Most Common Types of Cyber Attacks

Kurt Baker - January 24, 2023

What Is a Cyber Attack?

A cyber attack is an attempt by cybercriminals, hackers or other digital adversaries to access a computer network or system, usually for the purpose of altering, stealing, destroying or exposing information.

Cyberattacks can target a wide range of victims from individual users to enterprises or even governments. When targeting businesses or other organizations, the hacker’s goal is usually to access sensitive and valuable company resources, such as intellectual property (IP), customer data or payment details.

What are the Most Common Types of Cyber Attacks?

  1. Malware
  2. Denial-of-Service (DoS) Attacks
  3. Phishing 
  4. Spoofing 
  5. Identity-Based Attacks
  6. Code Injection Attacks
  7. Supply Chain Attacks
  8. Insider Threats
  9. DNS Tunneling
  10. IoT-Based Attacks

1. Malware

Malware — or malicious software — is any program or code that is created with the intent to do harm to a computer, network or server. Malware is the most common type of cyberattack, mostly because this term encompasses many subsets such as ransomware, trojans, spyware, viruses, worms, keyloggers, bots, cryptojacking, and any other type of malware attack that leverages software in a malicious way.

TypeDescription
RansomwareIn a ransomware attack, an adversary encrypts a victim’s data and offers to provide a decryption key in exchange for a payment. Ransomware attacks are usually launched through malicious links delivered via phishing emails, but unpatched vulnerabilities and policy misconfigurations are used as well.
Fileless MalwareFileless malware is a type of malicious activity that uses native, legitimate tools built into a system to execute a cyber attack. Unlike traditional malware, fileless malware does not require an attacker to install any code on a target’s system, making it hard to detect.
SpywareSpyware is a type of unwanted, malicious software that infects a computer or other device and collects information about a user’s web activity without their knowledge or consent.
AdwareAdware is a type of spyware that watches a user’s online activity in order to determine which ads to show them. While adware is not inherently malicious, it has an impact on the performance of a user’s device and degrades the user experience.
TrojanA trojan is malware that appears to be legitimate software disguised as native operating system programs or harmless files like free downloads. Trojans are installed through social engineering techniques such as phishing or bait websites.
WormsA worm is a self-contained program that replicates itself and spreads its copies to other computers. A worm may infect its target through a software vulnerability or it may be delivered via phishing or smishing. Embedded worms can modify and delete files, inject more malicious software, or replicate in place until the targeted system runs out of resources.
RootkitsRootkit malware is a collection of software designed to give malicious actors control of a computer network or application. Once activated, the malicious program sets up a backdoor exploit and may deliver additional malware
Mobile MalwareMobile malware is any type of malware designed to target mobile devices. Mobile malware is delivered through malicious downloads, operating system vulnerabilities, phishing, smishing, and the use of unsecured WiFi.
ExploitsAn exploit is a piece of software or data that opportunistically uses a defect in an operating system or an app to provide access to unauthorized actors. The exploit may be used to install more malware or steal data.
ScarewareScareware tricks users into believing their computer is infected with a virus. Typically, a user will see scareware as a pop-up warning them that their system is infected. This scare tactic aims to persuade people into installing fake antivirus software to remove the “virus.” Once this fake antivirus software is downloaded, then malware may infect your computer.
KeyloggerKeyloggers are tools that record what a person types on a device. While there are legitimate and legal uses for keyloggers, many uses are malicious. In a keylogger attack, the keylogger software records every keystroke on the victim’s device and sends it to the attacker.

2. Denial-of-Service (DoS) Attacks

A Denial-of-Service (DoS) attack is a malicious, targeted attack that floods a network with false requests in order to disrupt business operations.

In a DoS attack, users are unable to perform routine and necessary tasks, such as accessing email, websites, online accounts or other resources that are operated by a compromised computer or network. While most DoS attacks do not result in lost data and are typically resolved without paying a ransom, they cost the organization time, money and other resources in order to restore critical business operations.

The difference between DoS and Distributed Denial of Service (DDoS) attacks has to do with the origin of the attack. DoS attacks originate from just one system while DDoS attacks are launched from multiple systems. DDoS attacks are faster and harder to block than DOS attacks because multiple systems must be identified and neutralized to halt the attack.

3. Phishing

Phishing is a type of cyberattack that uses email, SMS, phone, social media, and social engineering techniques to entice a victim to share sensitive information — such as passwords or account numbers — or to download a malicious file that will install viruses on their computer or phone.

Common phishing attacks include:

TypeDescription
Spear Phishing Spear-phishing is a type of phishing attack that targets specific individuals or organizations typically through malicious emails. The goal of spear phishing is to steal sensitive information such as login credentials or infect the targets’ device with malware.
Whaling A whaling attack is a type of social engineering attack specifically targeting senior or C-level executive employees with the purpose of stealing money or information, or gaining access to the person’s computer in order to execute further cyberattacks.
SMiShing Smishing is the act of sending fraudulent text messages designed to trick individuals into sharing sensitive data such as passwords, usernames and credit card numbers. A smishing attack may involve cybercriminals pretending to be your bank or a shipping service you use.
Vishing Vishing, a voice phishing attack, is the fraudulent use of phone calls and voice messages pretending to be from a reputable organization to convince individuals to reveal private information such as bank details and passwords.

4. Spoofing

Spoofing is a technique through which a cybercriminal disguises themselves as a known or trusted source. In so doing, the adversary is able to engage with the target and access their systems or devices with the ultimate goal of stealing information, extorting money or installing malware or other harmful software on the device.

Spoofing can take different forms, which include:

TypeDescription
Domain Spoofing Domain spoofing is a form of phishing where an attacker impersonates a known business or person with fake website or email domain to fool people into the trusting them. Typically, the domain appears to be legitimate at first glance, but a closer look will reveal subtle differences.
Email Spoofing Email spoofing is a type of cyberattack that targets businesses by using emails with forged sender addresses. Because the recipient trusts the alleged sender, they are more likely to open the email and interact with its contents, such as a malicious link or attachment.
ARP Spoofing Address Resolution Protocol (ARP) spoofing or ARP poisoning is a form of spoofing attack that hackers use to intercept data. A hacker commits an ARP spoofing attack by tricking one device into sending messages to the hacker instead of the intended recipient. This way, the hacker gains access to your device’s communications, including sensitive data.

5. Identity-Based Attacks

CrowdStrike’s findings show that 80% of all breaches use compromised identities and can take up to 250 days to identify.

Identity-driven attacks are extremely hard to detect. When a valid user’s credentials have been compromised and an adversary is masquerading as that user, it is often very difficult to differentiate between the user’s typical behavior and that of the hacker using traditional security measures and tools.

Some on the most common identity-based attacks include:

TypeDescription
Kerberoasting Kerberoasting is a post-exploitation attack technique that attempts to crack the password of a service account within the Active Directory (AD) where an adversary masquerading as an account user with a service principal name (SPN) requests a ticket, which contains an encrypted password, or Kerberos.
Man-in-the-Middle (MITM) Attack A man-in-the-middle attack is a type of cyberattack in which an attacker eavesdrops on a conversation between two targets with the goal of collecting personal data, passwords or banking details, and/or to convince the victim to take an action such as changing login credentials, completing a transaction or initiating a transfer of funds.
Pass-the-Hash Attack Pass the hash (PtH) is a type of attack in which an adversary steals a “hashed” user credential and uses it to create a new user session on the same network. It does not require the attacker to know or crack the password to gain access to the system. Rather, it uses a stored version of the password to initiate a new session.
Silver Ticket Attack A silver ticket is a forged authentication ticket often created when an attacker steals an account password. A forged service ticket is encrypted and enables access to resources for the specific service targeted by the silver ticket attack.
Credential Stuffing Credential stuffing attacks work on the premise that people often use the same user ID and password across multiple accounts. Therefore, possessing the credentials for one account may be able to grant access to other, unrelated account.
Password Spraying The basics of a password spraying attack involve a threat actor using a single common password against multiple accounts on the same application. This avoids the account lockouts that typically occur when an attacker uses a brute force attack on a single account by trying many passwords.
Brute Force Attacks A brute force attack is uses a trial-and-error approach to systematically guess login info, credentials, and encryption keys. The attacker submits combinations of usernames and passwords until they finally guess correctly.

6. Code Injection Attacks

Code injection attacks consist of an attacker injecting malicious code into a vulnerable computer or network to change its course of action. There are multiple types of code injection attacks:

TypeDescription
SQL Injection A SQL Injection attack leverages system vulnerabilities to inject malicious SQL statements into a data-driven application, which then allows the hacker to extract information from a database. Hackers use SQL Injection techniques to alter, steal or erase application's database data.
Cross-Site Scripting (XSS) Cross Site Scripting (XSS) is a code injection attack in which an adversary inserts malicious code within a legitimate website. The code then launches as an infected script in the user’s web browser, enabling the attacker to steal sensitive information or impersonate the user. Web forums, message boards, blogs and other websites that allow users to post their own content are the most susceptible to XSS attacks.
Malvertising Malvertising attacks leverage many other techniques to carry out the attack. Typically, the attacker begins by breaching a third-party server, which allows the cybercriminal to inject malicious code within a display ad or some element thereof, such as banner ad copy, creative imagery or video content. Once clicked by a website visitor, the corrupted code within the ad will install malware or adware on the user’s computer.

7. Supply Chain Attacks

A supply chain attack is a type of cyberattack that targets a trusted third-party vendor who offers services or software vital to the supply chain. Software supply chain attacks inject malicious code into an application in order to infect all users of an app, while hardware supply chain attacks compromise physical components for the same purpose. Software supply chains are particularly vulnerable because modern software is not written from scratch: rather, it involves many off-the-shelf components, such as third-party APIs, open source code and proprietary code from software vendors.

8. Insider Threats

IT teams that solely focus on finding adversaries external to the organization only get half the picture. Insider threats are internal actors such as current or former employees that pose danger to an organization because they have direct access to the company network, sensitive data, and intellectual property (IP), as well as knowledge of business processes, company policies or other information that would help carry out such an attack.

Internal actors that pose a threat to an organization tend to be malicious in nature. Some motivators include financial gains in exchange for selling confidential information on the dark web, and/or emotional coercion using social engineering tactics. On the other hand, some insider threat actors are not malicious in nature but instead are negligent in nature. To combat this, organizations should implement a comprehensive cybersecurity training program that teaches stakeholders to be aware of any potential attacks, including those potentially performed by an insider.

Learn More

Learn more about the different types of social engineering attacks to better understand how to prevent and remediate against each one. Read: 10 Types of Social Engineering Attacks

9. DNS Tunneling

DNS Tunneling is a type of cyberattack that leverages domain name system (DNS) queries and responses to bypass traditional security measures and transmit data and code within the network.

Once infected, the hacker can freely engage in command-and-control activities. This tunnel gives the hacker a route to unleash malware and/or to extract data, IP or other sensitive information by encoding it bit by bit in a series of DNS responses.

DNS tunneling attacks have increased in recent years, in part because they are relatively simple to deploy. Tunneling toolkits and guides are even readily accessible online through mainstream sites like YouTube.

10. IoT-Based Attacks

An IoT attack is any cyberattack that targets an Internet of Things (IoT) device or network. Once compromised, the hacker can assume control of the device, steal data, or join a group of infected devices to create a botnet to launch DoS or DDoS attacks.

[According to the Nokia Threat Intelligence Lab, connected devices are responsible for nearly one-third of mobile network infections – more than double the amount in 2019.]

Given that the number of connected devices is expected to grow rapidly over the next several years, cybersecurity experts expect IoT infections to grow as well. Further, the deployment of 5G networks, which will further fuel the use of connected devices, may also lead to an uptick in attacks.

Expert Tip

What are Internet of Things (IoT) Devices?

Devices include traditional endpoints, such as computers, laptops, mobile phones, tablets and servers, as well as non-traditional items, such as printers, cameras, appliances, smart watches, health trackers, navigation systems, smart locks or smart thermostats.

How To Protect Against Cyber Attacks

A comprehensive cybersecurity strategy is absolutely essential in today’s connected world. From a business perspective, securing the organization’s digital assets has the obvious benefit of a reduced risk of loss, theft or destruction, as well as the potential need to pay a ransom to regain control of company data or systems. In preventing or quickly remediating cyberattacks, the organization also minimizes the impact of such events on business operations.

Finally, when an organization takes steps to deter adversaries, they are essentially protecting the brand from the reputational harm that is often associated with cyber events — especially those that involve the loss of customer data.

Below are some recommendations we offered in our 2022 Global Threat Report to help organizations improve their security posture and ensure cybersecurity readiness:

  • Protect All Workloads: You must secure all critical areas of enterprise risk, including endpoints and cloud workloads, identity and data.
  • Know Your Adversary: CrowdStrike Falcon® Intelligence identifies today’s bad actors and exposes their playbook to enable security teams to proactively optimize preventions, strengthen defenses and accelerate incident response.
  • Be Ready When Every Second Counts: Security teams of all sizes must invest in speed and agility for their daily and tactical decision making by automating preventive, detection, investigative and response workflows with integrated cyber threat intelligence directly observed from the front lines.
  • Adopt Zero Trust: Because today’s global economy requires data to be accessible from anywhere at any time, it is critical to adopt a Zero Trust model. The CrowdStrike Zero Trust solution connects the machine to the identity and the data to deliver full Zero Trust protection.
  • Monitor the Criminal Underground: Adversaries congregate to collaborate using a variety of hidden messaging platforms and dark web forums. Leverage digital risk monitoring tools like Falcon Intelligence Recon to monitor imminent threats to your brand, identities or data.
  • Invest in Elite Threat Hunting: The combination of technology with expert threat hunters is absolutely mandatory to see and stop the most sophisticated threats. Top-quality managed services such as Falcon Complete and Falcon OverWatch can help you close the growing cyber skills gap with the expertise, resources and coverage needed to augment your team.
  • Build Comprehensive Cybersecurity Training Program: User awareness programs should be initiated to combat the continued threat of phishing and related social engineering techniques.

2022 CrowdStrike Global Threat Report

Download the 2022 Global Threat Report to find out how security teams can better protect the people, processes, and technologies of a modern enterprise in an increasingly ominous threat landscape.

Download Now

GET TO KNOW THE AUTHOR

Kurt Baker is the senior director of product marketing for Falcon Intelligence at CrowdStrike. He has over 25 years of experience in senior leadership positions, specializing in emerging software companies. He has expertise in cyber threat intelligence, security analytics, security management and advanced threat protection. Prior to joining CrowdStrike, Baker worked in technical roles at Tripwire and had co-founded startups in markets ranging from enterprise security solutions to mobile devices. He holds a bachelor of arts degree from the University of Washington and is now based in Boston, Massachusetts.