10 Most Common types of Cyber Attacks in 2020

Most Common types of Cyber Attacks
Sharing is Caring:

Most Common types of Cyber Attacks

To solve any problem, It’s very important to understand it thoroughly.

Right !!!

The same applies to cyber security as well 🙂

Only when you understand the cyber risk/attack, you can take measures to prevent it.

With increasing cyber risks day by day, It is very important to understand-

  • What exactly is the cyber risk or threat or attack.
  • What are some common known attacks, where most of organizations have been victims to.
  • How its damaging the goodwill of an organization
  • How prepared are we to deal these cyber risks or threats.

So let’s start with understanding cyber attack.

What is Cyber attack?

Cyber-attack is the attack against computer systems. Hacker exploits the weakness in the computer system or network to gain access to system or data in an illegal way (i.e. without your consent).

Attackers uses various methods including malware (malicious software), phishing etc to-

  • Steal sensitive information
  • Alter or destroy organizational or personal data
  • Making the data or system inaccessible to perform operational activities etc.

Let’s take a close look on below snapshot –

we can see here the visualization for Live threat Map.

You can also check this out through below link for ongoing live threat now : https://threatmap.checkpoint.com/

As you saw, Every few seconds cyber-attacks are happening worldwide.

Next could be you or your organization if necessary safeguard or controls are not in place to ensure CIA (Confidentiality, Integrity, Availability).

Well, Did I convince you to know the various cyber attacks so that you can protect yourself and your organization?

If you are reading this line, I will take that as a yes !!!

So, What are we waiting for?

Let’s continue with our list of most common types of cyber attacks 🙂

1. Malware Attack

Malware (i.e. Malicious software), is a very common and well known attack.

It is a type of attack in which an attacker creates a malicious software and installs that software into some one else’s system without their consent.

If you are an active computer user you may have faced something like this. For instance clicking on a link or visiting a website suddenly started a download.

There are several types of Malware like Virus, Worm, Trojan Horses, Spyware, etc.

To sum up, malware are designed to perform activities on victims system without their consent or knowledge to alter, destroy or steal sensitive information.

Impact of Malware Attack

  • Identity theft by accessing your personal information
  • Can control your system and perform illegal actions.
  • Can completely crash your computer system
  • Can slow down computer/web browser etc

How to prevent?

  • Always keep your system updated with latest security updates and patches.
  • Install Anti-virus/Anti-malware software on your system
  • Always be careful to check legitimacy before downloading any software or simply avoid installing software from unknown sources
  • Avoid clicking on suspicious email links as you might end up installing malicious software

2. Denial-Of-Service Attack

Denial-of-Service (DoS) or Distributed Dos is a type of attack in which an attacker aims to halt a system, making it inaccessible for the intended users.

Attackers usually use massive amount of internet traffic to flood a particular website, servers or set of servers to choke the network.

The traffic is too huge to be handled by the system resulting in crash.

In short, their end goal is to make the system unavailable for the intended users.

Impact of Denial-Of-Service Attack

  • Unplanned massive outage/inaccessible website
  • It can cause huge revenue loss due to unavailability
  • Complete crash of system or applications

How to prevent?

  • Building redundancy into your infrastructure
  • Strengthen network security using WAF or IPS/IDS
  • Scale-up bandwidth or enable bandwidth bursting

3. Eavesdropping Attack

Eavesdropping attack is a type of attack which happens when your data travels over the unsecured network.

Attackers takes advantages of unsecured communication over the network to steal your information.

It is also know as snooping or sniffing attack, where attacker install ‘snifter’ to intercept date from the weakened connection.

Impact of Eavesdropping Attack

  • Can steal or eavesdrop sensitive information
  • Financial or business data loss

How to prevent?

  • Avoid using public wi-fi network, which is highly prone to eavesdrop
  • Encrypt data before it transmits over the network
  • Keeping latest patches for your antivirus or operating system
  • Strengthen your overall network security

4. Man-in-middle Attack

To be simple, Man-in-Middle attack is exactly what it sounds like. There is someone in the middle(attacker) between the sender and receiver of data.

In other words, It is a method of attack where an attacker puts himself in between the communication of the sender and receiver, and tries to gain access to the information that they are exchanging.

Impact of Man-in-middle Attack

  • Can alter, destroy or steal data in transit
  • It can cause financial or business loss

How to Prevent?

  • Always use encryption before transmitting data
  • Always use HTTPS when visiting any website
  • Strengthen network security

5. Social Engineering Attack

Social engineering is one of the technique which doesn’t necessarily attacks through computer system.

Casually if I say, social engineering tactics rely on human psychological manipulation.

Attacker may be pretending to be someone as authority and simply asking for the credential or something to be getting done, which he or she shouldn’t be doing by normal mean. Attackers may use any other techniques also to get sensitive information disclosed.

Human link is the weakest link in cyberspace. Every individual should go through necessary training to avoid these kind of manipulation tricks from attackers. It will help improving overall security.

Impact of Social Engineering Attack

  • Sensitive information can be revealed
  • Victims Password can be compromised

How to Prevent?

  • Educate employee through regular security awareness session
  • Avoid blind trust, always think before responding such unusual requests

6. Phishing Attack

Phishing is also a type of social engineering attacks where an attacker pretends to be a trusted entity for instance your bank and dupes you to reveal sensitive information like your username/password.

Attackers basically targets certain users or groups to trick on clicking malicious link sent over e-mail or text messages.

Impact of Phishing Attack

  • Attacker can install Malware (Ransomware etc.) into the system using phishing link
  • It can trick victims to expose their credentials

How to prevent?

  • Do not open any attachment from unknown senders
  • Avoid clicking suspicious embedded malicious link

7. Ransomware Attack

Ransomware is not a type of malware. It’s very common now a days. Even lots of hospitals or health care, IT organizations or Government offices have been victims to it.

once the attacker gets hold of your data, they threaten to either expose your data publicly or to encrypt it altogether making it inaccessible for you till a ransom amount is paid to them(Usually through cryptocurrency).

Impact of Ransomware Attack

  • Data can lost or wiped out as everything is getting encrypted and only accessible to the attacker, who has decryption key
  • It can cause financial loss due to unavailability of critical applications
  • Goodwill loss, as sensitive data can be exposed later by attacker to publicly available websites

How to prevent?

  • Regular backup of your data and testing restoration
  • Keeping system up-to-date with latest vendor patches

8. Cross site scripting (XSS) Attack

Do you know that 1 out 3 websites are vulnerable to cross site scripting?

Yes you read that right!!!

Cross site scripting is basically a type of code injection attack. It happens on client side i.e. web browser.

An attacker simply injects a malicious code/script into a web page, Which results in altering the application code(HTML/JavaScript) that was supposed to be delivered to the end user.

So, when a user of an application visits a web page, Malicious code gets executed and attacker is successful in getting something done which was not originally intended.

Impact of Cross Site Scripting

  • Session Hijacking- The attacker takes over the user’s session(In simple terms session is nothing but the time you login into a system such as banking application till you logout.)
  • Deface Content- Changing the content of the page to something they want and unintended
  • Credential theft

How to Prevent?

  • Organize awareness session among web developers, testers and the team.
  • Never ever trust any user input and sanitize it before sending it as output to the end user.
  • Run vulnerability assessment for xss and fix them.

9. SQL Injection Attack

Similar to cross site scripting, SQL injection is also a code injection attack. However, it occurs on server side i.e. on database of the application.

Here an attacker injects malicious SQL code into an application through web page. When application executes this malicious code, it ends up exposing all the data to attacker.

Impact of SQL Injection

  • Sensitive data like credit card info or passwords can be stolen
  • Data can be altered or destroyed altogether
  • Attacker can even become the administrator of database server and can cause severe damage to data

How to Prevent?

  • The very first and foremost step is to never trust any user input and sanitize it before using it
  • Use prepared statements/parameterized queries 
  • Use Web Applications Firewall

10. Password Attack

Password attack is very common type of attack where a hacker tries to gain access to your system through guessing or stealing your password.

Attackers are using several techniques or tricks to obtain your login details to achieve their goals.

  • It could be Brute Force Attack(Rely on discovering or guessing all combinations of passwords till it succeed)
  • Dictionary Attack (Another Brute Force attack where guessing or discovering password using well known passphrase or dictionary word combinations to hack the login credentials)
  • Key logger method (By installing malware into victim’s system to track or monitor the key strokes) or some other techniques.

Impact of password attack

As we know user credentials are used to authenticate a system, applications etc, once it’s compromised, hacker will have full control, they can steal, alter or altogether they can even destroy or disrupt the normal operations too.

How to Prevent?

Here are some of the basic tips or tricks which can be used to minimize the risk of getting your credentials compromised.

  • Always use strong passwords with combinations of capital letter, small letter, special characters and numbers
  • Always make sure to change default passwords of all your account
  • Do not choose a password which can be guessed easily like any Dictionary word or on Pet name or your DOB etc.
  • Change your password frequently
  • Enable Dual-factor authentication on your account.

Conclusion –

As we say prevention is better then cure. I hope you got overall idea about some of the most common types of cyber attacks.

Always follow security best practices while designing and developing your application if you are a developer.

Even if you are a simple web user, follow some of the guidelines like-

  • Having strong password and update regularly
  • Enabling Dual-factor authentication
  • Never click any link from unknown source
  • Always be careful to check legitimacy before downloading any software or simply avoid installing software from unknown sources
  • Keeping your system up-to-date with latest patches etc.

Well, That was my take on most common types of cyber attacks. Do let me know your feedback.

Enjoyed the content?

Subscribe to our newsletter below to get awesome AWS learning materials delivered straight to your inbox.

Subscribe to our newsletter below to get awesome AWS learning materials delivered straight to your inbox.

If you liked reading my post, you can motivate me by-

  • Adding a comment below on what you liked and what can be improved.
  • Follow us on 
  • Subscribe to our newsletter to get notified each time we post new content.
  • Share this post with your friends and colleagues

Also Read:

Sharing is Caring:

6 thoughts on “10 Most Common types of Cyber Attacks in 2020

  1. This article on cybersecurity is very much informative. The url to observe the live cyber threats clearly will helps us to acknowledge the risk and awareness to take the precautions before the sensitivity information getting compermised.

Leave a Reply

Your email address will not be published.