Exposed sensitive information, drained bank accounts, and stolen identities are just a few of the terrifying consequences of a cyberattack. But there are ways you can protect yourself, and knowing what’s out there can help you stay safe. So let’s take a look at how they work, what the most common cyberattacks are, and how to protect yourself.
What is a cyberattack?
Cyberattack is a broad term for cybercrime that covers any deliberate assault on computer devices, networks, or infrastructures. Cyberattacks may be carried out for financial, vindictive, or ideological reasons, although some hackers also target high-profile systems for notoriety.
Cyberattacks can be carried out by an individual — like a hacker — or an organization and can target people, organizations, or even countries (this is called cyber warfare).
Types of cyberattacks
Method of attack
There are countless types of cyberattacks, but before getting to the most common ones, let’s take a look at how they are carried out. There are four main methods for how a cyberattack is carried out:
- Passive attacks — usually non-disruptive operations where the perpetrators try to conceal their activities so the target never knows they happened in the first place. Passive attacks are usually used to collect or steal sensitive information in cyber espionage.
- Active attacks — these are typically aggressive offensives meant to disrupt or destroy personal devices, networks, or even whole infrastructures. These types of assaults can target individuals, organizations, or even countries.
- Insider attacks — as the name suggests, these types of assaults are carried out by someone who already has authorized access to the systems they’re targeting.
- Outsider attacks — outsider attacks are executed by those outside the perimeter they’re attacking. Outsiders can range from petty criminals to hostile states.
Now let’s take a look inside a cyberattack. While this barely scratches the surface of what’s out there, it covers some of the most common ways cybercriminals do their dirty work. Here’s a list of types of cyberattacks that are quite popular:
- DDoS attack. A distributed denial of service is an internet cyberattack designed to disrupt a service, server, or network by overwhelming it with online traffic. It overwhelms the target using a network of infected computers, so the service can’t accept any legitimate traffic. These types of attacks can slow service to a crawl or take it down entirely.
- Malware. Malware is an umbrella term for any malicious software designed to harm or otherwise take advantage of whoever runs it. It can range from software that secretly collects information about the victim or bombards them with annoying ads, to encrypting and holding the user’s data for ransom.
- Social engineering attacks. A social engineering attack tricks the user into revealing sensitive data, installing malware, or transferring money to the perpetrator. Cybercriminals usually fake websites and messages, impersonating trusted figures such as bank officials or websites to manipulate the mark to carry out actions against their interests.
- Man-in-the-middle attack. During a man-in-the-middle attack, the criminal intercepts communication between the user’s computer and the recipient like an app, website, or another user. Then, the attacker can manipulate the communications and obtain the victim’s exposed data.
- Zero-day exploits. Zero-day exploits target vulnerabilities in software or networks before patches have been released.
- Cross-site-scripting. This attack inserts a malicious script into an otherwise trustworthy website to collect its users’ private data. Usually, it does so by recording the information the victims are typing into the website’s login fields.
- Password cracking techniques. Hackers use different methods for cracking passwords, like brute force attacks, dictionary attacks, or rainbow table attacks.
- SQL injection. A Structured Query Language injection tricks a website into interpreting malicious SQL code as actionable. This way, perpetrators can get the site to turn over information that would otherwise be confidential.
Mar 08, 2021
8 min read
Sep 25, 2017
3 min read
Cyber threats prevention
Cyberattacks can be disastrous — as these cyber crime stories show. And while it may seem that cyber threats are lurking around every corner of the internet, there are some things you can do to protect yourself.
- Use antivirus. Antivirus is the first line of defense against malicious software. It will protect your device, and it will help mitigate the damage if it does get infected. Also use NordVPN’s Threat Protection feature that will help you to identify malware-ridden files, will stop you from landing on malicious websites, and will block trackers and intrusive ads on the spot.
- Keep your software up to date. Software updates aren’t just about getting new features on your app. They also contain crucial vulnerability patches that could otherwise be abused by criminals.
- Avoid public Wi-Fi hotspots. Criminals love public hotspots. Weak security and plenty of victims to choose from make everyone connected to it an easy mark.
- Use a VPN. There are scenarios where using public Wi-Fi is unavoidable. That’s when VPNs shine. They encrypt your internet connection so no one can eavesdrop on your online activities.
- Limit information about yourself online. Your birth date or the name of the city you grew up in can be invaluable to criminals. The more information they know about you, the more ammunition they have when trying to trick you (or answering security questions).
- Use browser extensions for security. There are plenty of browser extensions designed to protect you online. From ad blockers and anti-trackers to malicious website blockers, there’s a lot to choose from. To make sure you get the right plugins, check out our browser extension recommendations to improve your security.
- Only download apps from reputable sources. Try to download apps exclusively from secure channels like official app stores. The apps there undergo rigorous checks so they are less likely to contain hidden malware.
- Don’t click unfamiliar links. When it comes to social engineering attacks, keeping a cool head is vital. Before clicking on the link offering you to make a quick buck, consider whether it doesn’t sound a bit too good to be true. If it does, it’s probably a scam. If you absolutely must, hover over a link with your mouse before clicking on it.
Online security starts with a click.
Stay safe with the world’s leading VPN