What are Cyberattacks

A cyberattack is an unwanted intrusion by a malicious actor into a system, device, or process. The attack usually leads to an incident such as malware infection, e.g., ransomware, a data breach, or a scam like Business Email Compromise.

No company wants to experience a cyberattack. Malicious attacks cause a range of harm, including theft, modification, damage, and exposure of IT systems, sensitive data, and other company resources. Attackers typically initiate these destructive invasions by gaining unauthorized access to IT networks and devices, often by manipulating a human operator, like an employee.

Cyberattacks are ubiquitous. Bitdefender’s 2024 Cybersecurity Assessment Report found that 57% of organizations experienced a data breach, an increase of 6% from the previous year. The costs of damage from a cyberattack can spiral when everything is added up. They cause extended business outages, affect a company’s compliance standing and reputation with customers, and, in the case of Business Email Compromise or ransomware, can directly result in enormous financial losses. The global average cost of a data breach in 2024 is $4.88 million USD. According to Gartner, Inc., organizations worldwide are expected to increase their spending on cybersecurity protection by over 15% to $212 billion in 2025. 

As the internet became ubiquitous and cloud computing normalized, cybercriminals found ways to take advantage of this new attack surface. Cybercriminal activity has become commonplace, and the security industry has responded by creating tools to help mitigate attacks. Infamous cyberattacks like the year 2000 ILOVEYOU virus, which caused up to $15 billion worth of damage worldwide, helped to push antivirus developments and security patch awareness. However, even as the security industry reacted to increasing security threats, cyber criminals kept several paces ahead by developing new malware strains and cyberattack tactics and techniques.

Cyber attackers have many motives, and often, these motives are reflected in the type of attack used. Cybercriminals come in many forms and can be part of a hacking gang, sometimes state-sponsored or an individual. Some of the most common reasons why a cyberattack is carried out include the following:

Financial motives and power

The National Crime Agency (NCA) recognizes that individual cybercriminals may be motivated by “peer recognition.” However, for the most part, organized gangs of hackers are in it for the money. A 2022 research paper from Bristol University in the UK, found that the respondents cited financial gain along with a “feeling of power and status” as the motivation behind their crimes.

Political reasons

Politically motivated cybercrime or “hacktivism” has become increasingly prevalent in the world as geopolitical issues pervade society. The FBI’s Internet Crime Complaints Center (IC3) releases regular alerts highlighting the prevalence of attacks on U.S. and global critical infrastructures from Russian military cyber-actors

Personal vendettas

Cyberattacks can come from the inside as well as external threats. Malicious insiders and ex-employees can pose a threat to an organization. The Bitdefender 2023 Cybersecurity Assessment found that over one-third of companies were victims of a malicious insider attack.

Corporate espionage 

Some cybercriminals are paid to infiltrate a company’s networks and exploit its people to learn corporate secrets. Resources like source code, proprietary company information, and financial data are all at risk. According to Bitdefender’s 2024 Cybersecurity Assessment found that almost one-third of companies experienced a cyberattack associated with corporate espionage.

Cyberattacks exploit vulnerabilities for the benefit of the cybercriminal(s) behind the attack. As such, a cyber-attacker will use any means to initiate that exploit. It is important to note that cyber-threats evolve. As the security industry develops novel mechanisms to prevent intrusions, cybercriminals find ways to evade detection. As a result, we must always be on our guard and keep watch over the developing threat landscape. However, certain types of tactics, techniques, and vectors remain favorites amongst malicious actors:

Phishing attacks and social engineering

Phishing attacks are designed to manipulate their victims into providing information that benefits the attacker. Phishing uses communication channels like email, text messages, and social media posts to trick people, like employees into engaging with a malicious actor. ENISA 2024 Threat Landscape report identified phishing as being one of the most prevalent methods used in cyber-attacks. Phishing is often coupled with social engineering to improve the success rate of the phishing outcome. Socially engineered emails, for example, may be used to target specific roles in an organization, like accounts payable, to trick the recipient of the phishing email. Often, phishing emails and other phishing messages point recipients to associated phishing websites via a URL in the message. Malicious websites will often be designed to look exactly like well-known brands like Office 365. Once the victim has navigated to the spoof site, they will be requested to enter login credentials or other sensitive data, which will then be sent to the hacker.

QR codes or "quishing" is a recent development in the phisher's arsenal. Cybercriminals are using QR codes' inherent trust to trick users into visiting phishing websites, where the victim is encouraged to submit personal data.

Ransomware attacks

Ransomware attacks continue to plague companies worldwide. This insidious form of malware is used to not only encrypt files, thereby disrupting business operations, but also steal sensitive data. The stolen data and disruption  is then used to extract a ransom from the  affected company. Ransomware infection often begins with a phishing email. There are many types of ransomware and Bitdefender Labs discovers over 400 new threats every minute. We also validate 30 billion threat queries daily. 

Malware and virus infections

Ransomware is a form of malware (malicious software), but there are many types of malware, viruses being one type. Other types of malware include worms, trojans, botnets, and spyware. While there may be many forms of malware, all must find ways of entering a network and being installed. Malicious actors looking to infect a network or device with malware will often use a human operator to initiate the attack by exploiting human behavior, such as the urge to click a link. Phishing is one method used successfully to initiate a malware infection. An email may contain an infected attachment or a link to an infected website. If the recipient opens the attachment or clicks the link, the process of downloading and installing the malicious software will begin.

Advances in malware have led to evasive forms, like "fileless malware," that make detection more complex. These new types of evasive malware avoid detection by using obfuscation methods and changing the signature of the malware files so that conventional antivirus cannot detect an infection.

Denial-of-Service (DoS) attacks

A DoS attack attempts to overwhelm a website, computer, or IoT device with traffic requests to make it inaccessible to legitimate users. DoS attacks are used to cause harm to business operations, with adverse financial and reputational impact. A 2024 Bitdefender report into IoT security found that DoS attacks were one of the most common forms of attack against smart devices.

Business Email Compromise (BEC)

BEC scams are the second most costly crime type, with investment scams number one, according to the FBI IC3 unit. Business Email Compromise scams use social engineering and phishing to execute an attack that leads to the release of company funds to a fraudster. Specific employees like a CEO and accounts payable staff are targeted as part of the scam. Scammers typically spend time collecting intelligence on the target company before creating socially engineered emails and other communications. Often, a CEO or CFO is targeted, and their email accounts are compromised or spoofed. The BEC scammers use the authority of the C-level to manipulate other staff to pay fake invoices and send money to a hacker's bank account.

AI-driven attacks

Threat actors are increasingly using AI and machine learning to automate, enhance, and enable certain parts of an attack chain. Examples of the use of AI in cyberattacks include GenAI applied to intelligence gathering and phishing email creation, developing realistic scenarios to target employees, and using deepfakes as part of a social engineering campaign. AI-driven attacks are likely to increase the sophistication and deception levels of human-centric cyberattacks

Every business sector worldwide is at risk from cyberattacks. In 2023, 75% of U.S. companies were exposed to material cyberattacks, which translated to those companies paying out more than $452 billion (USD) in cybercrime costs.

These cybercrime costs impact various aspects of a business: 

Operational effects

Threats like Ransomware and DoS have material impacts on the business bottom line. Ransomware encrypts files, making normal business operations impossible. Similarly, DoS prevents legitimate customers and clients from accessing devices, networks, and websites.

Financial impact

Cybercriminal acts are expected to cost the world around $15.6 trillion by 2029. At the business level, ransomware can be one of the most costly. In the manufacturing sector, for example, average downtime costs are estimated at $1.9 million USD per day.

Customer loyalty and reputation

Customers expect a company to protect their data. If a data breach occurs, there is a high likelihood that customers will move to a competitor. A recent report looking at banking sector breaches, found that 80% of customers would switch banks following a data breach.

Employees

Multiple adverse effects can place employees at risk of job losses and even mental health issues and emotional strain. A recent survey of over 500 cybersecurity professionals found that employees were dismissed in over one-third of cyberattacks.

Some of the most famous cyberattacks include the following:

1. Colonial Pipeline, ransomware, 2021: Colonial Pipeline services around 45% of all fuel consumed on the East Coast of the U.S. In 2021, the company became a target of the ransomware hacking group DarkSide. The attack relied on a spear phishing campaign to gain initial entry. Over 100 gigabytes of data were stolen before there was a system-wide computer lockdown. The ransom demand was for $5 million in Bitcoin. Colonial was shut down for six days before paying the ransom. The shutdown caused fuel shortages and increased the price of fuel.

2. Real Estate Wealth Network, data theft, 2023: A staggering 1.5 billion data records were compromised during a data breach. The online property platform contained details of investors, property owners and sellers. The breach was caused by an unprotected, publicly exposed, database. Amongst the data exposed were addresses, purchase price and date, mortgage company, mortgage loan amount, tax ID numbers, and so on.

3. MGM Resorts, ransomware, 2023: Social engineering of an employee led to a $100 million bill after a ransomware attack on MGM Resorts, by hacking gang ScatteredSpider. MGM systems were offline for ten days. The attackers also exfiltrated a large volume of personally identifiable information (PII) of MGM customers, contractors, third-parties, and employees.

4. Internet-connected devices, Mirai botnet, 2016: Originally created to take rival Minecraft servers offline by performing a distributed denial of service (DDoS) attack, the Mirai botnet quickly spread to infect thousands of IoT devices and evolved to conduct full, large-scale attacks. At the time, the Mirai botnet was the most significant DoS attack in history.