person Tute World Team

Types of Cyber Threats & Attacks

You can't defend against what you don't understand. This article walks through the most common types of cyber attacks — what they are, how they work, and what makes them effective — in plain English.

Malware: Malicious Software

Malware (malicious software) is any program designed to harm, exploit, or gain unauthorized access to a system. It's an umbrella term covering many specific types:

🦠

Virus

Attaches itself to legitimate files and spreads when those files are opened or shared. Like a biological virus — it needs a host to replicate.

🐛

Worm

Spreads automatically across networks without needing a host file. The WannaCry ransomware used worm behavior to infect 200,000 systems in 150 countries in 2017.

🐴

Trojan Horse

Disguised as legitimate software. You install what looks like a free game or PDF viewer, and it silently installs malware in the background.

🕵️

Spyware

Secretly monitors your activity — keystrokes, screenshots, browsing history — and sends it to an attacker. Often bundled with free software.

🔒

Ransomware

Encrypts your files and demands payment for the decryption key. Cost organizations over $20 billion in 2021. Colonial Pipeline paid $4.4M after a ransomware attack shut down fuel supplies to the US East Coast.

🤖

Rootkit

Hides deep in the operating system, giving attackers persistent, hidden access while remaining invisible to standard security tools. Extremely difficult to detect and remove.

Phishing: Social Engineering via Deception

Phishing is tricking people into revealing sensitive information by impersonating a trusted entity. It's the single most common attack vector — responsible for over 80% of reported security incidents.

Why it works: Phishing exploits human psychology, not software bugs. Urgency ("Your account will be suspended!"), fear ("Unusual activity detected"), and authority ("From: CEO") override our natural skepticism.

Spear phishing

Targeted phishing using personal details (your name, employer, recent purchase) to appear more convincing. Attackers research targets on LinkedIn and social media before crafting the message.

Whaling

Spear phishing aimed at executives ("whales"). A convincing email appearing to be from a board member asking the CFO to wire funds urgently. Business Email Compromise (BEC) cost $2.7 billion in 2022.

Smishing & Vishing

Phishing via SMS (smishing) or voice call (vishing). "Your package could not be delivered, click here" or "This is Microsoft Support, we've detected a virus on your computer."

Man-in-the-Middle (MITM) Attacks

A man-in-the-middle attack happens when an attacker secretly positions themselves between two communicating parties — intercepting, and possibly modifying, their communications without either party knowing.

Imagine you're writing a letter to your bank. A MITM attacker intercepts it, reads it, maybe changes the account number, then forwards it to the bank. The bank thinks the letter came from you. You think it went straight to the bank. Neither of you knows an attacker was in the middle.

This is exactly what TLS/HTTPS prevents. By encrypting the connection and authenticating the server's identity with a certificate, HTTPS makes MITM attacks computationally infeasible — at least with today's computers. Post-quantum cryptography ensures they stay infeasible even with tomorrow's quantum computers.

Common MITM scenarios:

  • Public Wi-Fi — an attacker sets up a fake hotspot named "Coffee_Shop_WiFi"
  • ARP spoofing — tricking devices on a local network into sending traffic through the attacker
  • DNS spoofing — returning a fake IP address for a legitimate domain name
  • SSL stripping — downgrading HTTPS connections to unencrypted HTTP

Denial of Service (DoS & DDoS) Attacks

A Denial of Service (DoS) attack overwhelms a server or network with traffic until it can no longer serve legitimate users. A Distributed DoS (DDoS) uses thousands or millions of compromised machines (a botnet) to do the same thing at massive scale.

This attacks availability in the CIA Triad. The data is fine — it's just unreachable.

How big can DDoS attacks get?

Google reported absorbing a 398 million requests-per-second DDoS attack in 2023 — the largest ever recorded. Cloudflare mitigated a 71 million RPS attack in 2023. These are genuinely stunning scales of attack.

Injection Attacks (SQL, XSS, Command Injection)

Injection attacks happen when untrusted data is sent to an interpreter (a database, a browser, a shell) as part of a command or query. The attacker's input gets executed as code.

SQL Injection

The classic. A login form expects a username. The attacker types: ' OR '1'='1. The resulting SQL query becomes: SELECT * FROM users WHERE username='' OR '1'='1' — which returns all users, bypassing authentication entirely. SQL injection vulnerabilities have exposed hundreds of millions of records over the years.

Cross-Site Scripting (XSS)

Injecting malicious JavaScript into a webpage that then executes in other users' browsers. Used to steal session cookies, redirect users, or deface websites.

Interactive: Which Attack Is This?

Test your understanding. Click each scenario to reveal which attack type it is.

Frequently Asked Questions

What's the most dangerous type of cyber attack?

It depends on the target. For individuals, ransomware and phishing cause the most direct harm. For organizations, supply chain attacks (where attackers compromise a software vendor to reach thousands of customers at once, like the SolarWinds attack) are the most damaging because of their scale and the difficulty of detection.

Can antivirus software stop all of these attacks?

No. Antivirus is effective against known malware signatures but struggles with zero-day exploits, polymorphic malware that changes its appearance, and non-malware attacks like phishing or SQL injection. Modern security requires layered defenses — multiple tools working together.

How does encryption help defend against these attacks?

Encryption primarily defends against MITM attacks (by making intercepted data unreadable) and data breaches (even if attackers steal encrypted data, they can't read it without the key). It doesn't help against phishing, DDoS, or injection attacks — those require different defenses.

← The CIA Triad Next: Networking Basics →

Frequently Asked Questions

What will I learn here?

This page covers the core concepts and techniques you need to understand the topic and progress confidently to the next lesson.

How should I use this page?

Start with the overview, then follow the section links to deepen your understanding. Use the table of contents on the right to jump to specific sections.

What should I read next?

Use the navigation below to continue to the next lesson or explore related topics.