When it comes to cyber security, knowledge really is power! Cybercriminals are opportunistic, so the more you know about the possible types of security breaches and the vulnerabilities that allow them to occur, the more you can protect your organisation against them. That’s why we’ve pulled this handy blog post together to cover the most common cyber security incidents you could face.
Whilst the cyber threat is ever-evolving, cyber security incidents can be simply grouped into one or more of four key outcomes: exfiltration, destruction, manipulation, and access denial. Although the protection required to prevent each of the four types is similar, they are unique in the potential effects and the severity of the situation following the breach.
Outcome |
Definition |
Exfiltration |
Information is removed and sold, or used as means for blackmail. |
Destruction |
Information is destroyed. |
Manipulation |
Information is manipulated. |
Access Denial |
Access to information is blocked. |
Also commonly called data extrusion or data exportation, data exfiltration is known as a form of data theft. Data extrusion is a security breach that occurs when an individual’s or company’s data is copied, transferred, or retrieved from a computer or server without authorisation. It can be conducted manually by an individual with physical access to a computer or automated through malware.
Data exfiltration is possible when systems rely on vendor-set, common, or easy-to-crack passwords. Attackers use social engineering techniques or phishing emails to persuade employees to inadvertently open messages containing malicious scripts, which can then later be used to install additional malware on the company’s network.
The goal is to gain access to a network, but remain undetected to find valuable or target data such as trade secrets, intellectual property, financial information, or sensitive customer data that can be later leaked or used for blackmail.
Since data transfer is common within and outside a company’s network (and as more companies are using cloud-based hosting services to store data and information), data exfiltration can be difficult to detect. And once your company’s most valuable data is in the hands of a cybercriminal, the damage is already done.
As the name suggests, a data destruction attack targets an organisation’s important data in an attempt to paralyse business operations and cause the maximum amount of damage. It can take down an organisation’s website, services, and internal systems.
Most companies back everything up so that they can restore data should it be lost in the event of a cyber attack - whether due to ransomware, malware, or another form of cyberwarfare. Typically, data can be recovered following standard procedures. However, an advanced data destruction attack can also attack the backup and restore methods used to recover from a breach.
Potentially, a data destruction attack could put businesses in a position where they have to rebuild infrastructure from scratch or pay a high ransom to the attackers. Either way, damage to an organisation's reputation is guaranteed for every day they are unable to operate.
It’s easy to see how cybercriminals may benefit from the deletion or theft of data through either its exploitation or sale. Manipulation attacks, however, have the potential to turn into long-term earning endeavours for hackers.
In a data manipulation attack, a cybercriminal will alter, tweak or modify valuable digital documents and critical data to damage an organisation from the inside out. A well-known example comes from Russian hackers who breached and released data from the World Anti-Doping Agency before the 2016 Olympic games. First, they manipulated the medical data of many famous athletes participating in the games before releasing it and damaging their reputations.
Another famous breach of this kind saw the US information technology firm, SolarWinds, recently fall victim to a cyber attack that went undetected for months. Hackers found their way into SolarWinds’ systems and added malicious code that was unknowingly sent out to customers since it was hidden in regular software updates. The code created a backdoor that granted the cybercriminals access to spy on private companies and install even more malware.
Understandably, data manipulation attacks take far more time to recover from than an exfiltration or destruction attack. Once data is manipulated, it is difficult to determine exactly how the data has been altered. An under-the-radar modification, such as a change to a customer’s subscription status, would require sifting through all customer data to review, check and double-check that all information is accurate before a business can resume as normal.
An access denial attack aims to render a computer or device unavailable to its intended users by interrupting the device’s normal functioning. They typically work by overwhelming or flooding a targeted machine with requests until normal traffic can’t be processed, resulting in access being denied to additional users. Cybercriminals will normally use a single computer to launch the attack.
Whilst they don’t typically result in the theft or loss of significant information or other assets, access denial attacks can cost organisations a great deal of time and money to handle. There are several methods of an access denial attack such as a ransom distributed denial-of-service (DDoS) attack, buffer overflow attacks and flood attacks.
A ransom DDoS attack is one of two parts: the attack and the ransom demand. A cybercriminal can approach this in either order, by carrying out a DDoS attack first and demanding a ransom second, or by issuing a ransom note first and threatening the organisation with a DDoS attack if they don’t pay up. In the case of the latter, it might be that the attacker is not capable of carrying out the attack, but it is not wise to assume this and every threat should be treated seriously.
A buffer overflow attack aims to cause a machine to consume all available hard disk space, memory, or CPU time. As you can imagine, this results in sluggish behaviour, system crashes, or other deleterious server behaviours, resulting in access denial.
A flood attack works by saturating a targeted server with an overwhelming amount of packets to reach server capacity, resulting in denial-of-service. For most flood attacks to be successful, the cybercriminal must have more available bandwidth than the target.
This might all sound incredibly scary, but it doesn’t have to be. Now that you know what threats are out there, you are better informed to protect you and your organisation against them. And, we’re here to help! Our expert cyber partners at Cyber Security Associates have all the tools, skills and services you need to keep your data protected.
About the author
Dave Woodfine, Co-founder and Managing Director, Cybersecurity Associates
Dave is an ex Cyber Commander working for the Royal Air Force and GCHQ. Now with years of commercial experience, Dave is an expert in cyber risk management and shaping cyber security strategies.