With cyber attacks on the rise due to an increase in remote and hybrid workplaces, it’s important to know the nine different types of cyberattacks so you can be prepared for potential attacks.
Cyber attacks are malicious, deliberate attempts from cyber criminals that exploit vulnerable systems to gain unauthorized access to sensitive and valuable computers, resources, logic or data.
They're also constantly evolving – these efficient, sophisticated breaches come in many different forms and can be difficult to stop, especially with the release of new computers, laptops and mobile devices every year. But understanding cyber attacks is the first step towards defending your network with strong cybersecurity compliance.
Malware, or “malicious software,” is the most prolific and common type of cyber attack. It’s an umbrella term for hardware, firmware or software intentionally designed to damage a computer, server or network by breaching its vulnerabilities. These intrusive programs are designed to exploit devices at the user’s expense while benefiting the hacker – they bypass security controls and are installed without the user’s permission, knowledge or consent to gain unauthorized access to private information and harm data, devices or people.
The most popular way for attackers to gain a foothold is by requiring the user to accidentally take action to install the malware: they trick the user into downloading what appears to be a harmless file, opening an innocent-looking attachment or clicking on a planted link.
Once on your computer, malware can wreak widespread havoc. Systems with malware typically exhibit unusual behavior, and the malware can propagate to other computers and networks. Hackers can then control your device, record keystrokes, spy on you, deny access to programs and disrupt, steal or delete files and data.
There are thousands of malware variants and types, and they’ve been around since the internet’s inception. The most popular examples are:
- Trojan horses
- Rogueware or scareware
- Fileless malware
- Mobile malware
Phishing is a type of cyberattack that combines social engineering with technical tricks to infect your computer and collect sensitive, confidential information (passwords and usernames, Social Security numbers, credit card and account numbers or intellectual property). Social engineering is when attackers manipulate people to break normal security procedures and practices to release this information, usually by disguising themselves as trusted sources. It heavily relies on human curiosity and impulses.
The most common type of phishing involves fraudulent emails that appear to have been sent by a legitimate, trusted and reputable entity, like your bank or the IRS. These emails typically request an urgent response, which baits the victim into opening the email, and they include information about your work, interests or hobbies to appear more legit.
The victim then feels entitled to click on a link or open an attachment in the email, which contains malicious code that hacks into the system or network. The link could also take the victim to a malicious website where they’re prompted to hand over valuable information.
There are five types of phishing attacks:
- Spear phishing
3. Password Attacks
Passwords are the most widespread method of authenticating access to a secure information website, making them vital to gain entry to confidential data. Attackers attempt to guess or crack your password using different methods.
- Brute force attack: this systemic approach to password attacks is when a hacker tries to guess a password with trial and error. They often use a program that creates thousands of variations and combinations based on your personal information, including your name, birthday, anniversary, job title, hobbies and pet or children’s names until the correct login credentials are found. This is highly effective against weak passwords.
- Dictionary attack: this is when an attacker uses a list of common passwords, like “password” or “123456,” to gain access.
- Credential stuffing: once a hacker obtains stolen credentials, they use the usernames and passwords to attempt access into other accounts and systems. This only works if people use the same ID and password on multiple accounts.
4. Man-in-the-Middle Attacks
Man-in-the-middle, or MITM, attacks involve the hacker “eavesdropping” on a two-party conversation between the victim and a host with the intent to steal or manipulate the victim’s data, like banking information or login credentials. MITM attacks can also be used to convince the victim to take action, like changing their login credentials or transferring funds.
The two communicating parties are unaware that the hacker has intercepted and modified the session with a spoofed Internet Protocol (IP) address; the hacker inserts themselves between the victim’s device and the host, pretending to be the other party in the session so they can intercept information in both directions. Lenovo experienced this cyber attack in 2015.
There are two common points of entry for MITM attacks:
- Unsecured public WiFi
- Malware breaches in the devices
5. Denial of Service Attack
Denial of Service, or DoS, attacks present a significant threat to companies. These volume-based attacks are when an attacker floods a system with traffic to disrupt operations, reduce bandwidth and exhaust resources, making it unable to respond to legitimate requests. The system can’t handle the amount of traffic and will either run extremely slowly or shut down entirely. Once the system is down, other forms of malware attacks can then be implemented.
When DoS attacks happen, it costs the organization time, money and resources to restore critical business operations. They’re also losing sales and revenue during the crash. And yet, this is one of the few examples of cyber attacks where the hacker isn’t directly benefited from their actions – they just receive the satisfaction of denying users service and shutting down business operations. Hackers can be morally, economically or politically motivated in their attacks. E-commerce sites, media agencies and government organizations are the most likely targets of DoS attacks.
Although most DoS attacks are from one system, Distributed Denial of Service attacks, or DDoS, is when multiple systems of infected computers (botnets) are used to overwhelm the system. DDoS attacks are faster and harder to block since multiple systems are involved.
6. Cross-Site Scripting
Cross-site scripting, or XXS, is when a hacker injects malicious script directly into a vulnerable web application. When a victim visits the website, the malicious code attacks their browser, or victims are taken to another website where they’re prompted to insert sensitive information. eBay experienced this back in 2014 when customers were redirected to malicious sites after clicking on product links.
Hackers can then steal the session cookies, hack into social media accounts, phish for personal information and spread more malware. Web forums, message boards, blogs and websites that allow users to post their own content are often susceptible to these cyber attacks.
7. SQL Injection
This cyber attack occurs on data-driven websites, specifically ones that use structured query language (SQL) to manage critical information in a database, such as logins, passwords and account information. It’s when hackers manipulate the standard query, which is used to request information from a server, by using malicious code to reveal the protected data. The hacker can then create, view, edit or delete stored data in the database. Hackers can also execute administration operations and issue commands to the operating system. The far-right platform Gab experienced an SQL injection when 70 gigabytes of data were stolen.
8. DNS Tunneling
Here, the hacker leverages Domain Name Search (DNS) queries and responses to bypass traditional security measures, like firewalls, and transmit data within the network. Once the hacker extracts data from the targeted system, they can engage in command-and-control activities, install new access points or unleash more malware. DNS tunneling provides attackers with persistent access to a victim. Another example of DNS tunneling is DNS spoofing, which is when the hacker sends online traffic to a fake website with inflammatory, obscene content – the victim is often encouraged to enter sensitive data that can be used or sold by the hacker.
9. Zero-Day Exploit
This cyber attack occurs when a cybersecurity vulnerability exists in a software or network, and there is no current solution or preventative measure – hackers swoop in and take advantage of it, stealing data or causing damage. Often, the organization will notify users about the vulnerability to keep them away, and the news eventually reaches hackers. The company has “zero days” to fix the vulnerability, as it already exists and is open to hacks.
What Does That Mean for You?
Although we just went over the nine main types of cyber attacks, be aware the list goes on and on – watering hole attacks, insider threats, IOS-based attacks, AI-powered attacks, spam, corporate account takeovers (CATO), ATM cash out, birthday attacks, URL manipulation or interpretation, spoofing and drive-by attacks are other examples of cyber attacks. That means staying vigilant and having the best cybersecurity measures are vital to your company staying safe.