What is a cyberattack? Understanding different types
Cyberattacks can come in various disguises – malware, phishing, DDoS, and countless other shapes. Exposed sensitive information, drained bank accounts, and stolen identities are just a few of the terrifying consequences of a cyberattack. But you have ways to protect yourself, and knowing what’s out there can help you stay safe. So, let’s look at how cyberattacks work, the most common types of cyberattacks, and how to protect your data.
Table of Contents
Table of Contents
What is a cyberattack?
Cyberattack is a broad term for cybercrime that covers any deliberate assault on computer devices, networks, or infrastructures. Cyberattacks may be carried out for financial, vindictive, or ideological reasons, although some hackers also target high-profile systems for notoriety.
Types of cyberattacks
Now, let’s take a look at types of cyberattacks. While the following list barely scratches the surface, it covers some of the most common ways cybercriminals do their dirty work.
Malware attacks
Malware (also sometimes referred to as threatware) is an umbrella term for any malicious software designed to harm or otherwise take advantage of whoever runs it. It can range from software that secretly collects information about the victim or bombards them with annoying ads to the hundreds of ransomware examples that encrypt and hold the user’s data for ransom.
Malware itself has many different types:
- Viruses. A type of malicious software designed to infect files on your device.
- Worms. Malware that spreads and self-replicates from one file or computer to another without additional human interaction.
- Trojan horses. A type of malware that hides in seemingly legitimate programs but is designed for hackers to export files, modify data, delete files, or alter the device’s contents.
- Ransomware. Malware that is designed to encrypt files on a victim’s device, making the content unusable.
- Spyware. Malware installed to gather your personal data without your consent.
Social engineering
A social engineering attack tricks the user into revealing sensitive data, installing malware, or transferring money to the perpetrator. Cybercriminals usually fake websites and messages, impersonating trusted figures such as bank officials or customer service representatives to manipulate the target – that is, the user of the website or reader of the email – to carry out actions against their own interests.
Social engineering has a variety of different forms, such as scareware, baiting, quid pro quo, catfishing, pretexting, diversion theft, and phishing, which is itself subdivided into separate branches.
Phishing attacks
A phishing attack is a social engineering tactic often used to steal user data. Let’s take a look at some of the most common phishing attack types:
- Standard phishing. A deceptive technique to steal sensitive data, login credentials, and financial information, usually through emails with malicious links, leading to the installation of malware.
- Spear phishing. A personalized attack that targets specific individuals or companies. These are usually carried out through emails that may seem real to the recipient and invite them to share sensitive information with the criminal.
- Whaling. Whaling attacks are directed at high-level executives where attackers disguise themselves as trusted figures, encouraging victims to share sensitive or confidential information.
- Smishing or SMS phishing. Smishing is carried out through fraudulent text messages that deceive victims into sharing their personal or financial information.
Man-in-the-middle attacks (MitM)
During a man-in-the-middle attack, the criminal intercepts communication between the user’s computer and the recipient, like an app, website, or another user. Then, the attacker can manipulate the communication and obtain the victim’s exposed data.
Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks
A denial-of-service attack is a type of cyberattack in which an attacker makes a device unresponsive to its users by corrupting its functionality. These attacks are usually carried out by overflowing the machine with false queries and stopping it from responding to legitimate requests. DoS attacks are categorized into buffer overflow, ICMP flood, SYN flood, ping of death, teardrop, and smurf attacks.
A distributed denial-of-service is an internet cyberattack designed to disrupt a service, server, or network by overwhelming it with malicious traffic. It overwhelms the target using a network of infected computers, so the service can’t accept legitimate traffic. These attacks can slow service to a crawl or take it down entirely. DDoS attacks target different components of a network in various forms, such as TCP connection, volumetric, fragmentation, and application layer attacks.
SQL injection
A Structured Query Language injection employs in-band SQLi, inferential SQLi, or out-of-band SQLi attacks to damage networks and systems. It is a web security vulnerability when the attacker tricks a website into interpreting malicious code as actionable. This way, perpetrators can get the site to turn over confidential data they cannot typically retrieve, gain administrator rights, and issue commands to the operating system. When the hacker is inside the system, they can alter or delete files in the computer system, changing the application’s behavior.
Want to read more like this?
Get the latest news and tips from NordVPN.
Zero-day exploits
Zero-day exploits target unknown vulnerabilities in software or networks before security patches have been released, meaning that system developers have “zero days” to establish environment updates. Hackers are usually the first to discover system vulnerabilities, making the intrusion promising. Zero-day attacks target governments, large enterprises, intellectual property, and firmware of IoT devices. Threat actors usually aim for sensitive or confidential information and damage the entire network through different types of cybersecurity threats, such as worms (Stuxnet), hacktivism (Sony hack), and banking trojans (Dridex).
Cross-site scripting (XSS) and cross-site request forgery (CSRF)
A cross-site scripting attack inserts a malicious script into an otherwise trustworthy website to collect users’ private data. Usually, it does so by recording the information the victims are typing into the website’s login fields. Hackers send malicious scripts to the end user’s browser, which cannot recognize if the script is malicious, allowing malware to operate and access cookies, search history, and other sensitive data saved by the browser. XSS employs the following techniques to crack a browser’s functionality:
- Reflected XSS
- Persistent XSS
- DOM-based XSS
Cross-site request forgery works with the help of social engineering and forces the end user to perform unwanted actions on a website. The attacker may send a malicious link to trick the victim into clicking on it and performing unfortunate actions, such as transferring funds or giving away personal account credentials. If the victim has an administrative account, attackers can intrude and compromise the entire network or system.
Eavesdropping attacks
Eavesdropping attacks (snooping or sniffing) are when criminals interfere with the network traffic traveling through computers, mobile devices, and IoT devices and listen to or read the data transmitted between two devices. This type of cyberattack is widespread in wireless communications. Unsuspecting users may give away their banking information, account credentials, and intellectual property. Some of the most common eavesdropping attacks include MITM, sniffing, eavesdropping on public Wi-Fi, physical wiretapping, and malware-based eavesdropping.
Password attack
Hackers attack passwords by cracking passwords and gaining access to unauthorized computer systems. The attacker may use various techniques to obtain the credentials of a legitimate user:
- Brute force attack. In a brute force attack, the hacker attempts to decode a password by trying every possible combination of characters until they find the correct one. Even though such a technique is time-consuming, it is effective. However, it may be less efficient against strong and complex passwords containing symbols and uppercase letters.
- Dictionary attack. Instead of forcing random combinations, hackers use a list of the most common passwords from user behavioral patterns retrieved from previous security breaches. Threat actors usually use an automated tool that creates random variations of passwords by adding prefixes, suffixes, and numbers.
- Rainbow table attack. A rainbow table attack is carried out using a rainbow table to hijack the password hashes collected in a website’s database. Applications don’t store passwords in text format. Passwords usually get encrypted and converted to hashes. The rainbow table contains password hash values representing each plain text symbol used for authenticating a user. If a hacker has access to the list of hashes, cracking passwords becomes a piece of cake.
Credential stuffing
Credential stuffing is a term that encompasses a group of password attacks and a subset of brute force attacks, where attackers gain unauthorized access to user accounts through forced injection of breached login credentials into login forms. Hackers use automated tools to carry out credential dumping, making the attack more efficient. They usually use the same breached credentials on different services, assuming the user reuses usernames and passwords.
Internet of Things (IoT) attacks
IoT attacks are carried out through smart TVs, watches, thermostats, and other smart devices. Hackers may compromise these appliances using different techniques, such as device spoofing, eavesdropping, password cracking, firmware manipulation, zero-day, MITM, and DDoS attacks. However, the essence of the attack usually remains the same – a hacker aims to infect the devices with malware to damage the appliance and obtain unauthorized access to personal user data.
Cyberattack methods
Now, let’s take a look at how hackers carry out cyberattacks. They perform them in four main ways:
- Passive attacks — usually non-disruptive operations where the perpetrators try to conceal their activities so the target never knows they happened in the first place. Passive attacks are typically used to collect or steal data in cyber espionage.
- Active attacks — typically aggressive offensives meant to disrupt or destroy personal devices, networks, or even whole infrastructures. These types of assaults can target individuals, organizations, or even countries.
- Insider attacks — as the name suggests, these types of assaults are carried out by someone who already has authorized access to the systems they’re targeting.
- Outsider attacks — outsider attacks are executed by those outside the perimeter they’re attacking. Outsiders can range from petty criminals to hostile states.
Common cyberattack targets
Anyone from the everyday internet user to large enterprises can fall victim to cybercrime. The following are the most common targets:
- Individual internet users
- Businesses and corporations
- Government agencies
- Healthcare organizations
- Educational institutions
- Critical infrastructure (e.g., power grids, water supply)
- Telecommunications
- Data centers
The threatening consequences of cyber warfare and cyberterrorism highlight the need for organizations and individuals to take preventive action against cybercriminals.
Cyberattack outcomes
Cyberattacks were one of the top five threats in 2020, and as the years go by, hackers are discovering new ways to exploit target system vulnerabilities. To get a better idea of the scale of the problem, 67% of the American population has experienced a cyberattack. In 2021, more than 623 million ransomware attacks were carried out (twice as many as in 2020), with an average ransomware charge of $812,000.
As the number of cyberattacks increases, it is essential for both individuals and organizations to learn how to manage them and to educate themselves about personal cybersecurity. You may also head to our Cybersecurity and Privacy Research Lab for articles prepared by our research team on security threats and risks related to IT systems.
How can I prevent a cyberattack?
While it may seem that cyber threats are lurking around every corner of the internet, there are some things you can do to protect yourself and your organization. You can follow these tips to prevent cyberattacks and improve your overall internet security.
- Use an antivirus. An antivirus is the first line of defense against malicious software. It will protect your device, and it will help mitigate the damage if it does get infected. Also, use NordVPN’s Threat Protection Pro feature, which will help you identify malware-ridden files, stop you from landing on malicious websites, and block trackers and intrusive ads on the spot.
- Keep your software up to date. Software updates aren’t just about getting new features on your app. They also contain crucial vulnerability patches that criminals could otherwise abuse.
- Avoid public Wi-Fi hotspots. Criminals love public hotspots. Weak network security and plenty of victims to choose from make everyone connected to it an easy mark.
- Use a VPN. Using public Wi-Fi is sometimes unavoidable. That’s when VPNs shine. They encrypt your internet connection so no one can eavesdrop on your online activities.
- Limit information about yourself online. Your birth date or the name of the city you grew up in can be invaluable to criminals. The more information they know about you, the more ammunition they have when trying to trick you (or answering security questions).
- Use browser extensions for security. Browsers usually offer plenty of extensions designed to protect you online. From ad blockers and anti-trackers to malicious website blockers, there’s a lot to choose from.
- Only download apps from reputable sources. Try to download apps exclusively from secure channels like official app stores. The apps there undergo rigorous checks, making them less likely to contain hidden malware.
- Don’t click unfamiliar links. Regarding social engineering attacks, keeping a cool head is vital. Before clicking on the link offering you to make a quick buck, consider whether it sounds a bit too good to be true. If it does, it’s probably a scam. If you absolutely must, hover over a link with your mouse before clicking.
- Secure your home Wi-Fi. Use strong encryption for your home Wi-Fi and change default login credentials.
Essential cybersecurity practices for businesses
Follow these tips to ensure data safety in the business environment:
- Update your software regularly. Keep your enterprise operating systems, applications, and security software up to date. The newest updates usually contain the latest security patches against known vulnerabilities.
- Back up your data. Do regular backups of your important business data. Use off-site cloud storage to store your files in case of a cyberattack or hardware failure.
- Provide staff training. Train your staff to behave safely online and recognize and manage cyberattacks or security breaches.
- Limit user privileges. Only provide access to information that is necessary for an employee’s job. This will help control the security damage if an employee’s account gets compromised.
- Employ network firewalls. Implement strong firewall protection on your computer networks, protecting against outside cyberattacks and unauthorized access to internal data.
- Use a business VPN. A company VPN encrypting your online traffic can help secure your data on-site and while working remotely.
- Secure physical access. Ensure no bad actors can physically access your enterprise premises or server rooms.
- Run security audits and assessments. Security audits, threat hunting, and assessments may help you protect sensitive data, identify vulnerabilities, and maintain current cybersecurity practices.
- Prepare an incident response plan. Prepare a comprehensive incident response plan to help you respond to data leaks and breaches, cyberattacks, and other security incidents.