Common Cyberattacks
What is a Cyberattack?
A cyberattack is an attempt by cybercriminals, hackers, or other digital adversaries to gain unauthorized access to a computer network or system. Their primary goals typically involve altering, stealing, destroying, or exposing sensitive information. While individuals can be targets, attacks on businesses and organizations often aim to access valuable resources like intellectual property (IP), customer data, or payment details.
Common Types of Cyberattacks in 2025:
Cyberattacks in 2025 are diverse and constantly evolving, targeting individuals, businesses, and governments to steal, alter, destroy, or expose information. Understanding the various types and their mechanisms is crucial for effective protection.
1. Malware (Malicious Software)
Malware is an umbrella term for any software or code created with the intent to harm a computer, network, or server. It's the most common type of cyberattack due to its broad range of subsets.
| Type | Description |
|---|---|
| Ransomware | Encrypts a victim's data and demands a payment (ransom) for a decryption key. Often delivered via malicious links in phishing emails, but can also exploit unpatched vulnerabilities or misconfigurations. Note: Even if a ransom is paid, there's no guarantee of data recovery. |
| Fileless Malware | Uses legitimate, native system tools to execute attacks, rather than installing new code. This makes it difficult to detect by traditional antivirus software. Note: Focuses on exploiting legitimate processes already present on a system. |
| Spyware | Malicious software that infects a device and secretly collects information about a user's web activity without their knowledge or consent. |
| Adware | A type of spyware that monitors online activity to determine which ads to display. While not inherently malicious, it impacts device performance and degrades user experience. |
| Trojan | Malware disguised as legitimate software or harmless files (e.g., free downloads). Installed through social engineering (phishing, bait websites). The Zeus trojan, for example, targets financial information and builds botnets. Note: Relies heavily on social engineering to trick users into installation. |
| Worms | Self-replicating programs that spread copies to other computers, often exploiting software vulnerabilities or delivered via phishing/smishing. Can modify/delete files, inject more malware, or exhaust system resources. |
| Rootkits | A collection of software designed to give malicious actors control of a computer network or application. They establish a backdoor exploit and can deliver additional malware. Bootkits go further by infecting the master boot record before the OS loads, making them harder to detect. |
| Mobile Malware | Any type of malware designed to target mobile devices. Delivered through malicious downloads, OS vulnerabilities, phishing, smishing, and unsecured Wi-Fi. |
| Exploits | Software or data that leverages a defect (vulnerability) in an operating system or application to gain unauthorized access, often to install more malware or steal data. |
| Scareware | Tricks users into believing their computer is infected with a virus, typically through pop-up warnings. Aims to persuade users to install fake antivirus software, which then infects the computer with actual malware. |
| Keylogger | Tools that record every keystroke a person types on a device, often sending this information to the attacker. While some legitimate uses exist, many are malicious. |
| Botnet | A network of computers infected with malware and controlled by a "bot herder." Used to launch attacks like DoS/DDoS, inject malware, harvest credentials, or execute CPU-intensive tasks. |
| MALSPAM (Malicious Spam) | Emails containing malicious content, such as viruses or malware-infected attachments, serving as the delivery mechanism for malware. |
| Wiper Attack | Designed to permanently delete or corrupt data on targeted systems. Often seen in geopolitical conflicts and hacktivism. |
2. Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
These attacks aim to disrupt the availability of a service or system by overwhelming it with traffic, making it unresponsive to legitimate users.
- DoS Attacks: Originate from a single system, flooding a network with false requests. While typically not resulting in data loss, they cost organizations time and money to restore operations.
- DDoS Attacks: A more sophisticated form where the attack is launched from multiple compromised systems (a botnet). This makes them faster and harder to block than DoS attacks, as multiple systems must be identified and neutralized. Note: DDoS attacks are increasingly common due to the ease of creating botnets.
3. Phishing
A pervasive cyberattack that uses various communication channels (email, SMS, phone, social media) and social engineering techniques to trick victims into sharing sensitive information or downloading malicious files.
| Type | Description |
|---|---|
| Spear Phishing | Targets specific individuals or organizations, often through malicious emails. Aims to steal login credentials or infect devices with malware. |
| Whaling | A highly targeted social engineering attack aimed specifically at senior or C-level executives to steal money, information, or gain access to their computers for further attacks. |
| SMiShing (SMS Phishing) | Fraudulent text messages designed to trick individuals into sharing sensitive data (passwords, usernames, credit card numbers). Attackers often impersonate banks or shipping services. |
| Vishing (Voice Phishing) | Fraudulent phone calls and voice messages, pretending to be from reputable organizations, to convince individuals to reveal private information (bank details, passwords). |
Note: Phishing continues to evolve, using more sophisticated social engineering tactics.
4. Spoofing
A technique where a cybercriminal disguises themselves as a known or trusted source to engage with a target and access their systems or devices, ultimately to steal information, extort money, or install malware.
| Type | Description |
|---|---|
| Domain Spoofing | A form of phishing where an attacker impersonates a known business or person with a fake website or email domain that appears legitimate at first glance, but has subtle differences. |
| Email Spoofing | Uses emails with forged sender addresses to target businesses. Recipients are more likely to open and interact with the email (malicious links/attachments) due to trusting the alleged sender. |
| ARP Spoofing (Address Resolution Protocol Spoofing/Poisoning) | A hacker tricks one device into sending messages to the hacker instead of the intended recipient, gaining access to the device's communications, including sensitive data. |
5. Identity-Based Attacks
These attacks are challenging to detect because they involve an adversary masquerading as a valid user after compromising their credentials, making it difficult to differentiate between legitimate and malicious activity.
| Type | Description |
|---|---|
| Kerberoasting | A post-exploitation technique to crack the password of a service account within an Active Directory environment. The attacker masquerades as a user with a service principal name (SPN) and requests a ticket containing an encrypted password. |
| Man-in-the-Middle (MitM) Attack | An attacker intercepts and eavesdrops on a conversation between two targets with the goal of collecting personal data, passwords, or banking details, or to convince the victim to take an action (e.g., change login credentials, complete a transaction). |
| Pass-the-Hash (PtH) Attack | An adversary steals a "hashed" user credential and uses it to create a new user session on the same network, without needing to know or crack the actual password. |
| Golden Ticket Attack | Adversaries gain unlimited access to an organization’s domain by exploiting vulnerabilities in the Kerberos identity authentication protocol within Microsoft Active Directory. |
| Silver Ticket Attack | A forged authentication ticket created when an attacker steals an account password. This forged service ticket provides access to resources for a specific targeted service. |
| Credential Harvesting | Cybercriminals gather user credentials (user IDs, email addresses, passwords, etc.) en masse to access systems, gather sensitive data, or sell it on the dark web. |
| Credential Stuffing | Leverages the common practice of users reusing the same user ID and password across multiple accounts. Attackers use compromised credentials from one breach to gain access to other, unrelated accounts. |
| Password Spraying | A threat actor uses a single common password against multiple accounts on the same application, avoiding account lockouts that occur with brute-force attacks on a single account. |
| Brute Force Attacks | Uses a trial-and-error approach to systematically guess login information, credentials, and encryption keys by submitting numerous combinations until the correct one is found. |
| Downgrade Attacks | Adversaries exploit a system's backward compatibility to force it into less secure modes of operation (e.g., forcing HTTPS to HTTP). |
6. Code Injection Attacks
Consist of an attacker injecting malicious code into a vulnerable computer or network to alter its intended course of action.
| Type | Description |
|---|---|
| SQL Injection | Leverages system vulnerabilities to inject malicious SQL statements into a data-driven application, allowing the hacker to extract, alter, or erase information from a database. |
| Cross-Site Scripting (XSS) | An attacker inserts malicious code within a legitimate website. The code then launches as an infected script in the user’s web browser, enabling the attacker to steal sensitive information or impersonate the user. Common in web forums, message boards, and blogs. |
| Malvertising | Attacks that leverage other techniques (like SEO poisoning) to inject malicious code into display ads (banner ads, video content). Clicking the ad installs malware or adware. |
| Data Poisoning | An adversary intentionally compromises a training dataset used by an Artificial Intelligence (AI) or Machine Learning (ML) model to manipulate its operation, introduce biases, create erroneous outputs, or introduce vulnerabilities. |
7. Supply Chain Attacks
These attacks target a trusted third-party vendor who offers services or software vital to the supply chain.
- Software Supply Chain Attacks: Inject malicious code into an application to infect all users of that application. Modern software, built from many off-the-shelf components (APIs, open source, proprietary code), is particularly vulnerable.
- Hardware Supply Chain Attacks: Compromise physical components for the same purpose.
Note: A single compromise in the supply chain can have a cascading effect on multiple organizations.
8. Social Engineering Attacks
Attackers use psychological tactics to manipulate people into taking a desired action, exploiting human vulnerabilities through motivators like love, money, fear, and status to gather sensitive information.
| Attack | Description |
|---|---|
| Pretexting | Attackers gain access to information, a system, or a user by posing a false scenario that gains the victim's trust (e.g., posing as an investment banker, HR, or IT specialist). |
| Business Email Compromise (BEC) | Attackers assume the identity of a trusted user (e.g., CEO, vendor) to trick employees or customers into making payments or sharing data. |
| Disinformation Campaign | Deliberate efforts to spread false information, often for political or war-related reasons, amplified through social media with bots and fake accounts to create a false sense of consensus. |
| Quid Pro Quo | Attackers offer a product or service in exchange for something (e.g., payment, information). |
| Honeytrap | Attacks individuals seeking love or friendship on dating apps/websites by creating fake profiles and building relationships to trick victims into giving money, information, or network access for malware installation. |
| Tailgating/Piggybacking | An in-person attack where an adversary tags along behind an employee to gain unauthorized physical access to facilities, aiming to steal or destroy sensitive information. |
9. Insider Threats
Threats posed by internal actors (current or former employees, contractors) who have direct access to the company network, sensitive data, IP, and knowledge of business processes.
- Malicious Insiders: Motivated by financial gain (selling confidential info) or emotional coercion.
- Negligent Insiders: Unintentional threats due to lack of awareness or poor security practices.
Note: Organizations need to consider both malicious and negligent insiders in their security strategies.
10. DNS Tunneling
Leverages Domain Name System (DNS) queries and responses to bypass traditional security measures and transmit data and code within a network.
- Mechanism: Once infected, the hacker can engage in command-and-control activities, unleashing malware or extracting data by encoding it bit by bit in DNS responses.
Note: Increasingly common due to their relative simplicity and ability to evade detection.
11. IoT-Based Attacks
Cyberattacks specifically targeting Internet of Things (IoT) devices or networks.
- Impact: Once compromised, attackers can control the device, steal data, or integrate it into a botnet to launch DoS/DDoS attacks.
Note: The rapid growth of connected devices and the deployment of 5G networks are expected to lead to an increase in IoT infections.
12. AI-Powered Attacks
As AI and ML technology advances, attackers are leveraging these tools to gain network access or steal sensitive information.
| Attack | Description |
|---|---|
| Adversarial AI/ML | Seeks to disrupt AI/ML system operations by manipulating or misleading them, often by introducing inaccuracies in training data. |
| Dark AI | Specifically engineered to exploit vulnerabilities using AI/ML, often going unnoticed until damage is done. |
| Deepfake | AI-generated forgeries (fake images, videos, audio) that appear highly realistic, with potential to reshape public opinion, damage reputations, or sway political landscapes. |
| AI-generated Social Engineering | Attackers create fake chatbots or virtual assistants capable of human-like interactions to trick users into providing sensitive information. |
Note: The increasing sophistication of AI tools presents new challenges for cybersecurity.
How to Protect Against Cyberattacks:
A comprehensive cybersecurity strategy is essential for protecting digital assets, reducing risk, and minimizing the impact of attacks. Key recommendations include:
- Protect All Workloads: Secure all critical areas of enterprise risk, including endpoints, cloud workloads, identity, and data.
- Know Your Adversary: Understand the tactics, techniques, and procedures (TTPs) of threat actors to proactively optimize preventions, strengthen defenses, and accelerate incident response.
- Be Ready When Every Second Counts: Invest in speed and agility for daily and tactical decision-making by automating preventive detection, investigation, and response workflows with integrated cyber threat intelligence.
- Adopt Zero Trust: Implement a Zero Trust model, where no user or device is inherently trusted, requiring verification for every access request.
- Monitor the Criminal Underground: Leverage digital risk monitoring tools to track imminent threats to your brand, identities, or data by observing hidden messaging platforms and dark web forums.
- Invest in Elite Threat Hunting: Combine technology with expert threat hunters to detect and stop sophisticated threats, especially with the growing cyber skills gap.
- Build a Comprehensive Cybersecurity Training Program: Implement user awareness programs to combat phishing and other social engineering techniques, educating stakeholders on potential attacks, including those from insiders.
By understanding these common cyberattacks and implementing robust defense strategies, organizations and individuals can significantly improve their security posture in 2025.
 - Notes & MCQs){kind=link}
0 Comments