Merriam Webster’s dictionary defines a cyberattack as “an attempt to gain illegal access to a computer or computer system for the purpose of causing damage or harm.”
The first known use of the word was in 1996.
To put this into perspective, some other words that first appeared in print that year were burner phone, hundo (shortened version of one hundred), live streaming, geotag, body-shaming, GOAT, senior moment, and cloud computing. Independence Day, Mission: Impossible, Twister, and The Rock were the top grossing films that year and “Macarena” was at the top of the Billboard Hot 100, or should we say, hundo. A browser war between Netscape Navigator and AOL was in full effect.
The term cyberattack first appeared in print in a 1996 volume of the Economist, a venerated British weekly newspaper in print since 1843 that focuses on current affairs, international business, politics, technology, and culture. The Economist stated that, “With little law and order, the first thing to do to protect a network from cyber-attack is to rely on trusted friends.”
Hmm. Trusted friends? Maybe in 1996, but we can do better now. Learn how to build cybersecurity awareness in the workplace here or what to do if you’ve been hacked here. More on how to protect yourself from cyberattacks in our next article. Today, as we seek to build awareness around cybersecurity in the month of October, let’s break down everything we know about what cyberattacks are and the most common iterations out there today.
As the nature of cyberattacks have evolved over time, so too has its definition.
The Internet Engineering Task Force defined attack in RFC 2828 in May 2000 as:
an assault on system security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system.
According to the Oxford English Dictionary, a cyber-attack is:
The use of information technology to infiltrate or disrupt computer systems.
The Committee on National Security Systems of the United States of America (CNSS) and the National Institute of Standards and Technology (NIST) share the same two definitions of cyberattack. The two definitions as found in the glossary of the NIST are:
Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.
An attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information.
We can see that overtime, as cyberattacks have become more frequent, complex, large-scale, and consequential, the definition of the term has had to morph to encompass its widespread magnitude.
Cyberattacks are ongoing. They are occuring at all times, from all corners of the planet. Hackers are behind these acts of cybercrime, seeking to enrich themselves by way of ransom, overwhelming servers with distributed-denial-of-service attacks, or infiltrating devices with malware. Hackers often are working as a network of individuals, all in pursuit of personal gain, statement-making, or as pranks, simply because they can. Remember Jonathan James? He was a 15-year old boy in Florida in 1999, just “playing around” on his computer when he hacked into NASA. Thankfully, his intentions were born purely out of curiosity and teenage boredom, otherwise I’d hate to know what could have happened to the folks aboard the ISS had he altered the temperature or humidity of their living quarters. Do astronauts sweat in space?
Most Common Types of Cyberattacks
As technology continues to evolve, so does cybercrime. Knowledge is power. The month of October is devoted to cybersecurity awareness, and part of gaining an awareness of cybersecurity is knowing what a cyber attack is so that you can arm yourself against them. Get yourself familiar with the following most common types of cyberattacks so you know what to look out for:
- Malware – malicious software designed to interfere with a computer’s functioning. Malware comes in the form of ransomware, spyware, worms, and viruses that typically install when a compromising link or attachment is clicked.
- Phishing – the practice of sending fraudulent email messages or other communications disguised as reputable sources. This act deceives internet users into revealing sensitive, confidential information which can then be used illicitly, sometimes resulting in malware being installed on the user’s device.
- Man-in-the-Middle – also known as eavesdropping attacks, these attacks occur when hackers filter and steal data by covertly joining a two-party transaction. This commonly occurs while a network guest uses unsecured public Wi-Fi or when malware has been installed and undetected so a hacker can process a victim’s data.
- Denial-of-Service – Distributed-denial-of-service (DDoS) attacks are hackers’ attempts to disrupt systems, networks, or servers with a flood of traffic. By overwhelming the systems with repeated requests from multiple sources, resources and bandwidth are exhausted leading to an inability to fulfill legitimate requests.
- SQL Injection – A Structured Query Language Injection is when a hacker enters malicious code into a vulnerability website search box that forces the server to reveal sensitive information.
- Zero-day Exploit – Attackers take advantage of the window of time between when an announcement of a vulnerability occurs and when it can be patched.
- DNS Tunneling – When used maliciously, DNS Tunneling exploits the typical DNS protocol by registering a domain and using it to tunnel malware and other data through a client-server model.
Fortunately, there are hoards of us out here who are passionate about ethical hacking. The folks at Cyber Phoenix have made it our life’s work to learn everything there is to know about cybersecurity to educate the public and train up-and-coming cybersecurity industry workers. You can gain in-depth knowledge about each of these cyberattack methods and propel yourself into a career in cybersecurity with a premium course that teaches you to recognize the most common and most devastating attacks. Or take a deep dive into the world of malware or take one of our test prep courses to get certified by (ISC)², CISCO, or CompTIA. Lucky for you, it’s an industry that is growing by the day and we’ve got the courses that will get you out there.
“cyber-, comb. form”. OED Online. September 2022. Oxford University Press. https://www.oed.com/view/Entry/250879 (accessed October 07, 2022).
Merriam-Webster. (n.d.). Cyberattack. In Merriam-Webster.com dictionary. Retrieved October 7, 2022, from https://www.merriam-webster.com/dictionary/cyberattack
Cisco. “What Is a Cyberattack?”. https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html (Accessed October 7, 2022).
Cohen, Gary. “Throwback Attack: A Florida teen hacks the Department of Defense and NASA”. April 2021. Industrial Cybersecurity Pulse. https://www.industrialcybersecuritypulse.com/facilities/throwback-attack-a-florida-teen-hacks-the-department-of-defense-and-nasa/ (accessed October 7, 2022).