Hackers and cybercriminals create and use malware to gain unauthorized access to computer systems and sensitive data, hijack computer systems and operate them remotely, disrupt or damage computer systems, or hold data or systems hostage for large sums of money (see Ransomware).

Ransomware
Ransomware is a type of malware that encrypts a victim’s data or device and threatens to keep it encrypted—or worse—unless the victim pays a ransom to the attacker. According to the IBM Security X-Force Threat Intelligence Index 2023, ransomware attacks represented 17 percent of all cyberattacks in 2022.

“Or worse” is what distinguishes today's ransomware from its predecessors. The earliest ransomware attacks demanded a single ransom in exchange for the encryption key. Today, most ransomware attacks are double extortion attacks, demanding a second ransom to prevent sharing or publication of the victims data. Some are triple extortion attacks that threaten to launch a distributed denial of service attack if ransoms aren’t paid.

Phishing
Phishing attacks are email, text or voice messages that trick users into downloading malware, sharing sensitive information or sending funds to the wrong people. Most users are familiar with bulk phishing scams—mass-mailed fraudulent messages that appear to be from a large and trusted brand, asking recipients to reset their passwords or reenter credit card information. But more sophisticated phishing scams, such as spear phishing and business email compromise (BEC), target specific individuals or groups to steal especially valuable data or large sums of money.

Phishing is just one type of social engineering—a class of ‘human hacking’ tactics and attacks that use psychological manipulation to tempt or pressure people into taking unwise actions.


Insider threats
Insider threats are threats that originate with authorized users—employees, contractors, business partners—who intentionally or accidentally misuse their legitimate access, or have their accounts hijacked by cybercriminals. Insider threats can be harder to detect than external threats because they have the earmarks of authorized activity, and are invisible to antivirus software, firewalls and other security solutions that block external attacks.

One of the more persistent cybersecurity myths is that all cybercrime comes from external threats. In fact, according to a recent study, 44% of insider threats are caused by malicious actors, and the average cost per incident for malicious insider incidents in 2022 was USD 648,062.3 Another study found that while the average external threat compromises about 200 million records, incidents involving an inside threat actor resulted in exposure of one billion records or more.4

Distributed denial of service (DDoS) attacks
A DDoS attack attempts to crash a server, website or network by overloading it with traffic, usually from a botnet—a network of multiple distributed systems that a cybercriminal hijacks by using malware and remote-controlled operations.

The global volume of DDoS attacks spiked during the COVID-19 pandemic. Increasingly, attackers are combining DDoS attacks with ransomware attacks, or simply threatening to launch DDoS attacks unless the target pays a ransom.

Πηγή: ΙΒΜ