What is a cyber attack? Recent examples show disturbing trends

From virtual bank heists to semi-open attacks from nation-states, the last couple of years has been rough on IT security. Here are some of the major recent cyber attacks and what we can learn from them.

Cyber attack definition

Simply put, a cyber attack is an attack launched from one or more computers against another computer, multiple computers or networks. Cyber attacks can be broken down into two broad types: attacks where the goal is to disable the target computer or knock it offline, or attacks where the goal is to get access to the target computer's data and perhaps gain admin privileges on it.

Types of Cyber attack

But to achieve those goals, a number of different technical methods are deployed by cybercriminals. There are always new methods proliferating, and some of these categories overlap, but these are the terms that you're most likely to hear discussed.

Malware: short for malicious software, malware can refer to any kind of software, no matter how it's structured or operated, that "is a designed to cause damage to a single computer, server, or computer network," as Microsoft puts it. Worms, viruses, and trojans are all varieties of malware, distinguished from one another by the means by which they reproduce and spread. These attacks may render the computer or network inoperable, or grant the attacker root access so they can control the system remotely.

Phishing — a technique by which cybercriminals craft emails to fool a target into taking some harmful action. The recipient might be tricked into downloading malware that's disguised as an important document, for instance, or urged to click on a link that takes them to a fake website where they'll be asked for sensitive information like bank usernames and passwords. Many phishing emails are relatively crude and emailed to thousands of potential victims, but some are specifically crafted for valuable target individuals to try to get them to part with useful information.

Denial of Service attacks — a brute force method to try stop some online service from working properly. For instance, attackers might send so much traffic to a website or so many requests to a database that it overwhelms those systems ability to function, making them unavailable to anybody. A distributed denial of service (DDoS) attack uses an army of computers, usually compromised by malware and under the control of cybercriminals, to funnel the traffic towards the targets.

Man in the middle attacks — a method by which attackers manage to interpose themselves secretly between the user and a web service they're trying to access. For instance, an attacker might set up a Wi-Fi network with a login screen designed to mimic a hotel network; once a user logs in, the attacker can harvest any information that user sends, including banking passwords.

Cryptojacking — a specialized attack that involves getting someone else's computer to do the work of generating cryptocurrency for you (a process called mining in crypto lingo). The attackers will either install malware on the victim's computer to perform the necessary calculations, or sometimes run the code in JavaScript that executes in the victim's browser. 

SQL injection — a means by which an attacker can exploit a vulnerability to take control of a victim's database. Many databases are designed to obey commands written in the Structured Query Language (SQL), and many websites that take information from users send that data to SQL databases. In a SQL injection attack, a hacker will, for instance, write some SQL commands into a web form that's asking for name and address information; if the web site and database aren't programmed correctly, the database might try to execute those commands.

Zero-day exploits — vulnerabilities in software that have yet to be fixed. The name arises because once a patch is released, each day represents fewer and fewer computers open to attack as users download their security updates.  Techniques for exploiting such vulnerabilites are often bought and sold on the dark web — and are sometimes discovered by government agencies that controversially may use them for their own hacking purposes, rather than releasing information about them for the common benefit.

Recent Cyber attacks

Deciding which cyber attacks were the worst is, arguably, somewhat subjective. Those that made our list did so because they got the most notice for various reasons — because they were widespread, perhaps, or because they were signals of a larger, scary trend.

Without further ado, here are the biggest cyber attacks in recent history:

WannaCry

************************************************************************