Types of cyber attacks
Cyber attacks are deliberate actions exploiting vulnerabilities in IT systems, applications, networks, or humans. They are classified into technical attacks (malware, exploits), social engineering (phishing, BEC), network attacks (DDoS, MITM), and physical attacks.
Types of cyber attacks — guide to the 20 most common
Cyber attacks are deliberate actions exploiting vulnerabilities in IT systems, applications, networks, or humans (social engineering) — with the goal of data theft, disruption, espionage, or ransom extortion. Below are the 20 most common attack types observed in 2024-2026, with classification, examples, and defense strategies.
Attack classification
Attacks are categorized along several dimensions:
| Criterion | Categories |
|---|---|
| Goal | Data theft, disruption (DoS), ransom, espionage (APT) |
| Vector | Network, application, physical, social engineering |
| Mechanism | Malware, exploit, social engineering, credential theft |
| MITRE ATT&CK stage | Reconnaissance → Initial Access → Execution → … → Impact |
20 types of cyber attacks
Social engineering attacks (targeting people)
- Phishing — mass fake emails stealing credentials. 80%+ of incidents. Defense: security awareness, MFA, email filtering.
- BEC (Business Email Compromise) — targeted attack on finance staff, forcing wire transfers. Average loss $125k. Defense: 2-step verification procedure, MFA.
- Spear phishing — personalized phishing targeting specific people (C-level, IT admins).
- Vishing and smishing — phishing via phone (voice) and SMS.
- Pretexting — invented context to extract information (e.g., “call from IT”).
Malware and ransomware
- Ransomware — data encryption with ransom demand. Record $30+ billion losses in 2024. Defense: 3-2-1 backup, EDR, segmentation, MFA.
- Trojans and RATs — hidden remote access. Defense: AppLocker/WDAC, EDR, DNS filtering.
- Wipers — data destruction without ransom (sabotage). Examples: NotPetya, WhisperGate.
- Cryptominers — covert use of computing power for cryptocurrency.
- Rootkits and bootkits — malware hidden in kernel or firmware.
Network attacks
- DDoS (Distributed Denial of Service) — flooding service with botnet traffic. Defense: CDN, WAF, anti-DDoS (Cloudflare, Akamai).
- MITM (Man-in-the-Middle) — intercepting communications. Defense: HSTS, cert pinning, VPN.
- DNS spoofing and cache poisoning — redirecting traffic to fake server. Defense: DNSSEC.
- ARP spoofing — local network impersonation. Defense: 802.1X, port security.
Web application attacks
- SQL Injection — injecting SQL queries. Defense: parametrized queries, ORM, WAF.
- XSS (Cross-Site Scripting) — injecting scripts into browser. Defense: CSP, input/output sanitization.
- IDOR (Insecure Direct Object Reference) — accessing others’ resources via ID manipulation. Defense: object-level authorization.
- SSRF (Server-Side Request Forgery) — forcing server to execute request. Defense: URL allowlist, network segmentation.
Advanced attacks
- APT (Advanced Persistent Threat) — long-term, state-sponsored campaigns. Examples: APT29, APT28, APT41, Lazarus. Defense: threat hunting, 24/7 SOC, XDR, intelligence sharing.
- Supply chain attacks — compromising vendor/library. Examples: SolarWinds, Kaseya, 3CX. Defense: SBOM, software composition analysis (SCA), zero trust.
Top initial access vectors (Verizon DBIR 2024)
- Credential theft — 38% of incidents
- Phishing — 32%
- Vulnerability exploit — 14% (rising trend post MOVEit, ScreenConnect)
- Cloud misconfiguration — 8%
- Insider threat — 7%
9-layer defense (Defense in Depth)
- Security awareness — quarterly training, phishing simulations
- MFA everywhere — priority: email, VPN, admin, cloud
- Patch management — critical CVEs in <14 days
- Email security — DMARC, DKIM, SPF + AI filtering (Proofpoint, Mimecast)
- EDR/XDR — behavioral endpoint detection (CrowdStrike, SentinelOne, Microsoft Defender XDR)
- Segmentation and Zero Trust — microsegmentation, ZTNA instead of VPN
- 24/7 SOC — monitoring with SIEM + SOAR
- Backup 3-2-1-1-0 — 3 copies, 2 media, 1 offsite, 1 offline/immutable, 0 restore errors
- Incident Response Plan — playbooks, runbooks, quarterly tabletop exercises
Explore our services
Frequently asked questions
+ What are the most common types of cyber attacks?
In 2024-2026 the dominant attacks are: (1) phishing and BEC (80%+ of incidents per Verizon DBIR), (2) ransomware ($30+ billion in 2024 losses), (3) supply chain attacks (SolarWinds, Kaseya), (4) vulnerability exploitation (zero-day, n-day), (5) DDoS attacks (often as a smokescreen), (6) credential theft (credential stuffing, brute force), (7) API attacks, (8) cloud misconfiguration attacks. Top vectors: email, RDP, VPN, unpatched systems.
+ How are cyber attacks classified?
Main classifications: (1) by goal — disruption (DDoS), data theft (exfiltration), ransom (ransomware), espionage (APT), (2) by vector — network, application, physical, social engineering, (3) by mechanism — malware, exploit, social engineering, credential theft, (4) by MITRE ATT&CK stages — reconnaissance, initial access, execution, persistence, privilege escalation, defense evasion, lateral movement, exfiltration, impact.
+ How does phishing differ from BEC?
Phishing is mass distribution of fake emails to many recipients — goal: credential theft. BEC (Business Email Compromise) is a targeted attack on a specific person (usually CFO, accounting) — goal: convincing them to execute a wire transfer or change bank details. BEC typically contains no login links, relying on persuasion (often after mailbox compromise). Phishing = broad reach, BEC = high value (average loss ~$125k in 2024).
+ What is an APT attack?
APT (Advanced Persistent Threat) is a sophisticated, long-term attack conducted by a well-organized group (often state-sponsored). Characteristics: (1) careful reconnaissance, (2) zero-day exploits or custom malware, (3) staying undetected for months/years, (4) lateral movement in network, (5) data exfiltration. Examples: APT29 (Cozy Bear, Russia), APT28 (Fancy Bear), APT41 (China), Lazarus (North Korea). Typical targets: government, defense, energy, finance.
+ How to defend against cyber attacks?
Fundamental defense in layers: (1) employee education — security awareness training, phishing simulations, (2) MFA for all access, (3) patch management — critical vulnerabilities in <14 days, (4) network segmentation and Zero Trust, (5) EDR/XDR on endpoints, (6) 24/7 SOC with behavioral detection, (7) 3-2-1 backup with offline isolation, (8) Incident Response plan tested quarterly, (9) security audits and pentests at least annually.