Types of cyberattack
A cyberattack is an attempt to gain access to, steal, modify or delete dataUnits of information. In computing there can be different data types, including integers, characters and Boolean. Data is often acted on by instructions. on a networkA group of interconnected computers/devices.. A cyberattack might make the network inaccessible, stopping a business from running efficiently. There are many different types of cyberattack. Some rely on technical weaknesses while others rely on social engineeringTricking people into giving sensitive data such as PINs or passwords..
Social engineering attacks
Social engineering covers a wide range of activities including phishing and shoulder surfing.
Phishing
Phishing involves using emails or fake websites that try to trick users into giving away personal details. A phishing email pretends to be a genuine message from, for example, a bank, and tries to deceive the user into following a link to a website that looks like the real company. However, it is a fake website designed to catch data such as bank account numbers and security codes.
Shoulder surfing
Shoulder surfing is the act of gaining information by directly observing someone. The most common form of shoulder surfing is when someone watches over the shoulder of a person entering their PIN at a cashpoint. Once they鈥檝e got the PIN, they could then steal the wallet or purse containing the bank card. The bank card and PIN could be used to withdraw cash or make purchases before the owner of the bank card realises it has been stolen.
Technical attacks
Technical attacks rely on some kind of technical weakness with softwareThe programs, applications and data in a computer system. Any parts of a computer system that aren't physical. or hard disk driveA device used to store large amounts of data. . As in social engineering, there are a wide range of attacks including exploiting unpatched software, using malicious USB deviceAny piece of computing hardware. and eavesdropping.
Unpatched software
Most software will regularly receive patchAn update to a piece of software, usually to fix bugs or improve the software in some way. to add new features, fix bugAn error in a program. or improve security. Unpatched software hasn鈥檛 had these patches - updates - applied. This means any bugs or security weaknesses can be used by a hacker to gain access to information.
Malicious USB devices
USB memory stickA physically small storage device. It normally plugs into a USB port. They are also called USB sticks, memory sticks, thumb or flash drives. These devices use solid state memory with no moving parts. are a common sight and many people use them in their day-to-day jobs. It is possible to get malicious USB devices - many of which look like normal USB memory sticks - that may infect a network with malwareSoftware that is designed to cause harm or damage to a computer. This includes viruses that might damage files, adware that causes pop-ups, and spyware that collects and shares login details.. They could also run some other technical attack against a network. The hacker would then be able to gain access to information from the network.
Eavesdropping
Eavesdropping is when a hacker intercepts information being sent to or from a network to a device or another network. An example of this is wiretapping, where communications are monitored.
Other digital devices
Digital devices such as webcams and DVDA plastic, circular disc used to store music, video or data. DVDs are optical storage media, similar to CDs and Blu-ray discs. recorders can also be used in a cyberattack on a global scale. They become part of a botnetA string of connected computers. Can be used to take control of a computer and infect the machines in the network. - a collection of devices connected via the internet which have been infected by malware. Hackers can use these devices to attack global organisations.