A Simple Guide to How Cyber-attacks Happen
To understand how organisations are breached, and how those breaches can be prevented, it helps to become familiar with two foundational concepts: attack vectors and attack surfaces.
What is an Attack Vector?
An attack vector is the path a hacker or malicious software uses to break into your network and access your data. Attack vectors take advantage of technical weaknesses and human mistakes to steal, monitor, ransom, or damage valuable information.
One of the clearest modern examples of how an attack vector can quickly evolve into a global crisis is the 2025 Jaguar Land Rover (JLR) cyber-attack.
A Real‑World Attack Vector in Action
In 2025, Jaguar Land Rover (JLR), one of the world’s largest automotive manufacturers, suffered a major cyber-attack that shut down production across multiple countries and caused severe disruption to its global operations.
The disruption was so extensive that managers instructed workers not to return to plants while engineers attempted to contain the damage. The estimated cost reached £1.9 billion (over AUD $3.5 billion). 5,000 businesses across Jaguar’s supply chain were affected and recovery took months.
The attack originated from a single, critical attack vector: stolen login credentials harvested by infostealer malware. According to cybersecurity analysis, the HELLCAT ransomware group used credentials stolen from an employee's compromised device to access JLR’s internal Atlassian Jira systems.
This gave them direct access to confidential engineering files, employee records, source code, and large internal datasets. As a result, the attackers leaked more than 700 internal documents, followed by an even larger 350GB second data dump by another hacker exploiting the same stolen credentials.
The incident shows how quickly a simple attack vector can escalate from a single weakness into a company‑wide crisis. It also highlights the growing risk of supply‑chain‑wide impact when industrial systems are deeply interconnected but left unprotected.
HELLCAT's methods illustrate how modern cyber criminals exploit attack vectors with precision. Attack vectors come in many forms and understanding them helps you reduce your risk. We’ve listed the most common ones below.
Common Types of Attack Vectors
Compromised Access Credentials
Usernames and passwords can be stolen through phishing or leaked from third‑party websites. Reused passwords can give hackers access to your company systems after a single leak.
Weak, Reused, or Shared Passwords
Weak passwords make it easy for attackers to guess login details using brute force attacks (automated password‑guessing). Without multi‑factor authentication (MFA), the risk is even higher.
Software Vulnerabilities
Unpatched software, outdated apps, and “zero‑day” vulnerabilities are common entry points. Even database languages like SQL can be manipulated to access sensitive information.
Insider Threats
Employees or contractors with malicious intent may leak credentials, disable security controls, or intentionally help attackers.
Phishing via Email, Phone, or SMS
Cyber criminals pretend to be trusted sources to trick people into sharing passwords, payment details, or clicking harmful links. Phishing can occur through email, text messages, social media, or fake websites.
Ransomware & Malware
Malware includes viruses, spyware, trojans, ransomware and more. Once installed, it can steal, corrupt, encrypt, or destroy data across devices and whole networks.
Denial of Service (DoS) Attacks
Hackers flood websites or online services with fake traffic to overload them until they become unusable. A Distributed Denial of Service (DDoS) attack uses many computers at once for even greater impact.
Poor System Configuration / Weak Encryption
Using default passwords, misconfigured security settings, and poor encryption methods all create easy opportunities for attackers.
Man‑in‑the‑Middle (MITM) Attacks
Hackers “eavesdrop” on connections between devices, exploiting public Wi-Fi, SSL/TLS connections, local area networks, HTTPS connections, etc., to intercept or change sensitive data such as passwords or banking information.
Brute Force Attacks
Attackers use automated tools to guess passwords or encryption keys by trying thousands or millions of combinations. Weak passwords are cracked quickly.
An attack vector explains how an attacker gets in but that’s only part of the picture. Once that initial doorway is opened, what happens next depends on how much of your business is exposed. This is where the concept of an attack surface becomes important.
While attack vectors describe the method of entry, your attack surface determines how far an attacker can go once inside.
What is an Attack Surface?
Your attack surface is a collective of physical and virtual devices an attacker could compromise. These devices could exist within or outside of your network.
This includes:
- Servers and computers
- Mobile devices and IoT devices (e.g., smart thermostats)
- Apps and software
- Cloud services
- Websites
- Employee accounts and their behaviour
- Even IoT devices like a networked thermostat
Every one of these elements might have its own vulnerabilities and exposure to different attack vectors.
How to Reduce Your Attack Surface
Reducing your attack surface means making it as hard as possible for hackers to get in. Some key steps include:
1. Know Where Your Valuable Data Lives
Understand where sensitive information (financial data, passwords, trade secrets, and personal information) is stored and how it moves through your systems.
These days, it is possible to run applications that detect all kinds of information everywhere from mobile devices to desktops and connected USBs. Organisations often engage Computer One to help them know where their data is.
2. Review Your Security Controls
Check encryption, access controls, data validation, and monitoring tools in a Security Posture Assessment.
3. Audit Key Software and Cloud Services
Understand how cloud providers secure your data and whether it’s encrypted at rest.
4. Assess User Access
Ensure only authorised people can access sensitive systems.
5. Strengthen Physical Security
Locks, badges, biometric devices, guards, and CCTV all contribute to cybersecurity.
6. Patch and Update Regularly
Firewalls, routers, and software should always be up to date.
7. Use Advanced Threat Detection
Behaviour‑based tools such as CrowdStrike Falcon and Microsoft Defender for Endpoint can detect anomalies before they become major incidents.
8. Improve Staff Awareness
Provide cybersecurity training, enforce Bring‑Your‑Own‑Device (BYOD) policies, restrict risky websites, and manage portable devices.
9. Audit All Personnel
Temporary contractors, interns, and visitors can introduce risks. Regularly updating your attack surface map helps you stay ahead of new threats and react quickly.
Why Prevention Matters
A cyber-attack can cost more than lost data. It can cost customer trust, regulatory fines, downtime, and long‑term reputational damage.
Under Australia's Notifiable Data Breach Scheme, organisations must report serious breaches or face penalties up to $2.1 million.
Recent data shows:
- 11% of breached organisations didn’t detect their incident for over a year
- 59% of breaches were malicious
- Breaches from human error attributes 37%
- Healthcare and finance remain top targets
Cyber-attacks are becoming more sophisticated, and HELLCAT’s attack on Jaguar Land Rover is a clear example of how credential theft and malware can cripple even the largest global organisations.
If you want to protect your business from becoming the next target, start by understanding and reducing your attack surface.
A professional Information Security Audit from a trusted Managed Network Security provider like Computer One can help you strengthen your defences and keep cyber criminals out.
