What is a cyberattack?

What are the most common forms of cyberattack, how are they used by criminal networks and governments, and how can countries and individuals protect themselves?

Explainer Updated 12 October 2022 Published 18 February 2022 6 minute READ

What is a cyberattack?

There is no universally agreed definition of cyberattack. However, in most cases a cyberattack is a deliberate entry into a computer system with malicious intent.

The word cyberattack commonly describes a politically motivated attack, whether by states or non-state actors like terrorists. Cybercrime most often describes activity for purely criminal ends, although this definition is shifting as cybercrime grows in sophistication and magnitude.

Often cyberattacks use information and communication technologies (ICTs) to magnify common crimes, like intellectual property theft, harassment and fraud. Other forms of crime, like identity theft, have grown considerably in cyberspace.

Cyberattacks exploit vulnerabilities in computer systems and networks of computer data, or trick users to gain illegal access.

Some cyberattacks are new forms of crime which can only be committed using ICTs, such as hacking and distributed denial of service (DDoS) attacks. In the last few years, cyberattacks have become more sophisticated and pose an increasing risk to national security.

There are many motives behind attacks, from sabotage and espionage to theft, fraud, ‘hacktivism’ and others.

Attacks can either be targeted – for example, the Stuxnet malware attack on Iran’s nuclear systems – or untargeted, like phishing emails which trawl vast numbers of email addresses.

Definition of a cyberattack

Cyberattacks exploit vulnerabilities in computer systems and networks of computer data, or trick users to gain illegal access, with the intent to either steal, destroy or manipulate data and systems. Attacks generally take one of three forms:

Attacks on confidentiality, designed to gain access to restricted information.
Attacks on integrity, which change, manipulate or compromise data and computer systems.
Attacks on availability, which deny or restrict rightful owners’ access to their data.

Types of cyberattack

There are many types of cyberattack and cybercrime, and their sophistication varies greatly.


is a method of fraudulently attempting to obtain sensitive information such as usernames, passwords and credit card details.

It is essentially the act of getting someone to click on a link which either allows a malicious actor to gain access to personal information or downloads malware onto a user’s device.

Phishing attacks often work by disguising malicious communications as originating from a trustworthy entity, like a bank or phone provider.

Malware (Malicious Software)

is a catch-all term for software that lets an attacker exploit, destroy or compromise a single or multiple computers or computer networks. Forms of malware include the following:


holds computers or files hostage by encrypting the data and withholding the access details from the legitimate user.

A ransom payment is normally demanded to restore affected files or systems. This has been one of the most prolific types of cyberattack during the COVID-19 pandemic.  


enables the user to monitor someone else’s activities on computers, mobile phones and other devices by transmitting data covertly from the victim’s device back to the malware controller.


pretend to be legitimate software but actually carry out hidden, harmful functions. Once a trojan is installed, it may also install other types of malware.


can spread between files on a computer and have the ability to replicate themselves. They can display irritating messages, steal data or give hackers control over a computer. They can be attached to other programmes or hide in code that runs automatically when certain types of files are opened, such as in phishing emails.

Distributed Denial of Service (DDoS)

is an attack in which multiple compromised computer systems attack a target – such as a server, a website or other network resource – to disrupt the flow of traffic and cause a denial of service for users of the targeted resource.

How dangerous are cyberattacks?

Cyberattacks are most dangerous when they threaten critical national infrastructure, from energy and water supply to transport networks and healthcare provision.
Much of their threat exists due to the increasing digitization of these services, the changing nature of technology, the complexity of supply chains, and poor cybersecurity awareness.

Critical systems may contain ‘zero-day’ vulnerabilities – weaknesses that developers and users are unaware of, and which are exploited by hackers (and sometimes state actors) to build ‘back doors’ into systems, allowing them privileged, illegal access.

One of the most difficult aspects in protecting against cyberattacks is the blurring of lines between corporations and national governments. Global tech companies like Microsoft make the software that operates critical elements of national infrastructure in numerous countries, so a single point of weakness in an operating system can have far-reaching consequences.

The last few years have seen states launch attacks on software owned by corporations whose products tend to be embedded in supply chains of critical infrastructure – as an easily deniable form of retaliation, to sow disruption and to send messages about their ability to defend themselves.

Cybercrime is an enormous threat to individuals’ finances and personal data, and to their privacy and civil liberties. It also has an enormous impact on the global economy.

One of the most alarming aspects is the way that governments, hackers-for-hire and corporations intersect in the development and use of technology against individuals.

Pegasus, a highly sophisticated piece of spyware, was originally developed by an Israeli firm who create technology to ‘prevent and investigate’ terrorism and crime.  

However, an investigation led by the Washington Post, Le Monde and the Guardian newspapers and Amnesty International revealed that Pegasus has also been used by governments for surveillance of domestic opponents with no connection to terrorism or crime, including politicians, journalists and activists.

What are state-sponsored cyberattacks and who is responsible?

Cyberattacks provide states with a tool in their arsenal that is highly flexible yet can cause huge disruption to an adversary at comparatively little cost. Unlike attacks with conventional weapons, cyberattacks are often deniable, although this is changing as tools for attribution become more sophisticated.

They are part of a new type of conflict taking place in a kind of ‘grey zone’. Such attacks put enormous pressure on their targets, forcing them onto the defensive against a constantly evolving threat.

Several countries have been associated with launching attacks.

The US and UK

Until recently, Western countries would not admit to possessing or using an offensive cyber capability, but this has changed in recent years.

For example, US intelligence agencies are thought to have been responsible for Stuxnet, a piece of malware used in a 2010 attack on Iran’s nuclear facilities.

Both US Cyber Command and the UK’s GCHQ have publicly acknowledged using cyberattacks to disrupt terrorist activities by groups including ISIS.


Russian groups, including those with ties to the Russian government, are alleged to have been responsible for numerous cyberattacks against the infrastructure of other countries during the last 20 years.

In 2007, a series of cyberattacks targeted Estonia’s parliament, banks and TV stations as part of a dispute over Soviet war graves in the country. It is notable for being one of the first major state-sponsored cyberattacks.

Russian intelligence agencies were also accused of hacking the Democratic National Committee email system in the US in 2015 and 2016. Emails were leaked as part of a campaign to influence the outcome of the 2016 US election.

In 2015, a Russian group was thought to have been responsible for an attack on Ukraine’s power grid. In 2017, ‘NotPetya’ malware, allegedly developed by Russian intelligence to attack Ukraine, spread to the systems of A.P. Møller – Maersk, one of the world’s largest container-shipping companies. Maersk reported losses of up to $300 million as a result.

The SolarWinds cyberattack of 2020 was a sophisticated malware attack targeting software firm SolarWinds’ Orion product, which is used by companies to manage IT resources.

The attack, which went undetected for months, allowed hackers to spy on SolarWinds customers and install malware on their systems.

Targets included cybersecurity firms, US government agencies and Microsoft. Russian intelligence services were again accused of carrying out the attack.


The Microsoft exchange hack, discovered in January 2021, is alleged to have been a direct attack by Chinese government-sponsored hackers against on-premises Microsoft exchange servers, with victims including government, industry and civil society organizations.

The attack was a case of hackers exploiting ‘zero-day vulnerabilities’ on the servers. It is thought the hackers had access to Microsoft email addresses and passwords for some time before the hack was discovered.

It was an example of an advanced persistent threat (APT), where hackers spend months in a system collecting information before attacking. It was a highly motivated and very sophisticated attack.

For some time, the US has also accused Chinese hackers of using cyberattacks as part of large-scale intellectual property theft and industrial espionage.

North Korea

North Korea is most well-known for its attack on Sony Pictures Entertainment. The attack was thought to be retaliation for the company’s release of The Interview, a film critical of North Korea, in 2014. Hackers stole confidential documents, deleted original files from Sony computers, and posted unreleased films and confidential information on public file-sharing sites.

The North Korean group Lazarus is also alleged to have been the source of the 2017 ‘WannaCry’ ransomware attack that infected hundreds of thousands of computers, including some belonging to the UK’s National Health Service (NHS).

The NHS was not necessarily the specific target but the victim of an unfocused, not particularly sophisticated global malware attack that exploited existing vulnerabilities.

North Korea was widely alleged to have been behind the attack, using a piece of software called EternalBlue that was originally developed by the US National Security Agency (NSA).

End section

National cyber strategies

Nations are increasingly recognizing the threat posed by technology providers embedded deep in their complex supply chains. Such concerns informed the UK’s 2020 decision to remove equipment installed by Huawei (a Chinese telecoms firm) from its 5G network.

Part of the problem is that many policymakers do not always fully understand the nature of the threat. For several years, the main worry was a single large-scale, war-like event causing material and physical damage – when in fact the greatest threat comes from the sheer volume of concurrent and often unrelated minor attacks.

Policymakers’ limited understanding of the technology involved in cyberattacks is often an issue in making policies that are fit-for-purpose. But there is an increasing recognition of the need to develop policies that help countries prevent, prepare for and respond to cyberthreats.

In the last few years, many countries have developed strategies to provide a national response to cyberthreats.

In their efforts to do so, governments must first understand what they are trying to protect. Which areas of the country’s infrastructure are the most essential and sensitive, and where will threats to them most likely emerge?

Policymakers must concentrate on the human impact of cyberattacks and develop human-centric policies and responses.

Second, governments must be prepared to respond efficiently. Computer emergency and incident response teams, formed of technical experts with the ability to diagnose and respond to a threat, are a vital component in any reaction.

Third, policymakers must concentrate on the human impact of cyberattacks and develop human-centric policies and responses. Two attacks in 2021 show the importance of this: a ransomware attack on the Irish health service meant that people missed chemotherapy treatments; and another attack on a Swedish supermarket chain disrupted access to food. It is these human effects that national government strategies can best address.

How to prevent a cyberattack

The best way to prevent cyberattacks is for governments, businesses, and individuals to understand their shared responsibility in practicing good cyber security.

At a national level, governments must have clear responsibilities and leadership structures in place for cyberdefence. In the UK, there are six categories of cyberattack with defined responsibilities outlined for each one, ranging from limited threats that can be handled by local police to those which are a threat to life, addressed by government COBRA crisis-response meetings.

However, governments must recognize that cyberthreats cannot be managed purely through national structures.

Cyberthreats are international by nature and do not respect borders: attacks are often launched on behalf of one country from numerous other territories and may affect systems around the world.

International cooperation is important, not only in terms of identifying, arresting and prosecuting perpetrators, but also in establishing global regulation that can deliver more resilient cyber infrastructure.

Currently, there are no common global standards for hardware and software production – unlike in the car industry, for example. Greater emphasis must be placed on developers to build security into their products by design.

There have recently been some positive developments in global technology governance and in trying to achieve responsible state behaviour in cyberspace, but more needs to be done.

Continued engagement by governments, academia, civil society, the private sector and others is crucial as technology continues to develop, creating new threats and new issues.