Types of cyber attacks: the most common and underestimated ones

Not everyone knows about the types of cyber attacks used to damage individuals and public or private organizations. Apart from their classification, which identifies their individual types, they have varying degrees of severity and consequences which make them more or less worrying. Unfortunately, nowadays there are no really harmless types of cyber attacks. In fact, the reasons that drive cyber criminals mainly fall within cybercrime and therefore focus on making huge profit from cyber attacks at their victims’ expense. If the damage then involves identity theft, the victim is affected twice: both personally and financially.

Naturally, we are not talking about cyberterrorism types of attack, which aim to destabilize social order with much more wide-ranging consequences and serious related damage for the real world.

Finally, the types of cyber attacks that can be attributed to hacktivism are mainly directed at companies and organizations for reasons of activism and protest, while targeted types of cyber attacks, i.e. ones directed at a specific victim, can strike for personal or lucrative reasons, but they might seem less frequent when compared with the first type of massive campaigns. Nevertheless, this category includes all types of cyber attacks against individual targets for personal reasons or by commission. But exactly what and which types of cyber attacks should we be focusing more on?

Definition of cyber attacks

According to the definition by the National Initiative For Cybersecurity Careers And Studies (NICCS), an initiative by the Cybersecurity and Infrastructure Security Agency (CISA), a cyber attack is defined as an attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity, and more generally speaking, it involves the intentional act of attempting to bypass one or more security services or controls of an information system to alter the confidentiality, integrity and availability (CIA) of data.

The most common types of cyber attacks

According to the latest Cyber Security Report 2020 published by Check Point, 28% of attacks worldwide involve malicious multipurpose botnets (computer networks infected by malware that can be used to launch a coordinated attack, DDoS, against a target), while the 20% increase in cases of incident response has been caused by a targeted ransomware attack (a type of malware that infects a PC and often blocks its data and functions, demanding money to resolve the problem).

The malware scene is still dominated by cryptominers (malware that uses the victim’s computational resources to mine virtual coins) which affected 38% of companies in 2019.

Mobile attacks seem to be slightly down from 2018, which were launched against 27% of global organizations in 2019. By extension, the types of cyber attacks known as Magecart inject harmful code into e-commerce websites to steal payment details and affected hundreds of websites in 2019, including hotel chains, commerce giants and SMEs. Finally, cloud cyber attacks are also increasing, which are mainly caused by incorrect configuration of in-cloud resources, but this is also due to the increase in attacks aimed directly at in-cloud service suppliers.

Underestimated types of cyber attacks

Most underestimated types of attacks fall within the category of those carried out by email using Social Engineering techniques: phishing (a scam aimed at tricking the victim so they hand over their personal data and to use it fraudulently), CEO scams (emails to convince employees to transfer funds to bank accounts controlled by cyber criminals), spoofing (falsifying some of the sender’s data to trick the victim), Business Email Compromise types of cyber attacks, various account hijacking techniques and the sending of malicious attachments. These threats are very underestimated and all too often treated lightly with little attention and no prevention.

Negligent users could also fall for brand phishing, where a fraudulent link is redirected to lead victims to a fake web page that looks like the official website of a well-known brand, but infects the visitor’s device to the cyber criminals’ benefit.

You can protect yourself by increasing the awareness of staff through education and training, but also by adopting platforms that use Artificial Intelligence algorithms which can filter out most threats after an appropriate learning period.