What are untargeted and targeted attacks?
Posted: 29th May 2024 - Reading Time: 3 minutes
Untargeted attacks
Attackers cast a wide net, aiming to infect as many devices or trick as many users as possible. They don’t care who the specific victim is. They exploit general weaknesses in internet security to launch these attacks.
Examples:
- Phishing: You receive an email that appears to be from a legitimate source like your bank (phishing emails can mimic almost any organization). The email asks you to click a link or download an attachment that infects your device with malware or directs you to a fake website designed to steal your login credentials.
- Water holing: Attackers compromise a legitimate website you might visit regularly. Once you land on the compromised site, malicious code is unknowingly downloaded to your device.
- Ransomware: You open an infected attachment or click a malicious link, and ransomware encrypts your files, making them inaccessible. The attacker demands a ransom payment, usually in cryptocurrency, to unlock your files.
- Scanning: Attackers use automated tools to scan vast swathes of the internet, looking for vulnerable devices or systems to exploit.
According to the Cyber Security Breaches Survey 2024, the most prevalent type of breach or attack is phishing, affecting 84% of businesses and 83% of charities. This is followed by impersonation attacks, where individuals pose as organisations in emails or online, impacting 35% of businesses and 37% of charities. Viruses and other malware come next, affecting 17% of businesses and 14% of charities.
Targeted attacks
Here, attackers have a specific victim in mind, like a particular company or individual. They invest time in researching their target’s vulnerabilities and tailor their attack accordingly. Targeted attacks are often more sophisticated and damaging than untargeted attacks.
Examples:
- Spear phishing: You receive an email that appears to be from someone you know or a company you do business with. The email contains a malicious attachment or link specifically designed to exploit a vulnerability in your system.
- Deploying a botnet: Attackers infect a large network of devices (called a botnet) with malware and use them to launch attacks on a specific target. This can involve overwhelming a target’s website with traffic (Distributed Denial-of-Service attack) or stealing sensitive data.
- Subverting the supply chain: Attackers tamper with hardware or software during the manufacturing or distribution process, embedding malware that grants them access to the target’s system once deployed.
In late 2020, software company SolarWinds disclosed that Russian-based hackers had infiltrated its IT infrastructure. Because SolarWinds products are widely used by numerous companies and organisations, the attackers leveraged this initial breach to compromise an additional 18,000 entities, including major tech companies and government agencies. Such wide-ranging intrusions resulting from a single initial compromise are commonly known as “supply chain attacks.”
Differences between targeted and untargeted attacks
Untargeted attacks are more common because they’re easier to launch. Attackers don’t need to spend time researching specific targets. They simply create generic emails or malware and cast a wide net. The content of untargeted attacks is often vague, hoping to catch someone who might click or fall for the scam. Targeted attacks, on the other hand, are more meticulous and require planning, but they can be far more successful in achieving the attacker’s goals.