A cyber attack is a deliberate, malicious action taken by an individual or group. The aim is to gain unauthorized access to a computer system, network, or digital device. The goal is typically to steal, alter, expose, disable, or destroy data or to disrupt operations.

Common Types of Cyber Attacks

Cybercriminals use a variety of techniques to exploit vulnerabilities. The most common types of cyber attacks include:

Malware Attacks

Malware is a broad term for any software designed to cause damage, gain unauthorized access or steal data. It can be delivered via email attachments, malicious links, or compromised websites.

• Ransomware: A type of malware that encrypts a victim’s files or locks their entire system. Attacker then demands a ransom payment for the decryption key or to restore access.
• Viruses: Malicious code that attaches itself to legitimate programs and self-replicates, spreading to other files and systems.
• Worms: Self-replicating malware that spreads independently across a network without needing to attach to a host file or be activated by a user.
• Trojan Horse: Malware disguised as a legitimate or useful program to trick the user into installing it. It often creates a backdoor for the attacker.

Phishing and Social Engineering

These attacks manipulate individuals into performing an action or divulging sensitive and confidential information. They often exploit human trust rather than technical flaws.

• Phishing: The most common form, where an attacker sends fraudulent communications (usually emails) that appear to come from a reputable or trusted source. The goal is to trick the recipient into clicking a malicious link, downloading an infected attachment, or entering credentials on a fake website.
• Spear Phishing: A highly targeted phishing attack aimed at a specific individual, organization, or business unit. The attacker uses personal information, often gathered from public sources, to make the message seem convincing.
• Whaling: A type of spear phishing attack specifically targeting high-profile individuals, such as CEOs or senior executives.
• Business Email Compromise (BEC): A scam that tricks employees into wiring money or sharing confidential data by impersonating a trusted executive or a legitimate business partner.

DoS and DDoS Attacks

These attacks aim to overwhelm a target server, website, or network resource with a flood of traffic or requests. This attack makes the resource unavailable to legitimate users.

• DoS (Denial-of-Service): The attack originates from a single source (computer).
• DDoS (Distributed Denial-of-Service): The attack originates from multiple, distributed compromised devices (often part of a network called a botnet), making it much harder to block and overwhelming the target on a massive scale.

Man-in-the-Middle (MITM) Attacks

In a MITM attack, the attacker secretly intercepts and relays communications between two parties who believe they are communicating directly with each other. This allows the attacker to steal information like login credentials or alter the communication. These often exploit unsecure communication channels, such as public Wi-Fi networks.

Injection Attacks

These attacks occur when an attacker inserts (injects) malicious code into a vulnerable application, causing it to perform unintended actions.

• SQL Injection (SQLi): An attacker exploits a vulnerability in an application’s data input field by inserting a malicious SQL query. This can allow them to view, modify, or delete data in the application’s database.
• Cross-Site Scripting (XSS): An attacker injects malicious client-side scripts into a legitimate website. When other users visit the site, their browsers execute the script, which can steal their session cookies or other sensitive information.