What is a cyber attack?
source: businessleader.co.uk | Image: Pixabay.com
In this guest article, written exclusively as part of Business Leader’s Cyber Security Month, Bleddyn-Aled Wyke, Cyber Operations Executive at PureCyber, outlines what is a cyber attack.
A cyber-attack can take many forms, though one common thread throughout these is the threat actor. Whether the attack is untargeted, such as a phishing campaign against thousands of users hoping a careless one takes the bait, or more targeted, such as a Denial of Service (DoS) style attack against a company site denying normal users access to its services, there is a human presence behind this somewhere who has pushed the marble.
The National Cyber Security Centre (NCSC) presents a four-stage model mapping out the typical steps and processes carried out by threat actors in the process of an attack: Survey, Delivery, Breach, and Affect.
Firstly, the threat actor would look to survey an organisation’s infrastructure, in a bid to obtain as much information as possible. This could be through more technical means, scanning target networks to gain information about IT systems in place, or more physical methods such as social engineering to gain more private information such as internal processes or procedures.
With the knowledge gained here, the threat actor would look to move onto the delivery stage of the attack, where they attempt to put themselves into a position on a network where they can exploit a vulnerability they believe to exist within a target. An example of this would be gaining the format of a company’s e-mail address (e.g. first initial firstname.lastname@example.org) and using this to send phishing e-mails containing a malicious file or link to employees, using this to either spread malware or steal credentials. It only takes one user to follow through with the file or link to compromise an organisation’s system.
Upon successful delivery of an exploit, the attacker would attempt to further breach the system. Whether this is via stolen credentials allowing them to achieve access to sensitive user or company information, or via the implementation of malware letting them take control of computers or networks, the attacker can either go straight for their target or can look to gain a more established presence.
They can move to have more of an effect, using their established control to gain access to more privileged systems, allowing them to gain more sensitive information, make changes to their benefit, or disrupt businesses. From here the threat actor will look to either leave, attempting to remove any indications of their presence, or set up a more persistent style threat, leaving a back door for them to come and go as they please.