The most common types of cyber attacks include phishing, DDoS attacks, ransomware, account takeover, and SQL injection.
After reading this article you will be able to:
Copy article link
A cyber attack is any action that has the intent of changing, stealing, destroying, or disrupting data and processes within a digital system. Cyber attacks pose less physical risk to criminals than committing crimes in the non-digital world, and they can be (in some cases) highly profitable, so they are only increasing in popularity. There are dozens of types of cyber attacks, and often they are chained together in a larger attack campaign. Some of the most common cyber attacks include:
Phishing refers to attempts to steal sensitive information, especially user credentials or financial information, through the use of fraudulent messages. Phishing attacks are most often thought of as occurring over email, but attackers can use other channels for their phishing messages as well, from phone calls and text messages to QR codes.
Some phishing messages are sent in bulk, while other types of phishing attacks are highly targeted and personalized: these include spear phishing and whale phishing.
Many of the other attacks listed below are often preceded by phishing attacks. An attacker may use phishing to get a foothold inside a larger organization, then infect that organization with ransomware, for example.
Secure email gateway (SEG): This can help to close off email-based attack vectors, although phishing attacks can come over other channels as well. Ideally, a secure email gateway will not just block known spam or emails from spoofed domains, but also use machine learning to identify suspicious emails even from known sources.
DNS filtering and browser isolation: DNS filtering can prevent spoofed login webpages or other malicious phishing links from loading, while browser isolation helps block drive-by downloads from any malicious links that do happen to load.
User training: Users should be educated regularly on how to identify phishing emails. Human error cannot be completely eliminated, but the better users are at spotting phishing emails, the less likely it is that an attack will be successful.
Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks are when an attacker floods a server, application, or network with junk traffic so that the target crashes or cannot serve legitimate users. DDoS attacks can knock an application offline or even take down wide swathes of the Internet if the attacker is targeting foundational systems like DNS.
DDoS attacks continue to increase in size: the Aisuru-Kimwolf botnet has sent attacks of well over 30 Tbps at its targets.
Both web application firewalls (WAFs) and DDoS mitigation services can block illegitimate network traffic and absorb large attacks. Cloudflare DDoS mitigation blocked the Aisuru-Kimwolf attacks mentioned above, and the service is available to anyone with a domain name for free.
Ransomware is malware, or malicious software, that when executed encrypts the contents of a file system or a hard drive so that the owners of the data cannot open or use the data. The parties controlling the ransomware then demand a payment for unlocking the data. There is, of course, no guarantee that paying the ransom means the attackers will actually unlock the data.
Because of its quick and often hefty payouts, ransomware is a highly popular form of cyber attack.
Ransomware does not spontaneously generate inside a device or a system: it enters through a wide range of attack vectors. Phishing is a major vector, as are vulnerability exploits, account takeover attacks, and previous malware-based attacks. Taking actions to detect and stop attacks through these vectors can help reduce the risk of ransomware.
Another crucial security measure is having a backup plan. Regular backups of systems and data ensure that, even if the original data is lost through a ransomware attack, an organization can revert to the backup copy and carry on without paying the ransom. Learn more about how to prevent ransomware.
Account takeover (ATO) attacks are attempts to gain control of a user's account. Attackers have a number of methods at their disposal for gaining entry to an account:
Account takeover can impact more than just the compromised account. Attackers can use the account to reach the user's other accounts, to move laterally within an organization's network and compromise additional systems, to carry out phishing attacks, or to steal sensitive data.
Basic security measures like strong password policies, the use of multi-factor authentication (MFA), rate limiting, and email security filters can stop many ATO attacks. For businesses and organizations, a zero trust security architecture can contain the damage from a successful ATO attack by segmenting the internal network to prevent lateral movement and further compromise.
Structured Query Language (SQL) injection is a common attack that can be directed against any web application that allows user inputs. By entering specialized SQL statements into an entry field, an attacker can execute commands that allow for the retrieval of data from the database or the destruction of that data. SQL injections work by taking advantage of applications that expect one type of data but instead receive a SQL command and do not have sufficient protections on the server side to recognize and block such commands.
There are a number of specific steps an application developer can take to architect their application backend in ways that prevent SQL injection attacks, including escaping user inputs, using prepared statements and stored procedures, and enforcing least-privilege access. But additionally, a WAF can block most SQL injection attacks before they reach applications. Sign up for the Cloudflare WAF.
These attacks target web browser activity. In a cross-site scripting (XSS) attack, an attacker attaches malicious code to a legitimate website that executes when a user loads the website. In a cross-site request forgery (CSRF) attack, an attacker forges a user request and attaches it to a link. When the link is loaded, the request is carried out.
WAF rules can block many types of XSS and CSRF attacks. In addition, application developers should bear these attacks in mind when constructing their applications and build in mitigations. Finally, users should be suspicious of links they are sent via email or other sources, and always load the actual URL of the website or app they are trying to use.
See the OWASP Top 10 for a more complete list of web application threats.
"Insiders," or persons within an organization, can pose just as much of a threat as outside attackers by:
Zero trust security ensures no insider has more access than they need, which limits the damage a malicious insider can inflict on internal systems and data.
Data loss prevention (DLP) can detect sensitive data and block attempts to copy, download, upload, or email that data.
Attackers can go after an organization or application indirectly instead of directly, by compromising components of their supply chain. This could mean compromising third-party application dependencies (any integrated applications or APIs), third-party software, open-source code, or hardware vendors. Attackers have even been known to target a cybersecurity vendor and add malicious code to their software, which is then sent out in a system update to that vendor’s clients.
Supply chain attacks are a particularly difficult problem in today's highly interconnected IT landscape, but these security measures can help to reduce the risk:
Learn more about supply chain attacks and their prevention.
All software has flaws, and some of those flaws can leave the software open to attacks — such flaws are called vulnerabilities. Vulnerability exploits are attacks that take advantage of vulnerabilities and allow the attacker to gain control of a system or view sensitive data.
Software vendors frequently issue patches and updates that eliminate vulnerabilities in their software. Applying those updates as soon as possible blocks many exploits. For web applications, a WAF can defend against common vulnerability exploits, as attackers often use the same exploits across multiple applications in attempts to compromise them.
Some vulnerabilities are not yet known to software vendors or to the security community at large: these are called zero-days. There is no foolproof defense against zero-days, but a WAF can stop many types of unknown attacks, and browser isolation can defend user devices against untrusted code.
In an on-path attack, the attacker is positioned between two parties that trust each other and impersonates each party to the other. This allows the attacker to intercept data.
One of the most foundational on-path attack prevention methods is the use of TLS (previously called "SSL") on websites. This protocol uses digital signatures to verify the identity of the web server to which the user is connected, ensuring that the user is not sending their data to an impostor. Users should also avoid sending sensitive data over public WiFi networks, which are a common site for on-path attacks. Cloudflare automatically enables free TLS for all domains that are connected to the Cloudflare network.