It also has an enormous impact on the global economy.
One of the most alarming aspects is the way that governments, hackers-for-hire and corporations intersect in the development and use of technology against individuals.
Pegasus, a highly sophisticated piece of spyware, was originally developed by an Israeli firm who create technology to ‘prevent and investigate’ terrorism and crime.
However, an investigation led by the Washington Post, Le Monde and the Guardian newspapers and Amnesty International revealed that Pegasus has also been used by governments for surveillance of domestic opponents with no connection to terrorism or crime, including politicians, journalists and activists.
What are state-sponsored cyberattacks and who is responsible?
Cyberattacks provide states with a tool in their arsenal that is highly flexible yet can cause huge disruption to an adversary at comparatively little cost. Unlike attacks with conventional weapons, cyberattacks are often deniable, although this is changing as tools for attribution become more sophisticated.
They are part of a new type of conflict taking place in a kind of ‘grey zone’. Such attacks put enormous pressure on their targets, forcing them onto the defensive against a constantly evolving threat.
Several countries have been associated with launching attacks.
The US and UK
Until recently, Western countries would not admit to possessing or using an offensive cyber capability, but this has changed in recent years.
For example, US intelligence agencies are thought to have been responsible for Stuxnet, a piece of malware used in a 2010 attack on Iran’s nuclear facilities.
Both US Cyber Command and the UK’s GCHQ have publicly acknowledged using cyberattacks to disrupt terrorist activities by groups including ISIS.
Russian groups, including those with ties to the Russian government, are alleged to have been responsible for numerous cyberattacks against the infrastructure of other countries during the last 20 years.
In 2007, a series of cyberattacks targeted Estonia’s parliament, banks and TV stations as part of a dispute over Soviet war graves in the country. It is notable for being one of the first major state-sponsored cyberattacks.
Russian intelligence agencies were also accused of hacking the Democratic National Committee email system in the US in 2015 and 2016. Emails were leaked as part of a campaign to influence the outcome of the 2016 US election.
In 2015, a Russian group was thought to have been responsible for an attack on Ukraine’s power grid. In 2017, ‘NotPetya’ malware, allegedly developed by Russian intelligence to attack Ukraine, spread to the systems of A.P. Møller – Maersk, one of the world’s largest container-shipping companies. Maersk reported losses of up to $300 million as a result.
The SolarWinds cyberattack of 2020 was a sophisticated malware attack targeting software firm SolarWinds’ Orion product, which is used by companies to manage IT resources.
The attack, which went undetected for months, allowed hackers to spy on SolarWinds customers and install malware on their systems.
Targets included cybersecurity firms, US government agencies and Microsoft. Russian intelligence services were again accused of carrying out the attack.
The Microsoft exchange hack, discovered in January 2021, is alleged to have been a direct attack by Chinese government-sponsored hackers against on-premises Microsoft exchange servers, with victims including government, industry and civil society organizations.
The attack was a case of hackers exploiting ‘zero-day vulnerabilities’ on the servers. It is thought the hackers had access to Microsoft email addresses and passwords for some time before the hack was discovered.
It was an example of an advanced persistent threat (APT), where hackers spend months in a system collecting information before attacking. It was a highly motivated and very sophisticated attack.
For some time, the US has also accused Chinese hackers of using cyberattacks as part of large-scale intellectual property theft and industrial espionage.
North Korea is most well-known for its attack on Sony Pictures Entertainment. The attack was thought to be retaliation for the company’s release of The Interview, a film critical of North Korea, in 2014. Hackers stole confidential documents, deleted original files from Sony computers, and posted unreleased films and confidential information on public file-sharing sites.
The North Korean group Lazarus is also alleged to have been the source of the 2017 ‘WannaCry’ ransomware attack that infected hundreds of thousands of computers, including some belonging to the UK’s National Health Service (NHS).
The NHS was not necessarily the specific target but the victim of an unfocused, not particularly sophisticated global malware attack that exploited existing vulnerabilities.
North Korea was widely alleged to have been behind the attack, using a piece of software called EternalBlue that was originally developed by the US National Security Agency (NSA).