Cyber Attacks & Statistics

What are the 10 Most Common Types of Cyber Attacks?

1. Malware (or malicious software)
● Any program or code that is created with the intent to do harm to a computer, network or
server.

● Malware is the most common type of cyberattack, mostly because this term encompasses
many subsets such as ransomware, trojans, spyware, viruses, worms, keyloggers, bots,
cryptojacking, and any other type of malware attack that leverages software in a malicious
way.
Ransomware

In a ransomware attack, an adversary encrypts a victim’s data and offers to provide a

decryption key in exchange for a payment.

Ransomware attacks are usually launched through malicious links delivered via phishing
emails, but unpatched vulnerabilities and policy misconfigurations are used as well.

Fileless Malware

Fileless malware is a type of malicious activity that uses native, legitimate tools built into a
system to execute a cyber attack.

Unlike traditional malware, fileless malware does not require an attacker to install any code on
a target’s system, making it hard to detect.
Spyware

Spyware is a type of unwanted, malicious software that infects a computer or other

device and collects information about a user’s web activity without their knowledge or
consent.

Adware

Adware is a type of spyware that watches a user’s online activity in order to determine
which ads to show them.

While adware is not inherently malicious, it has an impact on the performance of a

user’s device and degrades the user experience.
Trojan

A trojan is malware that appears to be legitimate software disguised as native operating

system programs or harmless files like free downloads.

Trojans are installed through social engineering techniques such as phishing or bait
websites.

Worms

A worm is a self-contained program that replicates itself and spreads its copies to other
computers.

Embedded worms can modify and delete files, inject more malicious software, or
replicate in place until the targeted system runs out of resources.
Rootkits

Rootkit malware is a collection of software designed to give malicious actors control of

a computer network or application.

Once activated, the malicious program sets up a backdoor exploit and may deliver
additional malware

Mobile Malware

Mobile malware is any type of malware designed to target mobile devices.

Mobile malware is delivered through malicious downloads, operating system

vulnerabilities, phishing, smishing, and the use of unsecured WiFi.
Exploits

An exploit is a piece of software or data that opportunistically uses a defect in an

operating system or an app to provide access to unauthorized actors.

The exploit may be used to install more malware or steal data.

Keylogger

Keyloggers are tools that record what a person types on a device.

In a keylogger attack, the keylogger software records every keystroke on the victim’s
device and sends it to the attacker.
Botnet

Botnet is a network of computers infected with malware that are controlled by a bot herder.

The bot herder is the person who operates the botnet infrastructure and uses the
compromised computers to launch attacks designed to crash a target’s network, inject
malware, harvest credentials or execute CPU-intensive tasks.

Scareware

Scareware tricks users into believing their computer is infected with a virus.

Typically, a user will see scareware as a pop-up warning them that their system is infected.
This scare tactic aims to persuade people into installing fake antivirus software to remove
the “virus.” Once this fake antivirus software is downloaded, then malware may infect your
computer.
2. Denial of Service (DoS) Attack
● A Denial-of-Service (DoS) attack is a malicious, targeted attack that floods a network with
false requests in order to disrupt business operations.

● The difference between DoS and Distributed Denial of Service (DDoS) attacks has to do with
the origin of the attack. DoS attacks originate from just one system while DDoS attacks are
launched from multiple systems.

● DDoS attacks are faster and harder to block than DOS attacks because multiple systems
must be identified and neutralized to halt the attack.
3. Phishing
Phishing is a type of cyberattack that uses email, SMS, phone, social media, and social
engineering techniques to entice a victim to share sensitive information

1. Spear Phishing: Spear-phishing is a type of phishing attack that targets specific individuals
or organizations typically through malicious emails.
2. Whaling: A whaling attack is a type of social engineering attack specifically targeting senior
or C-level executive employees with the purpose of stealing money or information.
3. SMiShing: Smishing is the act of sending fraudulent text messages designed to trick
individuals.
4. Vishing: Vishing, a voice phishing attack, is the fraudulent use of phone calls and voice
messages pretending to be from a reputable organization
4. Spoofing
Spoofing is a technique through which a cybercriminal disguises themselves as a known or
trusted source. Spoofing can take different forms, which include:

1. Domain Spoofing : Domain spoofing is a form of phishing where an attacker impersonates

a known business or person with fake website or email domain to fool people into the
trusting them.
2. Email Spoofing : Email spoofing is a type of cyberattack that targets businesses by using
emails with forged sender addresses.
3. ARP Spoofing : Address Resolution Protocol (ARP) spoofing or ARP poisoning is a form of
spoofing attack that hackers use to intercept data. A hacker commits an ARP spoofing
attack by tricking one device into sending messages to the hacker instead of the intended
recipient.
 80% of all breaches use compromised
identities and can take up to 250 days to
identify.
5. Identity-Based Attacks
When a valid user’s credentials have been compromised and an adversary is masquerading as that user, it is often very difficult
to differentiate between the user’s typical behavior and that of the hacker using traditional security measures and tools.

1. Man-in-the-Middle (MITM) Attack : A man-in-the-middle attack is a type of cyberattack in which an attacker eavesdrops
on a conversation between two targets with the goal of collecting personal data, passwords or banking details, and/or to
convince the victim to take an action such as changing login credentials.
2. Pass-the-Hash Attack : Pass the hash (PtH) is a type of attack in which an adversary steals a “hashed” user credential
and uses it to create a new user session on the same network. It does not require the attacker to know or crack the
password to gain access to the system.
3. Credential Stuffing : Credential stuffing attacks work on the premise that people often use the same user ID and
password across multiple accounts. Therefore, possessing the credentials for one account may be able to grant access
to other, unrelated account.
4. Brute Force Attacks: A brute force attack is uses a trial-and-error approach to systematically guess login info,
credentials, and encryption keys. The attacker submits combinations of usernames and passwords until they finally
guess correctly.
6. Code Injection Attacks
Code injection attacks consist of an attacker injecting malicious code into a vulnerable computer or
network to change its course of action.

1. SQL Injection : A SQL Injection attack leverages system vulnerabilities to inject malicious SQL
statements into a data-driven application, which then allows the hacker to extract information from
a database.
2. Cross-Site Scripting (XSS) : Cross Site Scripting (XSS) is a code injection attack in which an
adversary inserts malicious code within a legitimate website. The code then launches as an
infected script in the user’s web browser, enabling the attacker to steal sensitive information or
impersonate the user.
3. Malvertising : Typically, the attacker begins by breaching a third-party server, which allows the
cybercriminal to inject malicious code within a display ad or some element thereof, such as banner
ad copy, creative imagery or video content. Once clicked by a website visitor, the corrupted code
within the ad will install malware or adware on the user’s computer.
7. Supply Chain Attacks
A supply chain attack is a type of cyberattack that targets a trusted third-party vendor
who offers services or software vital to the supply chain.

1. Software supply chain attacks: Inject malicious code into an application in order to
infect all users of an app. Particularly vulnerable because modern software is not
written from scratch: rather, it involves many off-the-shelf components, such as
third-party APIs, open source code and proprietary code from software vendors.
2. Hardware supply chain attacks: compromise physical components for the same
purpose.
8. Insider Threats
Insider threats are Internal actors such as current or former employees that pose danger
to an organization because they have direct access to the company network, sensitive
data, and intellectual property (IP), as well as knowledge of business processes,
company policies or other information that would help carry out such an attack.

To combat this, organizations should implement a comprehensive cybersecurity training

program that teaches stakeholders to be aware of any potential attacks, including those
potentially performed by an insider.
9. DNS Tunneling
DNS Tunneling is a type of cyberattack that leverages domain name system (DNS) queries
and responses to bypass traditional security measures and transmit data of other program
and code within the network.

Once infected, the hacker can freely engage in command-and-control activities. This tunnel
gives the hacker a route to unleash malware and/or to extract data, IP or other sensitive
information by encoding it bit by bit in a series of DNS responses.
10. IoT-Based Attacks
An IoT attack is any cyberattack that targets an Internet of Things (IoT) device or network.

Once compromised, the hacker can assume control of the device, steal data, or join a group
of infected devices to create a botnet to launch DoS or DDoS attacks.
Statistics
List of Breaches: https://en.wikipedia.org/wiki/List_of_data_breaches

Cyber Attacks: https://parachute.cloud/cyber-attack-statistics-data-and-trends/

Zero-day Vulnerability & Bounties: https://zerodium.com/program.html

Hacker News: https://thehackernews.com/