What is a cyberattack? Common types and how to prevent them

How do cyberattacks happen?

Threat actors have a variety of reasons for conducting cyberattacks, and understanding their motivations can help you stay prepared. Let’s take a look at the most common ways that various types of cyberattacks happen.

• Active attacks: Hackers use aggressive tactics to infiltrate systems, cause damage, spy, or exfiltrate data. When targeting individuals, they will often focus on obtaining sensitive personal information to sell on the dark web or use for identity theft. When targeting organizations, these attacks focus on damaging systems and disrupting operations.
• Passive attacks: These non-disruptive attacks are used for reconnaissance in cybersecurity, rather than causing direct damage. Hackers will use cyber espionage techniques to infiltrate systems and steal information without being detected. 
• Insider threats: An employee, business partner, or someone else with access to your systems could use that access for malicious purposes. These attacks are often vindictive or conducted as retribution. 
• Outsider threats: Outsider threats come from outside your organization or system. Hackers use a variety of creative techniques to steal credentials or force their way into your systems. 

PRO TIP: Be extremely cautious when you receive communications from popular brands. According to NordVPN’s research on common cyber threats, 99% of phishing attacks exploit just 300 well-known brands to deceive victims and harvest their credentials. Always verify the sender’s identity and avoid clicking on suspicious links, even if the message appears legitimate.

Who is responsible for cyberattacks? 

Cyberattacks can come from a variety of different sources. These include: 

• Malicious hackers. Many attacks are conducted by independent hackers, who are usually opportunistic individuals with advanced technical skills. Individual hackers often focus on stealing bank account information or other data they can use for financial gain. 
• Cybercriminal organizations. Some attacks are conducted by larger cybercriminal groups. These groups can pool their talent and resources to launch more sophisticated attacks.
• Nation-states. Some governments use their extensive resources to conduct politically motivated attacks against other countries or specific organizations. For example, North Korea has been known to conduct cyberattacks and espionage that targets Western countries. It’s highly likely that North Korean cyber groups were responsible for the global WannaCry malware attack in 2017. 

Who are the targets of cyberattacks?

Anyone who uses the internet could be a target of a cyberattack. The most common cyberattack targets include: 

• Individuals.
• Businesses and corporations, particularly in the healthcare, finance, and education industries.
• Government agencies.
• Critical infrastructure, such as power grids or water distribution centers.
• Data centers.
• Telecommunications providers. 

Common types of cyberattacks

Hackers use several different types of cyberattacks to compromise their target systems. Let’s break down some of the most common types of cyberattacks and how they work. 

Malware

Malware is a category of malicious software programs designed to cause harm to their users. Several different types of malware exist, including:

• Viruses. This type of malicious software copies itself and spreads by infecting files or programs on a device. Some viruses are destructive, corrupting or deleting data, while others are designed to steal information, create backdoors, or simply replicate without causing immediate harm.
• Worms. Similar to a virus, a worm copies itself to spread between devices and corrupt files. However, worms replicate without a host file. 
• Ransomware. This software encrypts data on the target device, requiring the user to pay a ransom fee to get it back. 
• Spyware. This software lurks in the background on your computer, gathering sensitive data and transmitting it to a hacker. 
• Trojan horses. This type of malware is hidden in a software program that looks legitimate, but it runs in the background to steal or damage your data.  

One of the most notable malware attacks in recent years was the Change Healthcare attack of 2024. The ALPHV/BlackCat ransomware group took credit for the attack, which disrupted healthcare operations across the United States for weeks. 

Social engineering

Social engineering attacks use psychological tactics to trick targets into sharing sensitive data or granting access to protected systems. These attacks do not rely on the hacker’s technical expertise but instead use manipulation techniques to trick targets. 

One of the most common types of social engineering is phishing. In a phishing attack, the cybercriminal will send an email or other message to the target posing as a trustworthy contact.  For example, the hacker might send a message posing as a platform like Amazon, telling the target that they have a new charge on their account. The target clicks on a link, which takes them to a fake website designed to capture their login information. 

When comparing hacking vs. phishing, it's important to note that phishing is actually a form of hacking. It relies on deception and social engineering rather than code-based exploits. While traditional hacking uses technical methods to break into systems, phishing tricks users into willingly giving up sensitive information. In recent years, phishing schemes have become more sophisticated and harder to detect, partly due to the widespread availability of generative AI tools that help scammers craft convincing messages.

SQL injection

A Structured Query Language injection, or SQL injection, is an attack targeting applications that rely on SQL databases. In the attack, the hacker injects malicious code into the application, which interprets the code as if it were legitimate. This type of attack could expose the data in your database or even give the hacker administrative access to your system. 

One of the largest SQL injection attacks ever happened in 2007, when hackers targeted a large-scale payment system used by 7-Eleven and several other retail chains. The attack exposed millions of credit card numbers and other sensitive financial data. 

Credential stuffing

In a credential stuffing attack, a hacker collects a large volume of usernames and passwords, usually by purchasing them on the dark web or by using large-scale social engineering attacks. Then, they’ll use automated scripts or bots to test these username and password combinations across different platforms until they gain account access. 

A similar type of attack is credential dumping. In this attack, the hacker breaks into your device’s RAM to find username and password combinations stored there. Then they’ll use this information to break into as many of your accounts as possible. 

DNS tunneling

In a DNS tunneling attack, the hacker exploits legitimate DNS protocols to communicate with a target server, often bypassing a firewall or other security measures. Hackers can use DNS tunneling to transmit malware, steal sensitive data, or gain control of secure systems remotely. 

Supply chain attacks

In a supply chain attack, a hacker will indirectly target an organization by attacking their third-party vendors and business partners. These vendors often have systems that are connected to the target company’s infrastructure, providing a backdoor entrance. These attacks compromise the flow of goods and services, preventing the company from operating normally.  

In 2013, retail chain Target suffered a significant data breach as a result of a supply chain attack. Hackers attacked one of Target’s vendors, giving them direct access to sensitive customer information. 

Denial-of-service (DoS) attacks

The goal of a DoS attack is to overwhelm the target system with traffic so it cannot function properly. DoS attacks often serve as a distraction while hackers use other techniques to break into the system. 

In a standard DoS attack, the hacker uses a single piece of hardware and IP address. In a distributed denial-of-service attack, or DDoS attack, the hacker uses multiple machines to create an even higher attack volume. DDoS attacks often rely on botnets of compromised IoT devices. 

Man-in-the-middle attacks

In a man-in-the-middle attack, hackers will intercept, alter, and relay messages between two parties. MITM attacks can compromise emails, instant messages, or other digital communications, and they often start on unprotected public Wi-Fi networks. 

With an MITM attack, hackers can steal sensitive information without their targets knowing. By altering the messages, they can also launch other cyberattacks and compromise the recipient’s systems. 

Cross-site scripting (XSS)

Cross-site scripting attacks are a type of injection, but instead of targeting an internal system, they target a website’s end users. This happens when a hacker places malicious code in a web application, which transmits that code to the end user. The code then instructs that device to send over secure login details or other essential information.

Zero-day exploits

Zero-day exploits target vulnerabilities in a software program that the developers are not yet aware of. Hackers will comb through these programs looking for small errors or oversights they can use to gain control of the system and cause damage. Because the developers aren’t aware of the vulnerability, the hackers have more time to achieve their goals before they get caught. 

Password attack

With password attacks, hackers use compromised passwords to access secure accounts. Many use brute force strategies to generate and test possible passwords. Others use social engineering or hacking to steal passwords from unsuspecting users. Once the hackers take control of the accounts, they can steal financial credentials and other sensitive data. 

Eavesdropping attacks

In an eavesdropping attack, hackers use public Wi-Fi networks to spy on others and steal their information. These attacks are usually done using packet sniffing, which is where the hacker intercepts and evaluates data packets as they move through the network. This way, they can steal login details and other sensitive information without the victim knowing. Using a VPN to encrypt your web traffic can help you stay safe and avoid these attacks on public Wi-Fi. 

Internet of things (IoT) attacks

IoT devices such as smart thermostats, security systems, or fitness trackers are common targets for hackers. IoT devices tend not to have many built-in security features, which makes them easy for cybercriminals to take control of. In these IoT attacks, hackers will often use devices to create a botnet. Hackers also use IoT devices for WiFi eavesdropping, to launch malware attacks, or to otherwise compromise secure systems. 

Effects of cyberattacks on victims

Whether they’re targeting individual users or large organizations, cyberattacks can be devastating for victims. 

For individuals, cyberattacks can result in significant financial loss and cause further security issues. For example, phishing victims in the US in 2023 lost an average of $5,807 per attack. In many cases, cyberattacks on individuals lead to identity theft, forcing the victim to re-secure their bank accounts and credit cards. This process can be very stressful and inconvenient. 

For organizations, the stakes of a cyberattack are even higher. In 2024, the average global cost of a data breach was $4.9 million. These costs include direct financial loss from the attack as well as the cost of repairs, downtime, and lost sales. A cyberattack can severely damage an organization’s reputation, making it difficult to attract new customers in the future. 

How to detect and respond to cyberattacks

Responding to a cyberattack right away can help limit the effects of the damage. Here are some warning signs that your system is currently under attack:

• Your files have been locked or encrypted. 
• You notice unauthorized logins to your online accounts. 
• You notice unfamiliar charges on your bank statements. 
• The data usage on your smartphone spikes, even though your activity level hasn’t changed. 
• You notice apps or browser extensions on your device that you didn’t install. 
• You’ve been unexpectedly logged out of your accounts and are unable to log back in. 

If you notice any of these signs, contact your bank right away and change the password on your online accounts. Take your device to an IT expert to identify the problem and re-secure your systems. 

System monitoring tools can help you respond to cyberattacks faster. Consider using tools like antivirus software to identify cyberattacks as they happen. Organizations should also have a documented incident response plan that outlines what to do in the event of a cyberattack. You’ll need to determine the right types of cybersecurity tools to use based on your business model. 

How to prevent cyberattacks

Since cyberattacks are so common, you need a strategy in place to prevent them from happening. For individuals, this means using the right tools and learning how to spot red flags online. For businesses, this means building a structured cybersecurity plan that includes secure hardware and software, system monitoring, and incident response preparedness. 

Here’s how to prevent cyberattacks on your systems: 

• Use antivirus and anti-malware tools. These tools will help protect your device from dangerous virus infections or malware downloads. NordVPN’s Threat Protection Pro™ is a great option that helps you avoid malware-ridden files, phishing emails, and digital trackers.
• Update your software regularly. Since hackers like to exploit outdated software programs, make sure you’re installing new patches and updates as soon as they’re available. 
• Use a VPN. A VPN will encrypt your online traffic to prevent eavesdropping attacks. This is especially important when you’re working on public Wi-Fi networks. 
• Don’t click on unfamiliar links or downloads. Hackers often use fake websites or app downloads to launch their attacks. Don’t click on any links or downloads unless you know exactly where they come from. 
• Be cautious when sharing sensitive information. Only share personal information with trusted sources. The less information you share online, the more difficult it is for hackers to target you. 
• Use strong passwords and multi-factor authentication. Use a password management tool to set up complex passwords that hackers won’t be able to guess. When available, enable multi-factor authentication for an extra layer of protection. 

The biggest cyberattacks in history

Let’s take a look at some of the biggest cyberattacks in history and how they impacted both businesses and their customers. Although these cyberattacks were devastating, we can learn from them to protect ourselves from future threats. 

The Equifax data breach

In May 2017, credit bureau Equifax experienced a large-scale data breach that affected 147.9 million Americans. Equifax was using an outdated version of Apache Struts on its website, which contained a significant vulnerability. Hackers exploited this vulnerability to break into Equifax’s internal systems. 

Over the course of three months, the hackers extracted records containing Social Security numbers, addresses, and other sensitive information from Equifax users. This data breach led to a large-scale class action suit as well as penalties from the FTC. 

The Wannacry ransomware attack

In May 2017, hackers launched the WannaCry ransomware cryptoworm, which spread through computers using Microsoft Windows. This program encrypted files on infected computers and demanded Bitcoin payments to release them. 

The attack used a leaked Microsoft Windows exploit called EternalBlue, which had originally been developed by the NSA. After this leak, Microsoft released a patch, but many users did not install the patch in time to prevent the attack. The attack only lasted a few hours before cybersecurity researchers found a kill switch, but it affected more than 300,000 computers around the world. The US and UK governments have attributed the attack to Lazarus Group, a North Korean cyber warfare organization, for the attack, but its involvement has not been confirmed. 

The Stuxnet attack

Stuxnet is a computer worm that was first detected in July 2010, although it had likely already existed for several years prior to launch. This worm was responsible for significant damage to Iran’s nuclear program, destroying an extensive number of nuclear centrifuges and industrial computers. News outlets reported that the United States and Israel were behind the attack, although neither country has ever taken full responsibility.