Cyber Attacks: The Attackers’ Goal

We have been looking at cyberattacks generally in the last few articles. Firstly, we started with the attacker’s motive, which reveals the general motives behind any form of cybercrime. Then we also looked at the target of cyberattacks, which gives us an ideal target of a cyberattack. While the motive and target are a necessary requirement for an actual cyber attack to take place, it is also very important that we know the goals of an attack.
Today, let’s take a look at the goals of a cyber attack by cybercriminals. An attack goal determines that the attack methodology. An attack can have a single goal and some can have multiple goals, depending on the target of the attack and the motive behind the attack.
Our my list, I will state theft of credential as a goal some attackers aim to achieve. An attacker who wants to implement credential theft will use an attack methodology called social engineering attack. This methodology can manipulate some persons to reveal their credentials to the attacker unknown to them. They can also implement keylogger malware. A keylogger is malicious software that captures and logs every keystroke that a victim strikes on his or her keyboard. Credential theft targets are more of internet bank credentials and social media account credentials like Facebook, Twitter, Instagram, TikTok, Gmail, Yahoo, etc.
Malware Dissemination is also another goal of a cyber-criminal. When malware dissemination is their goal, they want to do everything possible to ensure that their desired or designed malware is on their target’s system. Delivering the malware to their target system can be done via what is known as malware delivery methodology. There are different types of malware delivery methodology and they include USB Media drop, drive-by-download, trojan horse, etc.
When we are talking about malware, we are talking of software or program designed with malicious intent, which generally causes damage to a computer system.
While each kind of malware is generally designed with its objective, there are some very dangerous kinds or types of malware that we should not allow to remain on our system or network for long in order not to induce loss of money. These dangerous kinds of malware fall under the money motived malware because money most have spent once a system is infected with the kind of malware.
Denial of Service, as the name implies, is a goal that an attacker pursues to cause extensive damage to a system or service run by a system. For this goal, the attacker wants to ensure that the target’s system is crashed or the services that are running on the target’s infrastructure is prevented from functioning as it should function. Once the system or service is disrupted user may not be able to access the system, services of infrastructure due to the crash.
Denial of Service attack can occur on hardware infrastructures such as servers, network-based appliances, laptops, or desktops in our respective offices. It can also occur on software infrastructures such as web services which process HTTPS request or file systems services which process files and document storage.
A practice example of a denial of service attack goal is web defacement of websites that are running on web servers.
Moving forward, data breach is also another goal of a cyber-criminal. In this case, the criminal really may not want to crash the system or damage the system, instead, he or she is more concerned about the data that resides on the system which he is not authorized to access. According to Wikipedia, it defines Data Breach as “the intentional or unintentional release of secure or private/confidential information to an untrusted environment.”
You will agree with me that we have so much confidence data that are residing at different servers which are also hosted on different hosting platforms in different countries. Starting with your driver’s license data to your bank verification data, then your sim registration data, and your national identity data. All these data sources can become a target and once the server holding this data is breached, it means the attacker will be able to steal these data, cause damage to the data, modify or delete the data.
Finally on the goal list for a cyber-attack is System Access also known as Hacking. This goal usually requires the services of a professional hacker with high experience. In this case, the hacker uses his technical know-how to take complete control of the system outside the regular way of accessing this system.
It starts usually with reconnaissance then scans for live machines, open ports, and vulnerabilities. After which it tries to exploit the vulnerabilities that have been discovered.
The hacking goal is generally assumed to be the actual cyber attack. while this may sound true but as this article has stated there are cyber-based attacks besides hacking. Although, there are still some more cyber attack goals that we may have not talked about in this article.
I close with this, the goal of cyber attack is as important as the motives, and targets of an attack by cybercriminals. That said, we should always prevent the attack and not allow the attack and start looking for a solution.