In computers and computer networks an attack is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use of an asset. A cyberattack is any type of offensive maneuver that targets computer information systems, infrastructures, computer networks, or personal computer devices. An attacker is a person or process that attempts to access data, functions or other restricted areas of the system without authorization, potentially with malicious intent. Depending on context, cyberattacks can be part of cyberwarfare or cyberterrorism. A cyberattack can be employed by nation-states, individuals, groups, society or organizations. A cyberattack may originate from an anonymous source.
A cyberattack may steal, alter, or destroy a specified target by hacking into a susceptible system. Cyberattacks can range from installing spyware on a personal computer to attempting to destroy the infrastructure of entire nations. Legal experts are seeking to limit the use of the term to incidents causing physical damage, distinguishing it from the more routine data breaches and broader hacking activities.
Cyberattacks have become increasingly sophisticated and dangerous.
Since the late 1980s cyberattacks have evolved several times to use innovations in information technology as vectors for committing cybercrimes. In recent years, the scale and robustness of cyberattacks has increased rapidly, as observed by the World Economic Forum in its 2018 report: “Offensive cyber capabilities are developing more rapidly than our ability to deal with hostile incidents.”
In May 2000, the Internet Engineering Task Force defined attack in RFC 2828 as:
an assault on system security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system.
CNSS Instruction No. 4009 dated 26 April 2010 by Committee on National Security Systems of United States of America defines an attack as:
Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.
The increasing dependencies of modern society on information and computers networks (both in private and public sectors, including military) has led to new terms like cyber attack and cyberwarfare.
CNSS Instruction No. 4009 define a cyber attack as: