Cyberattacks

Cyberattacks are malicious attempts to damage, steal or destroy critical corporate data, compromise websites, and disrupt operational infrastructures. The attacker takes advantage of vulnerabilities in the system, installing a malicious code to alter computer code, logic or data leading to cybercrimes, such as information and identity theft.

As corporations and the clients they serve have come to depend on websites and web-based applications to create, consume, and do business, the privacy and security risks to which they are exposed every day are growing exponentially. Cyberattacks have become increasingly sophisticated and dangerous. They are no longer reserved for high profile targets, and can affect any organization that relies on networked applications, devices and systems.

Government organizations and financial firms remain the focus of many cyberattacks, particularly those carried out in the name of hacktivism. However, due to the open infrastructure of the Internet and the increased availability of easy-to-implement attack tools, almost anyone with the basic skills necessary can carry out a cyberattack, making cyber security a top priority for any enterprise with valuable digital assets and an Internet presence.

Types of cyberattacks and examples

  • Distributed Denial-of-service (DDoS) attack: a malicious attempt to slow down or crash a website by flooding it with overwhelming amounts of traffic. Cybercriminals achieve this by using large armies of automated “bots” and create large-scale attacks.
  • Malware: a malicious code designed to cause damage to a computer or network. There is a wide range of different malware categories, including but not limited to worms, trojans, spyware, and keyloggers.
  • Phishing: the act of attempting to trick the recipient of a malicious email into opening and engaging with it. The “sender” of the email deceives the victim by making the email appear to be sent from a reputable source, such as a government department, a supplier, or a customer of the business.
  • SQL injection: these attacks take advantage of vulnerabilities in the database layer of an application. Hackers inject malicious SQL queries into a website entry field, tricking the application into executing unintended commands, and penetrate the backend database.
  • Man-in-the-middle attack: mostly happening on unsecured pubic Wi-Fi, these attacks consist in the hackers interrupting the traffic between a visitor device and a network, insert themselves into a two-party transaction to steal data without the visitor’s knowing.
  • Brute force attack: also referred to as password cracking, brute force attacks are typically carried out to discover log-in credentials and gain access to websites for the purposes of data theft, vandalism, or the distribution of malware, which in turn can be used to launch brute force, DDoS and various types of cyberattacks on other targets. Even without successfully penetrating an online property, brute force attacks can flood servers with traffic, resulting in significant performance issues for the site under attack.
  • Breach attack: these attacks compromise the privacy goal of SSL by reducing HTTPS to encrypting page headers, leaving other content susceptible to discovery. Using a combination of brute force attacks and divide-and-conquer techniques, these attacks can be employed by hackers to extract login credentials, email addresses, and other sensitive, personally identifiable information from SSL-enabled websites.

Cyberattacks: Motives and Methods

Cyberattacks take advantage of vulnerabilities, whether it's weaknesses in software, computing devices, or the humans that administer and use them. As websites grow more complex and applications are developed more rapidly, the potential for attack increases. Meanwhile, hackers and cyber-mercenaries are building, distributing, and utilizing sophisticated exploit tools and malware to steal or destroy critical corporate data, compromise Web sites, and disrupt operational infrastructures.

Whether the motive is espionage or sabotage, cyber criminals employ a range of attack methods, such as spear-phishing, SQL injection attack, cross-site scripting (XSS), and brute force attacks, using them adaptively and in combination to carry out elaborate cyberattacks.

One of the most disruptive tactics used in cyberattacks is the distributed denial of service (DDoS) attack in which botnets are used to congest a website or web application to the point that legitimate users can no longer access it—costing enterprises millions of dollars in revenue, lost productivity and damaged reputations.

How to Prevent Security Threats and Protect Your Enterprise from Cyberattacks

Organizations, particular those that have suffered the effects of cyberattacks, have strengthened perimeter-based security controls like firewalls and intrusion detection systems. Unfortunately, traditional data center security methods such as these are not enough to protect companies from large-scale, distributed cyber threats and furtive attacks at the application layer.

What enterprises need today are multi-layered defense architectures that can not only detect and deflect cyberattacks as close to the source as possible but also scale to absorb massive-scale threats. And this is exactly what Akamai's Cloud Security Solutions offers our customers.

  • Our Kona Site Defender solution provides unparalleled DDoS prevention at the application and network layers, scaling rapidly to mitigate high volume attacks and to ensure the availability and performance of our clients' websites no matter how severe the attack.
  • Our Web Application Firewall service can detect and block potential attacks in HTTP and HTTPS layers, protecting our clients' applications against SSL security breaches and the most common and harmful types of HTTP attacks including XSS and SQL injection.

Discover how Akamai's Cloud Security Solutions can help protect your organization from cyberattacks.