The 20 most common types of cybersecurity attacks

What is a cyber attack?

A cyber attack is an act aimed at targeting a computer or any element of a computerized information system in order to alter, destroy or steal data and exploit or harm a network. Cyberattacks have been on the rise, coinciding with the digitization of business that has become increasingly popular in recent years.

While there are dozens of different types of attacks, this list of cyber attacks includes the 20 most common examples.

The 20 most common types of cybersecurity attacks

1. DoS and DDoS attacks

Denial of Service (DoS) attacks are designed to overwhelm a system’s resources so that it cannot respond to legitimate service requests. Distributed Denial of Service (DDoS) attacks are similar in that they also attempt to exhaust the system’s resources. DDoS attacks are launched by attackers controlling a large number of malware-infected hosts. These are called “denial of service” attacks because the victim site is unable to provide services to people who want to access it.

With a DoS attack, the target site is flooded with illegal requests. Because the site must respond to every request, its resources are consumed by all responses. This prevents the site from serving users as usual and often results in a complete shutdown of the site.

DoS and DDoS attacks differ from other types of cyberattacks, which allow hackers to gain access to a system or increase the access they currently have. With these types of attacks, attackers directly benefit from their efforts. On the other hand, with DoS and DDoS cyber attacks, the goal is simply to disrupt the effectiveness of the target service. If attackers are hired by business competitors, they may benefit financially from their efforts.

DoS attacks can also be used to create vulnerabilities for other types of attacks. With a successful DoS or DDoS attack, the system usually has to be taken offline, which can make it vulnerable to other types of attacks. One common way to prevent DoS attacks is to use a firewall to detect whether requests sent to your site are legitimate. The imposter request can then be dropped, allowing normal traffic to flow without interruption. An example of such a major internet attack occurred in February 2020 on Amazon Web Services (AWS).

2. MITM attack

A man-in-the-middle (MITM) type of cyber attack refers to a breach in network security that allows an attacker to eavesdrop on data sent back and forth between two people, networks, or computers. It’s called a “man-in-the-middle” attack because the attacker positions themselves “in the middle” or between the two parties trying to communicate. In effect, the attacker is monitoring the interaction between the two parties.

In a MITM attack, the two parties involved feel like they are communicating as usual. What they don’t know is that the person who actually sent the message illegally modified or accessed the message before it reached its destination. Some ways to protect yourself and your organization from MITM attacks are to use strong encryption on access points or use a virtual private network (VPN).

3. Phishing attacks

Phishing attacks occur when a malicious actor attempts to obtain sensitive information from a target by sending an email that appears to be from a trusted, legitimate source. Phishing attacks combine social engineering and technology, and are so called because attackers actually “fish” for access to restricted areas by using “bait” that appears to be a trustworthy sender.

To carry out an attack, a bad actor might send you a link that takes you to a website and then tricks you into downloading malware (such as a virus) or providing your private information to the attacker. In many cases, targets may not realize they have been compromised, allowing attackers to go after others in the same organization without anyone suspecting malicious activity.

You can prevent phishing attacks from achieving their goals by carefully considering the types of emails you open and the links you click. Pay close attention to email headers and don’t click on anything that looks suspicious. Check the parameters for “reply” and “return path”. They need to be connected to the same domain that appears in the email.

4. Whale Phishing Attacks

A whale phishing attack is so named because it goes after an organization’s “big fish,” or whales, which often include those in the executive suite or others in charge of the organization. These individuals may possess information that is valuable to the attacker, such as proprietary information about the business or its operations.

If a targeted whale downloads ransomware, they are more likely to pay the ransom to prevent word of a successful attack from getting out and damaging their or the organization’s reputation. Whale phishing attacks can be prevented by taking the same precautions you take to avoid phishing attacks, such as carefully examining emails and their accompanying attachments and links, and keeping an eye out for suspicious destinations or parameters.

5. Spear Phishing Attacks

Spear phishing refers to a specific type of targeted phishing attack. Attackers spend time researching their intended target and then craft messages that the target may find personally relevant. These types of attacks are aptly called “spear” phishing because of the way the attacker hone in on a specific target. The email looks legitimate, which is why spear phishing attacks are so hard to spot.

Typically, spear phishing attacks use email spoofing, where the information in the “from” portion of the email is forged to make it appear to be from a different sender. This can be someone the target trusts, such as an individual in their social network, a close friend, or a business partner. Attackers may also use website cloning to make communications appear legitimate. With website cloning, attackers copy legitimate websites to trick victims into feeling comfortable. The target, believing the website is genuine, then feels comfortable entering their private information.

Similar to regular phishing attacks, spear phishing attacks can be prevented by carefully checking the details in all fields of the email and ensuring that users do not click on any links whose targets cannot be verified as legitimate.

6. Ransomware

With ransomware, the victim’s system is held hostage until they agree to pay the attacker a ransom. After sending the payment, the attacker provides instructions on how the target can regain control of their computer. The name “ransomware” is appropriate because the malware demands a ransom from its victims.

In a ransomware attack, the target downloads the ransomware from a website or email attachment. Malware is written to exploit vulnerabilities that have not yet been addressed by the system manufacturer or IT team. The ransomware then encrypts the target’s workstation. Sometimes ransomware can attack multiple parties by denying access to multiple computers or central servers that are critical to business operations.

Infecting multiple computers is often accomplished by not launching system attraction until days or even weeks after the malware’s initial infiltration. The malware can send AUTORRUN files from one system to another via an internal network or a Universal Serial Bus (USB) drive connected to multiple computers. Then, when the attacker initiates encryption, it works on all infected systems simultaneously.

In some cases, ransomware authors design code to evade traditional antivirus software. Therefore, it is important for users to be vigilant about the websites they visit and which links they click. You can also prevent many ransomware attacks by using a next-generation firewall (NGFW), which can use artificial intelligence (AI) to perform deep packet inspection to look for ransomware signatures.

7. Password attack

Passwords are most people’s access verification tool of choice, so finding out a target’s password is an attractive proposition for hackers. This can be done using a few different methods. Typically, people keep a copy of their password on paper or on a sticky note on their desk. Attackers can find the passwords themselves or pay someone on the inside to obtain them for them.

Attackers may also try to intercept network transmissions to obtain passwords that are not encrypted by the network. They can also use social engineering to convince targets to enter their passwords to solve seemingly “important” problems. In other cases, an attacker can simply guess a user’s password, especially if they use a default password or an easy-to-remember password such as “1234567.”

Attackers also often use brute force methods to guess passwords. Brute force password hackers use basic information about a person or their position to try to guess their password. For example, their name, date of birth, anniversary, or other personal but easily discoverable details can be used in different combinations to decipher their password. Information users put on social media can also be exploited in brute force password hackers. Things that individuals do for fun, specific hobbies, pets’ names, or children’s names are sometimes used to form passwords, making them relatively easy to guess by brute force attackers.

Hackers can also use dictionary attacks to determine a user’s password. A dictionary attack is a technique that uses commonly used words and phrases, such as those listed in a dictionary, to try to guess a target’s password.

An effective way to prevent brute force and dictionary password attacks is to set up a lockout policy. This will automatically lock access to the device, website or app after a certain number of failed attempts. With a lockout strategy, an attacker only has a few attempts before access is denied. If you have implemented a lockout policy and find that your account has been locked due to too many login attempts, it would be wise to change your password.

If an attacker systematically uses brute force or dictionary attacks to guess your passwords, they may notice passwords that don’t work. For example, if your password is your last name followed by your birth year, and a hacker tries to put your birth year before your last name on the last try, they may get it right on the next try.

8.SQL injection attack

Structured Query Language (SQL) injection is a common method of exploiting websites that rely on databases to serve their users. The client is the computer that obtains information from the server, and SQL attacks use SQL queries sent from the client to a database on the server. This command is inserted or “injected” into the data plane in place of other content that would normally be in the data plane, such as a password or login. The server holding the database then runs the command and the system is penetrated.

If SQL injection is successful, several things could happen, including releasing sensitive data or modifying or deleting important data. Additionally, an attacker could perform administrator actions (such as shutdown commands), which could disrupt the functionality of the database.

To protect yourself from SQL injection attacks, take advantage of the least privilege model. Using a least privilege architecture, only those who absolutely need access to the key database are allowed in. Even if a user has power or influence within the organization, they may not be allowed access to specific areas of the network if their job does not depend on it.

For example, CEOs can be blocked from accessing areas of the network even though they have the right to know what’s inside. Applying a least privilege policy not only prevents bad actors from accessing sensitive areas, it also protects against those who have good intentions but accidentally leave their login credentials vulnerable to an attacker or leave their workstation running while away from the computer.

9. URL explanation

Through URL interpretation, attackers can change and forge certain URL addresses and use them to access a target’s personal and professional data. This attack is also called URL poisoning. The name “URL interpretation” comes from the fact that the attacker knows the order in which the URL information for a web page needs to be entered. The attacker then “interprets” this syntax, using it to figure out how to get into areas they don’t have access to.

To perform a URL interpretation attack, a hacker might guess a URL that they can use to gain administrator rights on the website or gain access to the website’s backend to break into a user’s account. Once they reach the page they want, they can manipulate the site itself or access sensitive information about people who use it.

For example, if a hacker were trying to get into the admin section of a website called, they might enter, which would take them to the admin login page. In some cases, the administrator username and password may be the default “admin” and “admin” or be easily guessed. It’s also possible that the attacker has figured out the administrator’s password, or narrowed it down to a few possibilities. The attacker then tries each one, gaining access and being able to manipulate, steal or delete the data at will.

To prevent successful URL interpretation attacks, use secure authentication methods for any sensitive areas of your site. This may require a multi-factor authentication (MFA) or secure password composed of seemingly random characters.

10. Domain Name System Spoofing

Through Domain Name System (DNS) spoofing, hackers change DNS records to send traffic to fake or “spoofed” websites. Once on the fraudulent website, victims may enter sensitive information that hackers can use or sell. Hackers may also build a shoddy website with derogatory or inflammatory content to make a rival company look bad.

In a DNS spoofing attack, attackers take advantage of the fact that users believe the website they are visiting is legitimate. This allows attackers to commit crimes in the name of innocent companies, at least from the visitor’s perspective.

To prevent DNS spoofing, make sure your DNS servers are up to date. Attackers aim to exploit vulnerabilities in DNS servers, and the latest software versions often contain fixes that close known vulnerabilities.

11. Session Hijacking

Session hijacking is one of several types of MITM attacks. The attacker takes over the session between the client and server. The computer used in the attack replaces its Internet Protocol (IP) address with that of the client computer, and the server continues the session without suspecting that it is communicating with the attacker rather than the client. This attack works because the server uses the client’s IP address to verify its identity. If the attacker’s IP address is inserted midway through a session, the server may not suspect a breach because it is already participating in a trusted connection.

To prevent session hijacking, use a VPN to access business-critical servers. This way, all communications are encrypted and attackers cannot access the secure tunnel created by the VPN.

12. Brute force cracking

Brute force attacks get their name from the “brutal” or simple methods used in the attack. The attacker is simply trying to guess the login credentials of the person who has access to the target system. Once they get it right, they’re in.

While this may sound time-consuming and difficult, attackers often use bots to crack credentials. The attackers provide the bots with a list of credentials that they believe may allow them to access secure areas. The bot will then try each one while the attacker sits back and waits. After entering the correct credentials, the criminal will gain access.

To prevent brute-force attacks, make lockdown policies part of your authorization security architecture. Users trying to enter their credentials will be locked out after a certain number of attempts. This usually involves “freezing” the account so even if someone else tries from a different device using a different IP address, they can’t bypass the lockout.

It’s also wise to use a random password without regular words, dates or number sequences. This works because even if an attacker used software to try to guess a 10-digit password, for example, it would take years of constant attempts to get it right.

13. Cyber ​​attacks

Web attacks are threats that target vulnerabilities in web-based applications. Every time you enter information in a web application, a command is launched that generates a response. For example, if you use an online banking app to send money to someone, the data you enter instructs the app to go into your account, take the money out, and send it to someone else’s account. Attackers work within the framework of these types of requests and use them to their advantage.

Some common web attacks include SQL injection and cross-site scripting (XSS), which are discussed later in this article. Hackers also use cross-site request forgery (CSRF) attacks and parameter tampering. In a CSRF attack, the victim is fooled into performing actions that benefit the attacker. For example, they might click on the contents of a startup script designed to change login credentials to access a web application. The hacker with the new login credentials can then log in like a legitimate user.

Parameter tampering involves adjusting parameters that programmers have implemented as security measures designed to protect a specific operation. The execution of the operation depends on what is entered in the parameters. An attacker only needs to change the parameters, which allows them to bypass security measures that rely on those parameters.

To avoid web attacks, inspect your web applications to check for and fix vulnerabilities. One way to patch vulnerabilities without impacting web application performance is to use anti-CSRF tokens. Tokens are exchanged between the user’s browser and the web application. Before executing the command, the token is checked for validity. If it’s checked out, the command will pass – if not, it will be blocked. You can also use SameSite flags, which only allow requests from the same site to be processed, rendering any site built by an attacker useless.

14. Insider Threat

Sometimes the most dangerous actors come from within the organization. People within a company pose special dangers because they often have access to various systems and, in some cases, administrator privileges that allow them to make critical changes to the system or its security policies.

Additionally, people within an organization often have a deep understanding of its cybersecurity architecture and how the business responds to threats. This knowledge can be used to access restricted areas, change security settings or deduce the best time to carry out an attack.

One of the best ways to prevent insider threats in your organization is to limit employee access to sensitive systems to only those who need them to perform their duties. Also, for the few people who need access, use an MFA, which will require them to combine at least one thing they know with a physical item they have to access a sensitive system. For example, the user may have to enter a password and plug in a USB device. In other configurations, the access number is generated on a handheld device where the user must log in. Users can access the secure area only if both the password and number are correct.

While MFA by itself may not prevent all attacks, it can make it easier to determine who is behind an attack (or attempted attack), especially since only relatively few people are allowed to access sensitive areas in the first place. Therefore, this limited access strategy can act as a deterrent. Cybercriminals within your organization will know it’s easy to identify who the perpetrator is because the number of potential suspects is relatively small.

15. Trojan horse

Trojan horse attacks use malicious programs hidden within seemingly legitimate programs. When a user executes a potentially harmless program, malware inside a Trojan horse can be used to open a backdoor into the system through which hackers can infiltrate a computer or network. This threat takes its name from the story of the Greek soldiers who hid on horseback to infiltrate the city of Troy and win the war. Once the “gift” was accepted and brought through the gates of Troy, Greek soldiers jumped out to attack. Likewise, unsuspecting users may welcome an innocent-looking application onto their system, only to introduce a hidden threat.

To prevent Trojan attacks, users should be instructed not to download or install anything unless its source can be verified. Additionally, NGFW can be used to inspect packets for the potential threat of Trojan horses.

16. Drive-by attack

In a drive-by attack, hackers embed malicious code into an unsecured website. When users visit the site, the script is automatically executed on their computers, thereby infecting them with the script. The name “drive-thru” comes from the fact that victims only need to “drive-thru” the website by visiting it to become infected. There is no need to click anything on the website or enter any information.

To prevent drive-by attacks, users should ensure they are running the latest software on all computers, including applications such as Adobe Acrobat and Flash, which can be used while browsing the internet. Additionally, you can use web filtering software that can detect whether a site is unsafe before users access it.

17. XSS attacks

Through XSS, or cross-site scripting, an attacker delivers malicious script using clickable content that is sent to the target’s browser. When the victim clicks on the content, the script is executed. Because the user is logged into a session with the web application, the web application treats their input as valid. However, the attacker altered the executed script, causing the “user” to perform unexpected actions.

For example, an XSS attack could change the parameters of a transfer request sent through an online banking application. In the fake request, the intended recipient of the transferred funds replaces their name with that of the attacker. An attacker could also change the amount being transferred, giving themselves more money than the target originally intended to send.

One of the most straightforward ways to prevent XSS attacks is to use a whitelist of allowed entities. This way the web application will not accept anything other than approved entries. You can also use a technique called sanitization, which examines the data being entered to see if it contains anything potentially harmful.

18. Eavesdropping attack

Eavesdropping attacks involve bad actors intercepting traffic as it is sent over the network. In this way, attackers can collect usernames, passwords, and other confidential information such as credit cards. Eavesdropping can be active or passive.

Through active eavesdropping, a hacker inserts a piece of software into the path of network traffic to collect information that the hacker can analyze for useful data. Passive eavesdropping attacks differ in that the hacker “listens” or eavesdrops on the transmission, looking for useful data to steal.

Active and passive eavesdropping are both types of MITM attacks. One of the best ways to prevent them is to encrypt your data, which prevents hackers from using it, whether they use active or passive eavesdropping.

19. Birthday attack

In the birthday attack, the attacker abuses a security feature: the hashing algorithm used to verify the authenticity of the message. A hash algorithm is a digital signature that the recipient of a message checks before accepting the message as authentic. If a hacker can create the same hash that the sender attached to their message, the hacker can simply replace the sender’s message with their own. The receiving device will accept it because it has the correct hash.

The name “birthday attack” refers to the birthday paradox, which is based on the fact that in a room of 23 people, there is a greater than 50% chance that two of them will have the same birthday. So while people think their birthdays, like hashes, are unique, they’re not as unique as many people think.

To prevent birthday attacks, use longer hashes for verification. With each additional number added to the hash, the odds of creating a matching number decrease significantly.

20. Malware attacks

Malware is a general term for malicious software, hence the “mal” at the beginning of the word. Malware can infect a computer and change the way it operates, corrupt data, or spy on users or network traffic as it passes through it. Malware can spread from one device to another or it can remain in place, affecting only its host device.

Several of the above attack methods may involve forms of malware, including MITM attacks, phishing, ransomware, SQL injection, Trojans, drive-by attacks, and XSS attacks.

In a malware attack, the software must be installed on the target device. This requires user action. Therefore, in addition to using a firewall that can detect malware, users should also be educated on what types of software to avoid, the types of links they should verify before clicking, and the emails and attachments they should not engage in.


Related Posts

How I Secured 70,000 ETH and Won a 6 Million Bug Bounty

Operating system – device management

How to get started with Huawei Cloud ModelArts from scratch

Train your own data set based on pyskl’s poseC3D

Java Minesweeper Game

Basics of Artificial Intelligence: Introduction to Common Algorithms in Machine Learning

Attention mechanism (including pytorch code and detailed explanation of each function)

Computer Network–Network Layer

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>