Last Updated on September 17, 2021 by Calvin C.
The COVID-19 pandemic has seen an increase in the number of cyberattacks with ransomware attacks forming a significant proportion of the attacks.
In this article, I look at 12 types of cyberattacks and some of them are covered in more detail in articles linked.
These forms of attack overlap and an attacker usually uses the best tactic in a given situation, or a combination of attacks.
See it as a toolbox of attack techniques, with each form of attack used to when it’s needed.
1. Zero-day exploit
In a zero-day exploit, a cybercriminal attacks a system with a security flaw or bug which the vendor does not know about.
Usually researchers bring this zero-day vulnerability to the vendor’s attention and a patch fixes that issue.
In some cases, the existence of the vulnerability comes to light after an attack.
By the way, it’s called a zero-day because the issue is known for zero-days.
Attacks on the vulnerable software or firmware come in the form of various malware attacks (see below).
A hacker hijacks computers or mobile devices and use them for malicious cryptomining.
The victim’s device becomes slow, overheats and resources are strained.
Heck, this attack can even leave a dent on your electricity bill!
Once this code is deployed, it runs in the background and any cryptocurrency mined or stolen finds its way into the hacker’s wallet.
3. Password attack
In a password attack, the goal of the attacker is to crack a password and various tactics are used.
These are some of the techniques used to do that:
Once your password is in the hands of the attacker, your accounts are compromised that’s why 2-factor authentication is effective in adding an extra layer of security.
You also need to make use of a password manager in-order to generate a strong password that cannot be easily cracked.
One password manager that I recommend is NordPass. This tool is available for all major operating systems and you can follow the link to start using it right away:
4. Cross-site scripting (XSS) attack
In a XSS attack, an attacker injects a malicious script in a site that is benign and this script is executed once an unsuspecting user visits the web page or web application.
This may occur in the comment section or in forums, so if you are a web owner it’s important to filter comments to minimize XSS attacks.
In some cases, a link left by the attacker redirects a visitor to a booby-trapped website.
5. Eavesdropping attack
If you are in a public network, a hacker can intercept your traffic and see what you are up to without your knowledge.
It’s important to be aware of this kind of attack when you are working remotely and need to access company resources.
Fortunately, a VPN creates a secure connection to hide you from hackers, your ISP or even government agencies.
6. DNS tunneling
DNS tunneling is used by an attacker to route DNS queries to the attacker’s servers and it’s difficult to detect.
Network defenses generally allow DNS requests to pass through while blocking suspicious traffic.
Therefore, by using DNS tunneling, an attacker can maintain a grip on the victim’s device, running commands and exfiltrating data.
7. SQL injection
This kind of web security vulnerability involves SQL databases. An attacker interferes with database queries to enable unauthorized access to data that is not normally publicly available.
The goal of this kind of attack is to do any of the following:
- Delete or modify data
- Compromise the underlying server
- Perform a denial-of-service
- Compromise other back-end infrastructure
- Access confidential data like passwords, usernames, credit card details etc.
This kind of attack can have detrimental effects to an organization.
8. Distributed Denial-of-Service (DDoS) attack
An attacker uses a DDoS attack to disrupt web services by flooding a target server with traffic.
Traffic can originate from multiple sources, making it difficult to block this kind of attack.
Usually the attacker recruits vulnerable devices, like IoT devices or computers, to create a bot network.
Bot traffic is then directed to target servers, usually as part of hacktivism. You can read more about this DDoS attacks here.
9. Drive-by attack
Suppose you are innocently browsing the internet and you come across a website that looks interesting.
You download a link or a file on the site and unknowingly install malware.
In this case, the website belongs to the attacker or malicious links are left on the site.
This is the kind of trap that is set-up in a drive-by attack.
Always avoid websites that are suspicious and download executable files from official sites only.
10. Malware attack
A malware attack uses malicious code that takes over or disrupts your computer system. In some cases, malware is disguised as a harmless app or file.
One of the common forms of a malware attack is a ransomware attack.
An example of such an attack that made headlines is the Colonial Pipeline attack where a ransom of $4.4 million was paid to Darkside, a cybercriminal gang.
11. Man-in-the-middle attack (MITM)
An attacker uses a hacking tool like a WiFi Pineapple to create a fake WiFi hotspot.
If you join this malicious network, all your internet traffic passes through the attacker.
One way to protect yourself when you are in a public network is to use a VPN, which encrypts all your traffic.
Even if an attacker intercepts your traffic, it will all be encrypted.
I recommend NordVPN for providing the best privacy and security.
12. Phishing attack
A phishing attack is a clever way used by cybercriminals to gather valuable data from a victim.
The victim is tricked into freely giving up personal information like an email address, username, password to name a few.
In most cases, the phishing attack is directed at financial institutions and the end-goal is to steal money from the victim.
Visit this detailed article which covers 10 types of phishing attacks so that alarms bells ring when you encounter such an attack.
Do you have any comments or additions? Share this article with your friends on social media and subscribe to our newsletter. Make sure you check out the best VPNs to stay anonymous on the web.