By: Nigel Basta and Nathan Young
As the internet rose in prominence, cyber attacks followed closely behind. Nefarious hackers were quick to develop numerous ways to infiltrate or disable private accounts to steal money and information, or just cause trouble. Such attacks can cause significant harm to individuals, organizations, and even governments.
Cyber attacks, as they came to be known, can vary in sophistication and impact. Some will indiscriminately cast a wide net and exploit any vulnerable target they can find. Others will target specific people or organizations.
The goals of cyber attacks can vary widely too. They’ll get financial information they can use to extract funds, or take over accounts as a way to assume another person’s identity or hold the account for ransom. They may also look to shut down or deny service to a platform to ruin its reputation or as part of a larger political goal.
And even though massive amounts of investment have been put into thwarting cyber attacks, hackers have adjusted quickly and cyber attacks have grown in prominence every year.
As such, cyber security is a growing industry, with many organizations realizing the threat and bringing resources in-house to manage the challenges. Protecting against cyber attacks requires a multi-layered approach, including regular software updates, strong passwords, security awareness training, anti-malware software, firewall protection, and encryption.
Understanding the different types of cyber-attacks is also crucial. Staying informed about the latest threats and adopting best practices will help individuals and organizations mitigate against potential cyber risks and better implement effective cybersecurity measures to protect against threats.
Below is a guide to some of the most common types of cyber attacks. Whether you're a casual internet browser or cyber security professional, knowing the common types of cyber attacks can be helpful to have a better understanding of what to protect yourself against.
- Viruses:
Viruses are perhaps the most notorious variety of cyber attack. They are malicious programs that infect computer systems by attaching themselves to legitimate files or software. The virus could be hidden in an attachment to an email or within a program downloaded from the internet. When the infected file or software is opened it unleashes the virus to replicate and spread to other devices, causing system crashes, data loss, and unauthorized access to information.
- Malware Attacks:
Malware is an umbrella term for malicious software that includes viruses, as well as worms, “Trojan horses,” ransomware, and more. The attacks aim to exploit vulnerabilities and compromise the target system's integrity, confidentiality, or availability. The malicious aspect of malware is that it typically seeks to create a backdoor access route into a system. Once they gain access the malware can be programmed to funnel information out of the system or, in the case of ransomware, take over a system so the hacker can demand payment to give it back.
- Phishing Attacks:
If you’ve ever gotten an email that purports to be from a reputable company or brand, but something seems off, you’re right to be suspicious. It might be a potential phishing attack. Phishing attacks involve deceiving individuals into revealing sensitive information such as usernames, passwords, credit card numbers, or other personal data. Attackers often impersonate trusted entities through emails, messages, or websites. They’ll include a link to a website that will ask for login information or prompt the victim to make a payment. Once the information is entered into the dummy website, the hacker can use it to gain access to the victims real accounts or charge money on the card. Phishing attacks are typically aimed at individuals and are targeted widely. They will try to exploit any “bites” they get.
- Password Attacks:
Password attacks are attempts to gain unauthorized access to an account or system by exploiting weak passwords or vulnerabilities in password storage mechanisms. Common password attacks include brute force attacks, dictionary attacks, and password cracking. These can be especially effective when individuals or organizations don’t have password security measures, such as more complex password parameters or two-factor authentication. Once hackers access the victim’s account, they can steal information, impersonate the victim, or use the account to initiate another form of cyber attack.
- Vishing Attacks:
Much like a phishing attack, vishing (voice phishing) attacks involve a set of techniques called social engineering to manipulate victims into divulging confidential information, such as account credentials or financial details. The attacker might pose as customer support for a company the victim does business with and ask them to verify details as needed to access the victim’s accounts. In more malicious cases, the caller might impersonate a friend, family member, or coworker to trick the victim into providing login or payment information. This type of attack is becoming more prevalent with the advent of artificial intelligence (AI) voice duplication technology.
- Man-in-the-Middle (MitM) Attacks:
MitM attacks occur when an attacker intercepts and possibly alters the communication between two parties who believe they are communicating directly with each other. They may eavesdrop on the conversion to collect sensitive data, such as logins or payment information. The hacker might also alter the communication to prompt the sending of sensitive information or insert other malicious content. What makes these attacks effective is that they are seemingly coming from a credible source and are less likely to be questioned by the person on the receiving end.
- DoS/DDoS Attacks:
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks aim to overwhelm a target system or network with excessive traffic, rendering it unavailable to legitimate users. This disrupts services and can lead to financial losses or reputational damage. Since the attack is originating externally, protection involves recognizing when such an attack might be happening and blocking untrusted traffic.
- Brute Force Attacks:
Brute force attacks involve systematically attempting all possible combinations of passwords until the correct one is found. These can be perpetrated by bot programs and are particularly effective against weak passwords or poorly protected systems. Once they have access they can steal valuable information, take over a system and hold it for ransom, or impersonate the person who owns the account.
- Spyware and Keylogger Attacks:
Spyware is software that secretly collects information about a user's activities without their knowledge. Keyloggers are a type of spyware that record keystrokes, including passwords and sensitive data, which they then send to the attacker. The software can get into your system as a type of malware or virus, and once the attacker has your password or other information they can seek to gain access to additional accounts.
- Cross-Site Scripting (XSS) Attacks:
Cross-Site Scripting, or XSS attacks, target web applications by injecting malicious scripts into websites viewed by other users. When the compromised website is accessed by other users, the attacker's script executes in their browsers, allowing the attacker to steal cookies, session data, or other sensitive information. These types of attacks target unprotected websites and potentially give the attacker access to all the visitors of the website, broadening the reach of the attack.
- SQL Injection Attacks:
SQL injection attacks target web applications that use SQL databases. Attackers insert malicious SQL code into input fields to manipulate the application's database, gain unauthorized access to sensitive data, or even execute commands on the server. Such an attack can give hackers access to an entire database which can contain extensive customer information and more.
While the above are some of the most common attack methods, the world of cyber attacks is always growing and changing. It's important to always be aware and keep informed of other types of attacks that can happen to protect yourself and your broader network.
To learn more about how to protect yourself, or become a cyber security professional, you can explore the UC San Diego Division of Extended Studies Cybersecurity Professional Series