• Mohan Chathuranga

Top 5 Most Common Types of Cyber Attacks

No matter what the incident is there is a type of attacking technique from the following commonly used by attackers.

Can you imagine a day that you spend without your smartphone, laptop, tablet, smart watch etc? They are penetrating every sphere of our life to make it easier and more colorful. This mainstream helps us to immerse into the web surfing, exchange selfies with friends, or do business even being far away from the office. But not everything is so perfect in the online space.

All these channels are built on the backbone of ones and zeroes based binary systems. They are susceptible for all the fundamental behaviours of computer science which is exploited by attackers to steal your data or steal money. Here are the five most common types of these attacks.

1. Malware

If your device begins to run very slowly, settings change by themselves and you can’t restore them, or the web browser contains the components you didn’t download, it’s a sure sign that the gadget is infected with malware. You’ve probably clicked on a pop up window or a link with malicious software when downloading some files or just surfing a non-trusted website. Now, cyber criminals can wreak all sorts of havoc on your device. The worst thing is that they are able to monitor your online activities, take control of your private information, and share or sell the data to unauthorized third parties. For this hackers use different shapes and sizes of malware, such as spyware, ransomware, viruses, worms, trojans, and scareware.  

2. Phishing attacks

Phishing is perhaps the most commonly reported form of cyber attack, and keeping up with the methods of some phishing attacks is proving to be very difficult.

There are various types of phishing attacks and the type that is used usually depends on the industry. “Hackers send out hundreds of thousands of emails [with an attachment or link] hoping that someone will click on them,” “That’s the hacker’s means to access your system.” Once you open it, you’re giving them access to your computer system and the information on it.

“Once they’re in, then they’re able to really attack the software’s vulnerabilities, whether it’s personal passwords, firewall or lack thereof, or unpatched status security software.”

How can you prevent it? Avoid clicking and loading files from unknown sources and always keep your security software up-to-date.

3. Password attacks

The name speaks for itself. This is the case when hackers try to access your profile by hacking the password. Generally, this threat doesn’t require any malicious code to be run on the devices. The cyber criminals try to crack encrypted data by means of a software which is installed on their system. The main point is while using a special dictionary of letters and numbers to make all possible combinations that can reproduce a password, hackers will get access to your profile sooner or later.

How can you minimize the chance of a successful attack? Create a strong password using a combination of letters, numbers, or symbols and change it periodically.

4. Man-in-the-middle (MitM) attack

A MitM attack occurs when a hacker inserts itself between the communications of a client and a server. Here are some common types of man-in-the-middle attacks:

Session hijacking

In this type of MitM attack, an attacker hijacks a session between a trusted client and network server. The attacking computer substitutes its IP address for the trusted client while the server continues the session, believing it is communicating with the client. For instance, the attack might unfold like this:

  1. A client connects to a server.

  2. The attacker’s computer gains control of the client.

  3. The attacker’s computer disconnects the client from the server.

  4. The attacker’s computer replaces the client’s IP address with its own IP address and spoofs the client’s sequence numbers.

  5. The attacker’s computer continues dialog with the server and the server believes it is still communicating with the client.


A replay attack occurs when an attacker intercepts and saves old messages and then tries to send them later, impersonating one of the participants. This type can be easily countered with session timestamps or nonce (a random number or a string that changes with time).

Currently, there is no single technology or configuration to prevent all MitM attacks. Generally, encryption and digital certificates provide an effective safeguard against MitM attacks, assuring both the confidentiality and integrity of communications. But a man-in-the-middle attack can be injected into the middle of communications in such a way that encryption will not help — for example, attacker “A”  intercepts public key of person “P” and substitute it with his own public key. Then, anyone wanting to send an encrypted message to P using P’s public key is unknowingly using A’s public key. Therefore, A can read the message intended for P and then send the message to P, encrypted in P’s real public key, and P will never notice that the message was compromised. In addition, A could also modify the message before resending it to P. As you can see, P is using encryption and thinks that his information is protected but it is not, because of the MitM attack.

5. Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks

A denial-of-service attack overwhelms a system’s resources so that it cannot respond to service requests. A DDoS attack is also an attack on system’s resources, but it is launched from a large number of other host machines that are infected by malicious software controlled by the attacker.

Unlike attacks that are designed to enable the attacker to gain or increase access, denial-of-service doesn’t provide direct benefits for attackers. For some of them, it’s enough to have the satisfaction of service denial. However, if the attacked resource belongs to a business competitor, then the benefit to the attacker may be real enough. Another purpose of a DoS attack can be to take a system offline so that a different kind of attack can be launched.

26 views0 comments