15 common types of cyber attacks

The past year has seen a marked increase in cyber attacks, with businesses and individuals alike falling victim to digital crime. In 2022, the UK had the highest number of cybercrime victims per million internet users – an increase of 40% on 2020 figures. 

As the frequency and sophistication of these attacks continues to grow, many people and businesses are wondering how they can protect themselves. From ransomware to phishing scams, it seems that no one is safe from the reach of cyber criminals.  

We want to equip all our partners with the knowledge and tools to fight back against cybercrime. Let’s take a closer look at the current most common types of cyber-attack and what you can do to protect your customers against them. 

Description Aim / How it works Prevention
1. Man-in-the-middle (MITM) attack A man-in-the-middle (MITM) attack is where a perpetrator intercepts communications between a user and an application. The attacker effectively positions themselves in the middle of the conversation, allowing them to eavesdrop on the exchange of information or even impersonate one of the parties involved.
MITM attacks are often carried out with the aim of stealing sensitive information, such as login credentials, account details, and credit card numbers. These attacks are often targeted at users of financial applications, SaaS businesses, e-commerce sites, and other websites where logging in is required. Only visit websites with a secure HTTP connection using SSL (Secure Socket Layer) technology. Use a virtual private network (VPN) to encrypt data and make it harder for attackers to intercept communications.
2. Phishing and Spear Phishing Phishing is a type of cyber-attack where an attacker impersonates a trusted contact and sends fake emails with clickable links to the victim. These emails often appear legitimate and are designed to trick the recipient into clicking on the link and providing sensitive information, such as login credentials or financial information.
Spear Phishing is a targeted form of phishing where the attacker specifically targets a specific individual, organisation, or business. This type of attack is often more successful because the attacker has researched the target and is able to craft a more personalised and convincing email. Be cautious of suspicious emails and don’t click on links or provide sensitive information unless you are certain the email is legitimate. Use an email security solution that has Phishing and Spear Phishing prevention capabilities.
3. Drive-by attacks In a drive-by attack, malicious code is delivered onto a system or device without any action required on the part of the user. A script is planted into the code of an insecure website, which infects the computers of anyone who visits the site. These attacks are called "drive-by downloads" because they require no action on the part of the victim beyond visiting the compromised website. Drive-by downloads are a common method of spreading malware and are particularly effective because they can silently infect a computer without the user's knowledge. The script used in these attacks is often unintelligible, making it difficult for security researchers to analyse and defend against. Avoid accessing suspicious websites and be mindful of security notifications that warn about expired website certificates. Install a trusted ad-blocker and stick to official, reputable sources when downloading software onto your device.
4. Botnet attacks In a Botnet (short for “robot network”) attack, cybercriminals use malware-infected devices to launch large-scale cyber-attacks remotely. These attacks can be used for a variety of nefarious purposes, such as distributed denial of service (DDoS) attacks. Botnets are typically composed of a group of "zombie" devices (computers, mobile phones, IoT devices), which are infected with malware and controlled remotely by the attacker. Adopt good cybersecurity hygiene practices and provide ongoing training for employees. Ensure all systems are properly patched and up-to-date, and all endpoints have effective malware and antivirus protection. Monitor the network for unusual activities.
5. Social engineering attacks Social engineering uses psychological manipulation to trick users into divulging sensitive information or making security mistakes. These attacks often begin with the attacker gathering information about the intended victim and their potential vulnerabilities, such as their social media profile or responses to common security questions. Social engineering attacks can take many forms, including phishing, baiting, scareware, pretexting, and spear fishing. Unlike other forms of cyber-attack, which rely on vulnerabilities in software and operating systems, social engineering attacks rely on human error. This makes them particularly dangerous, as it’s hard to predict how a legitimate user may respond to a malicious request. Be sceptical of suspicious messages, protect devices with up-to-date security software, and use two-factor authentication for critical accounts. It’s also essential to educate users on the potential risks of social engineering and how to recognise and avoid these attacks.
6. SQL injection attacks SQL injection attacks are where a malicious third party manipulates SQL queries (the typical string of code request sent to a service or server) to gain access to sensitive information. These attacks enable cybercriminals to extract private data, such as credit card numbers and hospital records, or user authentication details, even gain administrative rights to a database. Use smart firewalls that can detect and filter out unwanted requests. Safe programming functions, such as parameterised queries and stored procedures, can make SQL injections impossible. Developing code that identifies illegal user inputs is also an effective way to prevent these attacks.
7. Malware attacks Malware involves using malicious software to cause harm to a computer, network, or device. It can take many forms, such as viruses, worms, ransomware, spyware and trojans. These types of attacks can breach a network through vulnerabilities and can be triggered by clicking on a dangerous link, downloading an email attachment or using an infected pen drive. When malware is able to run on a device, it can cause a wide range of problems. It can lock the device or make it unusable, steal or delete data, take control of the device to attack other networks, obtain credentials that allow access to an organisation's systems or services, mine for cryptocurrency, or use services that can cost the user money. Avoid clicking on suspicious links. Regularly update your operating system and web browsers. Antivirus software and firewalls can help filter out traffic that may contain malware. 
8. Cross Site Scripting (XSS) Cross-Site Scripting (XSS) is where an attacker injects malicious code into a website. The code is executed by the browser of anyone who visits the website, allowing the attacker to steal sensitive information or disrupt functions. The goals of the attackers can be to affect the website's services, impersonate accounts, observe user behaviour, load external content or steal sensitive data. Encrypt websites and provide options for disabling page scripts to prevent a malicious payload from activating. Use script-blocker add-ons and properly validate and sanitise variables.
9. Password attacks A password attack is a hacker's attempt to gain access to a file, folder, account, or computer that is secured with a password. There are several different types of password attacks, including brute force attacks, dictionary attacks, and keylogger attacks. In a brute force attack, a hacker uses specialised software to try every possible combination of characters until they find the correct password. In a dictionary attack, the software scans through a list of common words and phrases that people use as passwords. A keylogger attack involves using software to record the keystrokes on a computer, allowing the hacker to capture passwords as they are entered. Avoid using easily guessable passwords, such as personal information. Instead, use complex passwords of more than 12 characters. Password management solutions can help by enforcing a strong password policy and enable two-factor authentication wherever possible.
10. Denial of Service (DoS) attacks A "denial of service" or "DoS" attack targets a website, server, or network with a flood of traffic or requests. The goal of this attack is to overwhelm the targeted system, exhausting its resources and making it unable to respond to legitimate requests. As a result, users of the targeted service will be unable to access it. Traffic analysis can identify and block malicious traffic. Learn to recognise warning signs like network slowdown, intermittent website shutdowns, etc. An incident response plan should be put in place to quickly respond to attacks.
11. Distributed Denial of Service (DDoS) attacks Distributed denial of service (DDoS) attacks involve a large number of malicious actors, often organised into a botnet, which target a server or network with the intention of overwhelming it with traffic. This can cause the server to crash or become slow and unresponsive, making the website or other online service hosted on the server unavailable to legitimate users. DDoS attacks are often used as a weapon by hacktivists, cyber vandals, and extortionists to make a point or champion a cause.DDoS attacks can also be used as a smokescreen for other malicious activities, such as breaching the target's security perimeter. Systems need to be hardened against attacks with anti-DDoS architecture and tools, with a mitigation plan in place for responding to attacks. Outsourcing DDoS prevention to a cloud-based service provider can also be effective.
12. Insider attacks and data breaches Insider attacks and data breaches are where an employee uses their access to an organisation's systems to compromise sensitive information. These attacks can happen by mistake or intentionally. In the case of negligent insiders, they may accidentally send sensitive information to the wrong person or make it easy for a cyber-criminal to launch an attack by falling for a phishing scam. Malicious insiders will intentionally breach their employer's systems for personal gain or out of revenge. Implement strict security policies and practices across organisations. This can include limiting access to IT resources based on job roles, performing enterprise-wide risk assessments, implementing security software and appliances, and monitoring and controlling remote access from all endpoints.
13. Cryptojacking attacks Cryptojacking is where a cybercriminal secretly uses a victim's computing power to generate cryptocurrency. This is done by installing a program with malicious scripts on the victim's computer or other internet-connected device, without the victim's knowledge or consent. The criminal then uses this access to run a program called a "coin miner" to create cryptocurrencies. Cryptojacking can have performance-related impacts on the victim's device, as well as increased costs due to the high levels of electricity and computing power required for coin mining. Symptoms of cryptojacking can include unexpected high processor usage, overheating of devices and poor battery performance. Keep all security apps and software updated, and make sure the firmware on smart devices is the latest version. Only install software from trusted sources and avoid suspicious websites that could host malicious scripts. To recover from cryptojacking, close all of your browser windows, remove any browser extensions, and run an antivirus scan.
14. Eavesdropping attack An eavesdropping attack is where a hacker intercepts and listens to sensitive data that is transmitted between two devices. This is known as "sniffing" or "snooping", as the attacker uses unsecured network communications to access data in transit. The type of information stolen is used to gain log-ins or valuable data. To conduct an eavesdropping attack, the attacker typically waits for a user to connect to an unsecured network and send sensitive information to a colleague. The data is transmitted across an open network, which allows the attacker to intercept. Eavesdropping attacks can be difficult to detect, as they do not typically affect the performance of devices and networks. Encrypt network traffic, use authentication protocols, and educate employees on best practices. Network segmentation and the use of security technologies, such as firewalls and VPNs, can also help prevent eavesdropping.
15. Crypto Mining Malware Attacks Cryptojacking is a type of malware attack that involves installing software on a victim's computer that forces it to mine cryptocurrency. This malware typically uses the victim's CPU to perform complex mathematical calculations to generate new tokens of currency. Cryptomining can be deployed through a variety of methods, including code embedded in websites and email phishing campaigns. Once in place, the malware can be difficult to detect because it runs in the background, using the victim's computing resources without their knowledge. Keep all security software up to date and to practise good security hygiene. Educate employees about the dangers of cryptojacking and deploy a next-generation endpoint protection platform to help identify and stop the malware.

Get cybersecurity support from the experts at intY

Talk to our in-house security experts for help on building your security stack and explore our range of world-class security solutions.

Press enter or esc to cancel

Let's talk

intY is an award-winning pioneer for the distribution of cloud services from the biggest cloud software vendors in the world. So if you’re looking to become a partner, and want to have a chat before signing up, fill out the form below and we’ll get back to you.