In 2021, there were an average of 270 cyber attacks per company, which is a 31% increase from 2020. That figure is not going down in 2022 (if anything, it's more likely to go up), so preparing for cyber threats must be at the top of your to-do list. So, what are the different types of cyber attacks you should be ready to face?

This article examines the most common types of cyber attacks you are most likely to encounter in the current cybercrime landscape. We offer an overview of each threat type, explain how victims fall prey to these tactics, and provide tips for ensuring you are not an easy target for would-be hackers.

Types of cyber attacks

What Is a Cyber Attack?

A cyber attack is a malicious attempt by an unauthorized third party to breach an IT system. Attacks vary in sophistication and tactics, but every effort to "break into" a system has one of the following goals:

  • Steal valuable files (personal identifiable information, passwords, financial records, etc.) and ask for a ransom under the threat of data leakage.
  • Collect valuable data and sell it to the highest bidder (typically on the Dark Web).
  • Disable computers or disrupt the victim's network (often to form a launch point for other attacks or get a short competitive edge).
  • Expose business secrets (such as a patent or code).
  • Destroy systems and delete data as a form of "hacktivism."
  • Steal personal data and commit identity theft (typically with the idea of pulling off an unauthorized money transfer).

A successful cyber attack has a long line of negative effects, including:

  • Financial losses (a single successful attack costs companies an average of $200,000).
  • Data breaches.
  • Permanent data loss or corruption.
  • Loss of user trust.
  • Bad press.
  • Potential legal fines and lawsuits, both common if you lost customer data during an attack.

Companies are increasingly investing more in security as criminals get more creative and aggressive with their tactics. Recent reports reveal that 69% of US-based firms are expanding their cybersecurity budgets in 2022 (over 85% expect allocated budgets to increase by up to 50%). The current top areas of investment are:

Learn the difference between an attack vector and surface, two overlapping security concepts you must firmly understand to make reliable preparations for malicious activity.

Types of Cyber Security Attacks

A criminal rarely decides to re-invent the wheel when trying to hack a way into a network. Instead, attackers draw upon tried-and-tested techniques they know are highly effective. Let's take a close look at the most common types of cyber attacks a third party might use to breach your company.

Most common types of cyber attacks

1. Malware-Based Attacks (Ransomware, Trojans, Viruses, etc.)

Malware is malicious software that disrupts or steals data from a computer, network, or server. The malware must install on a target device to become active, after which a malicious script moves past the security measures and performs one (or more) of the following actions:

  • Deny access to a critical system or data.
  • Steal files.
  • Damage data integrity.
  • Spy on user activity.
  • Disrupt or even render the system inoperable.
  • Hijack control of the target device (or multiple systems on the same network).

While some malware exploits system vulnerabilities (for example, an issue with UPnP), these programs typically breach a system through human error, such as when the victim:

  • Clicks on a dangerous link.
  • Opens an infected email attachment.
  • Plugs in a corrupted USB or portable hard drive.
  • Visits an infected website that runs a drive-by download (unintentional download of malicious code onto the visitor's device).

Malware is one of the most common types of cyber attacks and has multiple variations. Let's look at all the most prominent ones.


Spyware is a type of malware that spies on the infected device and sends info to the hacker. Most attackers use this tactic to silently spy on user data and browsing habits.

If the target accesses valuable data on a spyware-infected device (e.g., logging into a bank account), the criminal gathers sensitive info without the victim knowing something's wrong.


Keyloggers are similar to spyware, except that this type of malware spies on what you type into your keyboard. That info enables a criminal to gather valuable data and later use it for blackmail or identity theft.


A computer virus is a malicious program capable of replicating itself by across programs on the target device. If you activate a virus-infected file, the malicious software self-replicates across the device, slowing down performance or destroying data.


A worm is a standalone malware that replicates itself across different computers. Worms move around via a network, relying on security failures to spread and steal data, set up backdoors, or corrupt files.

Unlike a virus that requires a host computer or operating system, a worm operates alone and does not attach to a host file.


Trojans "hide" inside a seemingly legit piece of software (hence the Greek mythology-inspired name). If you install a trojan-infected program, the malware installs on your device and runs malicious code in the background.

Unlike a virus or a worm, a trojan does not replicate itself. The most common goal of a trojan is to establish a silent backdoor within the system that enables remote access.


Adware is malware that displays marketing content on a target device, such as banners or pop-ups when you visit a website. Some adware also monitors user behavior online, which enables the malicious program to "serve" better-targeted ads.

While adware may seem relatively innocent compared to other malware, many criminals use this tactic to display ads hiding files with malicious code.

Fileless Malware

Fileless malware does not rely on executable files to infect devices or directly impact user data. Instead, this type of malware goes after files native to the operating system (like Microsoft Office macros, PowerShell, WMI, and similar system tools).

Fileless malware is difficult to detect as there are no executables, which are the go-to scanning target for network security tools. Recent studies indicate that the fileless approach is up to 10 times more successful than traditional malware.


Ransomware is a type of malware that encrypts files on a target system. Once the program encrypts data, the hacker demands a ransom (usually requested in cryptos) in exchange for the decryption key.

If the victim declines to pay the ransom, the criminal destroys the decryption key, which means there's (usually) no way to restore data. However, many who opt to meet the demands never receive the promised key. Ransomware code also often corrupts data beyond repair during the infection process, which means the key you receive from the criminal is sometimes useless.

Ransomware is a threat to both individual users and organizations. More tech-savvy criminals prepare malicious packages that attack multiple computers or go after a central server essential to business operations.

Want to learn more about ransomware? Check out these articles:

Our ransomware protection enables you to use various cloud-based solutions to ensure you never end up in a situation where paying a ransom is the only way to get your data back.

2. Phishing Attacks

A phishing attack happens when someone tries to trick a target with a fraudulent email, text (called SMS phishing or "smishing"), or phone call (called voice phishing or "vishing"). These social engineering messages appear to be coming from someone official (like a colleague, bank, a third-party supplier, etc.), but the imposter is actually trying to extract sensitive info from the recipient.

Some criminals do not ask for info directly. A hacker might try to get the victim to click on a link or open an email-attached file that:

  • Downloads and installs malware on the device.
  • Leads to a phishing website (typically a fake login page) that steals data if you type in credentials.

Phishing is among the most popular types of cyber attacks. Simple to pull off and highly reliable, recent reports reveal that phishing tactics were a part of 36% of data breaches in 2021.

Many phishing attacks go after as many targets as possible, but some focus on a specific team or person. Let's take a closer look at these more targeted tactics.

Spear Phishing Attacks

Spear phishing goes after a specific individual. The attacker uses personal info about the target (gathered on social media, bought on the Dark Web, or collected via other phishing attacks) to make a more credible message tailored to that person.

Email is by far the most common attack vector for spear phishing. If criminals decide to use an email, they have two choices:

  • Hack someone's email and reach out to the target from a real account.
  • Use email spoofing to make a new address that is almost identical to the email they're trying to impersonate.

Hackers usually time spear-phishing emails to make a more compelling message. For example, a criminal may wait for the target to go away on a business trip or make a new hire, and create a strategy centered around those unique circumstances.

Angler Phishing Attacks

An Angler attack happens when a phishing imposter targets someone on social media and attempts to steal their credentials outside a corporate network. There are no strict firewall rules or custom IDSes to stop spam messages, which is why this relatively new phishing tactic has had much success in recent years. People also tend to be more off guard on social media than when viewing a message on an official email address.

Whaling Attacks

Whale phishing happens when an attacker goes after a high-profile employee, such as the CEO, COO, or CFO. The idea is to target someone who has the authorization to make major money transfers.

While harder to pull off than trying to trick a lower-ranking employee, whale phishing is the most profitable form of phishing. Profits often reach millions of dollars, so C-level executives must always be on guard for such tactics.

Phishing is a typical first step to CEO fraud. These scams are now a $26-billion-a-year industry, so check out our article on CEO fraud for an in-depth look at how to counter this threat.

3. Password Attacks

Passwords are the most common method of authenticating users when accessing a computer system, which makes them a go-to target for cyber attacks. Stealing someone's credentials enables a hacker to gain entry to data and systems without having to fight through cybersecurity measures.

Recent studies reveal that 20% of data breaches start with a compromised credential. Criminals rely on a variety of methods to get their hands on an individual's passphrase, including using:

  • Social engineering.
  • Hacking a password database or a company's password management platform.
  • Spying on an unencrypted network transmission.
  • Guessing the password (usually with a bot).
  • Paying one of the employees to share their password.

Let's explore the most common password-based types of cyber attacks.

Brute-Force Attack

A brute-force attack relies on a program that systematically goes through all the possible combinations of characters to guess a password. The easier the password is, the quicker the program does its job.

This simple method is time-consuming, which is why hackers always use a bot to crack the credentials. Here are the most popular programs attackers rely on to brute-force a passphrase:

  • Aircrack.
  • Cain.
  • Abel.
  • John the Ripper.
  • Hashcat.

Hackers often use basic info about the target to narrow the guessing process, "feeding" the bot with personal data (such as job titles, school names, birthdays, family and pet names, etc.). The program then tests combinations of that data to speed up the deciphering process.

Preventing a brute-force attack does not boil down to using unique passwords. A top-tier program can crack a seven-character password in under 30 seconds. Using lengthy, alphanumerical passwords is the most reliable way of preventing brute-force attacks.

Dictionary Attack

A dictionary attack is a strategy in which a hacker uses a list of common passphrases to gain access to the target's computer or network. Most hackers purchase previously cracked passwords in a bundle on the Dark Web, but some dictionary attacks rely solely on common words and phrases.

Password Spraying

Password spraying is a strategy in which a hacker attempts to use the same password across as many accounts as possible. For example, a bot might crawl across the Internet and try to log into every profile with a "password1" credential.

While not too reliable a tactic at first glance, spraying takes on a new light when you consider over 3.5 million U.S. citizens use "123456" as a password.

Our guide to strong passwords explains a multitude of simple ways to create passwords that are easy to remember and impossible to crack.

4. Man-in-the-Middle Attacks

A man-in-the-middle attack (MitM) occurs when a hacker intercepts in-transit data moving between two network points. An attacker hijacks the session between a client and host, which creates an opportunity to view or edit data. A more common name for the MitM is an eavesdropping attack.

The main problem with MitM attacks is that this breach is very challenging to detect. The victim thinks the info is traveling to a legitimate destination (which it does), but there are often no indications that data made a "pitstop" along the way.

There are two common points of entry for a MitM attack:

  • Unsecured public Wi-Fi that does not have sufficient network security.
  • Pre-installed malware that works in the background of the sender's or the recipient's system (or the network as a whole).

For example, let's say you're using the Wi-Fi at a local coffee shop and decide to check your bank account balance. You log in and send info to a bank's server, but a hacker intercepts data and captures your username and password. There's no VPN to protect info, so the hacker gathers everything needed to log into your account and drain all funds.

Want to learn more about the MitM threat? Our article on man-in-the-middle attacks goes through everything your security team needs to know about this strategy.

5. SQL Injection Attacks

An SQL injection enables a hacker to "trick" a website into revealing info stored within its SQL database (login data, passwords, account info, etc.).

Injections are a bit more technical than an average brute-force attack or a phishing strategy, but even a novice hacker knows how to pull these attacks off. The attacker types in predefined SQL commands into a data-entry box (such as a login field). Once injected, commands exploit a weakness in database design and can:

  • Read sensitive data.
  • Modify or permanently delete stored files.
  • Trigger executive functions (like causing a system shutdown or changing user permissions). 

Our article on SQL injections explains precisely how these attacks work and presents the most effective ways to prevent injection attempts.

6. DoS and DDoS Attacks

Denial of Service (DOS) and Distributed Denial of Service (DDoS) are cyber attacks that aim to overwhelm a system, server, or network with fake requests. The attackers spam the target until they exhaust all resources or bandwidth, rendering the system unable to fulfill legitimate requests.

Here's the difference between DOS and DDoS:

  • A DOS occurs when a hacker uses false requests or traffic to overwhelm a system until it fails or goes down.
  • A DDoS is the same type of attack, except the hacker relies on multiple malware-infected devices to crash the system with more speed. IoT devices are a common choice for hackers building these "bot armies."

The most common types of DoS and DDoS attacks are:

  • Teardrop attack.
  • Smurf attack.
  • Botnets.
  • The TCP SYN flood attack.
  • Ping-of-death attack.

The goal of DOS and DDoS is not to steal data but to slow down operations. Sometimes, a hacker uses a DDoS attack to distract the security team and create a window of opportunity to perform other malicious activities.

Learn about the most effective methods of preventing DDoS attacks and see how the pros ensure hackers cannot overwhelm a system with illegitimate requests.

7. Advanced Persistent Threat (APT)

An APT is a cyber attack in which an intruder maintains a long-term presence within a system without the victim's knowledge. The goal of these attacks varies, but the most common objectives are to:

  • Steal large amounts of business data.
  • Establish a source of corporate espionage.
  • Sabotage infrastructure.
  • Cause a long-term service outage.
  • Perform a total website or app takeover.

An APT is more complex than other types of cyber attacks. Criminals often form a full-time team to maintain a months-long presence within the target system. These attacks rarely rely on automation as criminals develop custom programs and tactics for breaching a specific tech stack.

Our article on APT attacks offers an in-depth look at this potentially business-ending threat.

8. Zero-Day Exploits

A zero-day exploit is a security flaw within a piece of software that exists without the admin's knowledge. For example, a company might release a new version of an app with a yet unidentified weakness a hacker can exploit.

Once the team discovers the flaw, they have "zero days" to fix the issue as hackers are likely already working on exploits.

A zero-day exploit is an umbrella term that covers any malicious activity that relies on a still unpatched system weakness. Companies must be wary of zero-day vulnerabilities whenever they update apps or services, so invest in proactive flaw detection and agile threat management.

Learn more about zero-day exploits and see the most effective ways your company should plan for these kinds of vulnerabilities.

9. Watering Hole Attacks

A watering hole attack is a strategy in which a hacker infects a website or sets up a malicious copy of a page a specific user group is likely to visit. This strategy goes after a particular group of end users, so attackers always profile their targets to determine what websites they like to use.

Once the target interacts with the malware-infested website, the intruder gets an opportunity to perform malicious activities (steal login details, inject malware, gain access to the network infrastructure, set up remote controls, etc.).

10. Cryptojacking

Cryptojacking is a cyber attack that enables a hacker to secretly use a computer's processing power to mine for cryptocurrencies (most commonly Bitcoin or Ethereum). Most infections occur when the target:

  • Visits an infected website.
  • Opens a malicious link.
  • Clicks on a malware-infected ad.

Cryptojacking severely slows down the system, but it also causes other vulnerabilities. The malicious program often tempers with firewall settings, which creates more space for other threats.

Cases of cryptojacking nearly quadrupled from 2020 to 2021. Recent reports suggest that one in 500 Alexa sites hosts mining malware.

11. URL Manipulation

URL manipulation (or URL rewriting) happens when an attacker changes the parameters in a URL address to redirect the victim to a different website. This tactic typically happens via a malicious script and leads the victim to a phishing or a malware-infected page.

URL manipulation is not URL poisoning (also known as location poisoning). Poisoning an URL means tracking Web visiting behavior by adding an ID number to the URL line when a user goes to a particular site. Hackers then use the ID to track the visitor's browsing history.

Cyber attack statistics

12. DNS-Based Attacks

Domain Name System (DNS) protocol often has exploits that enable a hacker to attempt a cyber attack. Let us look at the two most common ones: DNS tunneling and spoofing.

DNS Tunneling

DNS tunneling uses the protocol to tunnel malware and data through a client-server model while bypassing the firewall and other security measures. Once a malicious program enters the system, it latches onto the server and gives the hacker remote access.

Inbound DNS traffic carries commands to the malware, while outbound traffic enables a hacker to steal data or respond to malware requests (change code, install new access points, etc.).

DNS Spoofing (or "Poisoning")

DNS spoofing enables an attacker to send traffic to a fake (or "spoofed") website and gather data from unwitting visitors. These websites are an identical replica of the legitimate site (typically a copy of a login page for a bank or a social media account) that send info directly to hackers once you type in the credentials.

Hackers also use DNS spoofing to sabotage a business by redirecting visitors to a poor-quality page, often with mature or obscene content. Some companies use this tactic as an underhanded method of taking cheap shots at a competitor's reputation.

Learn about the DNS security best practices and see the best proactive ways to keep your DNS-powered systems healthy.

13. Cross-Site Scripting (XSS)

A cross-site scripting (XSS) attack exploits vulnerable websites and enables a criminal to set up malicious executables on web pages and apps. A hacker injects a payload with malicious JavaScript into a website database which executes as a part of the HTML body when someone requests to open a page in their browser.

When the malicious script executes, the hacker bypasses access controls and hijacks the account. Tech-savvy hackers also use XSS to exploit and create additional security flaws, such as laying the groundwork for malware, taking screenshots, or collecting network data.

15. Rootkits

Rootkits are malicious programs that give an intruder unauthorized admin-level access to a computer or other software. A criminal often uses a rootkit to:

  • Remotely access the target computer.
  • Edit system files and data.
  • Install keyloggers and other malware.
  • Exfiltrate data without the victim knowing about the breach.

Rootkits are notoriously hard to detect as they "hide" deep within the operating system. Top-tier programs also impact anti-virus settings, making the detection process even more challenging. Most rootkit infections spread through email attachments and drive-by downloads on unsafe websites.

16. Session Hijacking

Session hijacking is an advanced form of a MITM attack in which an imposter takes over a session between a client and the server instead of only spying on the communication. The hacker steals the client's IP address, and the server continues the session because it has already formed a trusted connection with the device.

Once intruders hijack a session, they are free to do anything within the permissions of the victim's account. For example, if a criminal hijacks a session while an admin is accessing a company's database, the attacker can view, edit, or destroy files.

Most security teams focus on external threats when preparing for cyber attacks. In actuality, an insider could do just as much if not more damage than a third-party hacker—learn how to prepare for insider threats and see how smart companies deal with dangers from within the organization.

Preventing cyber attacks

How to Prevent Cyber Attacks?

Let's look at the most effective ways to prevent the different types of cyber attacks discussed above:

  • Use strong, alphanumeric passwords that are unique for every account.
  • Change passwords every few weeks.
  • Do not include everyday phrases, personal info, or simple number sequences in credentials.
  • Disable password hints on your apps and websites.
  • Keep all apps, browsers, OSes, and devices up to date with the latest patches.
  • Rely on an anti-virus protection tool for threat detection.
  • Boost network security with strict access controls, firewalls, segmentation rules, traffic analysis, and instruction prevention systems (IPS).
  • Perform regular network security audits.
  • Never click on links or attachments in an email from an unknown sender.
  • Scrutinize emails for loopholes and grammatical errors, especially when confronted with an unsolicited message.
  • Use VPN when accessing the corporate network outside of the office.
  • Stay clear of public Wi-Fi networks.
  • Perform daily data backups.
  • Organize regular employee awareness training.
  • Use account lockout and two-factor authentication to prevent password attacks.
  • Ensure employees know how to keep their BYOD devices safe.
  • Never download or install anything unless you're interacting with a verified source.
  • Enforce zero-trust security policies.
  • Keep data safe with at-rest encryption, in-transit encryption, and confidential computing (protecting data during processing). Also, ensure your key management has no exploitable flaws.
  • Know how to recognize warning signs (network slowdown, website crashes, etc.).
  • Form a Cyber Incident Response Team (CIRT) that prepares response strategies, disaster recovery, and cyber kill chains.
  • Limit the info your company shares on its official website and social media.
  • Use an ad blocker when browsing the Internet.
  • Create a cloud security policy to ensure your use of cloud computing does not lead to weaknesses.
  • Organize penetration tests to see how systems and staff respond to realistic simulations of different types of cyber attacks.

Do you rely on in-house hosting? Then your security plan must also include hardware protection—refer to our article on server room design to learn how companies keep on-site infrastructure safe.

The Best Way to Counter Different Types of Cyber Attacks Is to Understand How They Work

Is the goal of this article to make you paranoid? No, but we are trying to make you aware of the different types of cyber attacks you will likely encounter at some point. Once you know how an average hacker thinks, creating an effective protection strategy becomes easier. Use this article to stay a crucial step ahead of would-be criminals looking to make a quick buck off your company.