In 2022, global cyberattacks increased by 38% year-over-year. This percentage is expected to increase again in 2023 due to the maturity of AI technology, such as ChatGPT.
The increase in volume and severity of cyber attacks highlights the importance of cybersecurity governance. In order to create the policies, procedures, and strategies that define how cybersecurity is approached, managed, and monitored at your organization, you need to understand what threats you’re facing.
This article takes a look at 14 of the most common types of cybersecurity attacks in 2023, providing definitions and examples to help you understand and defend against these threats.
Most common types of cyber attacks in 2023
1. Malware attacks
Malware is a collective term for malicious software designed to harm or exploit digital devices.
Example: Stuxnet worm
Designed to sabotage Iran's nuclear program, Stuxnet spread through Microsoft Windows machines to target industrial applications, specifically those connected to uranium-enrichment centrifuges. Once inside a system, Stuxnet would subtly alter the speeds of the centrifuges, causing them to tear themselves apart while displaying normal operation to monitoring systems. Stuxnet reportedly destroyed nearly one-fifth of Iran's nuclear centrifuges, highlighting a new era of cyber warfare.
A type of malware, ransomware attacks encrypt a user's data and demand payment in return for the decryption key.
Example: WannaCry ransomware attack
WannaCry spread through a Windows vulnerability known as EternalBlue. Once a system was infected, the ransomware would attempt to spread to other devices on the same computer network, as well as random hosts on the wider internet. Major organizations around the world were affected, including FedEx, Renault, and the UK National Health Service, which had to divert emergency patients due to disabled computer systems. Damages are estimated in the billions to tens of billions of dollars globally. The attack ended when a cybersecurity researcher discovered a kill switch in the ransomware code.
3. Denial-of-Service (DoS) attacks
DoS attacks overload a computer system with excessive traffic, making it unavailable to users.
Example: Dyn DNS DoS attack
A distributed denial-of-service attack targeting the Domain Name System provider Dyn affected high-profile websites and online services, including Twitter, Reddit, Netflix, CNN, and Spotify, making them unavailable to millions of users. Malware installed on consumer devices created a significant botnet, which was used for the Dyn attack.
4. Phishing attacks
Phishing is a type of social engineering attack that employs deceptive emails or webpages to trick users into divulging sensitive information.
Example: Target Corporation attack
The sensitive data of approximately 130 million Target customers was compromised after attackers launched a successful phishing attack against a third-party HVAC vendor that had access to Target’s network for billing and contract submission purposes. Malware was installed on the vendor’s systems that obtained login credentials for Target’s network, which attackers used to gain access to point-of-sale systems. Target’s CEO and CIO resigned after the incident.
Spoofing conceals an attacker's identity by making activities appear as if they originate from a trusted source. Email spoofing can make a phishing email seem like it's from a reputable company or government agency.
Example: PayPal spoofing attack
Cybercriminals created a fake website that mimicked PayPal's official site, replicating the brand’s logo, fonts, colors, and layout. Unsuspecting users landed on the spoofed website through phishing emails or malicious ads and were prompted to log in. Criminals then used stolen credentials to make fraudulent purchases.
6. Man-in-the-middle attacks
These attacks intercept communications between two parties without detection, such as eavesdropping on an unsecured public Wi-Fi network to steal data.
Example: DigiNotar Certificate Authority breach
Certificate Authorities (CAs) are trusted entities that issue digital certificates, such as SSL/TLS certificates for web encryption. For web browsers and systems to trust a website's SSL/TLS certificate, it must be issued by a trusted CA. In the case of DigiNotar, attackers fraudulently issued certificates for numerous domains, including one for *.google.com, which allowed attackers to impersonate Google services. This rogue Google certificate was then used to conduct a MitM attack. When users tried to access Gmail accounts, their traffic was intercepted and decrypted by the attacker, giving them access to the victims’ emails and credentials.
7. Trojan horses
Trojan Horses appear as genuine software but conceal malicious functions. For example, a seemingly benign app downloaded from an untrustworthy source may contain a hidden payload that steals data.
Example: Zeus Trojan
Zeus was a Trojan horse that was used to steal banking information via keystroke logging and form grabbing. Once installed, Zeus operated silently in the background, capturing sensitive data and logging keystrokes whenever users filled out web forms.
8. SQL injection attacks
Cybercriminals use SQL injection to manipulate database queries, potentially accessing, modifying, or deleting data. By exploiting vulnerabilities in web forms, attackers can gain access to entire customer databases.
Example: Heartland Payment Systems breach
Attackers used SQL injection techniques to exploit a vulnerability in Heartland’s web application, allowing them access to the company’s internal network. They then installed malware that captured payment card data as it was processed, including credit card numbers, expiration dates, and cardholder names. The breach exposed approximately 130 million credit and debit cards.
9. Identity-based attacks
Hackers use stolen credentials to impersonate legitimate users, such as hacking social media accounts to spread misinformation or steal confidential information.
Example: Twitter Bitcoin scam
Hackers targeted several high-profile Twitter accounts, including Elon Musk, Bill Gates, Barack Obama, Joe Biden, Apple, Uber, and other well-known figures. Using these hijacked accounts, attackers published tweets asking followers to send Bitcoin payments to a specific address with the promise that any amount sent would be doubled and returned. Because the tweets appeared to come from reliable sources, many users believed them. The attackers reportedly received over $100k in Bitcoin within hours.
10. Code injection attacks
Attackers insert malicious code into a legitimate application or website. For example, cross-site scripting (XSS) attacks can be used to steal session cookies, leading to unauthorized access.
Example: Equifax data breach
Attackers exploited a vulnerability in a popular open-source framework for creating Java web applications. This vulnerability allowed attackers to execute a remote code execution attack. The injected code provided them with a foothold into Equifax's systems, allowing them to locate and access databases and exfiltrate massive amounts of sensitive data, including names, Social Security numbers, birth dates, addresses, credit card numbers, and driver’s license numbers.
11. Supply chain attacks
These attacks compromise a product or service within the supply chain to affect its final output. For instance, compromising a software update to distribute spyware or malicious scripts to all users of that software. Or creating false information to change the supply chain of a product or service for malicious reasons.
Example: SolarWinds Orion breach
SolarWinds is a major IT management software provider, and their Orion platform is used by numerous enterprises, including many Fortune 500 companies and government agencies. Attackers managed to compromise SolarWinds' by inserting malicious code into official software updates for the Orion platform. The compromised software update was then distributed to thousands of SolarWinds' customers. This malicious update contained a backdoor that allowed the attackers to move laterally within the affected organizations, access sensitive information, and potentially perform other malicious actions.
12. Insider threats
This category encompasses malicious activities carried out by someone within the targeted organization. An employee with malicious intent might sabotage critical systems or sell trade secrets. Insider threats are often disgruntled employees.
Example: Terry Childs case
Terry Childs was a computer network engineer employed by the Department of Telecommunication and Information Services in San Francisco. He was responsible for the city's FiberWAN network, which carried much of the municipality's data, including official records, emails, and law enforcement documents. Childs made headlines when he refused to divulge critical network passwords to his supervisors, effectively locking the city out of its own network. Two weeks after his arrest, Childs handed the passwords over to then-Mayor Gavin Newsom.
13. DNS tunneling
DNS tunneling involves encapsulating non-DNS traffic within DNS protocols to bypass network security measures.
Example: FrameworkPOS malware
FrameworkPOS is Point-of-Sale (PoS) malware designed to scrape credit card information from systems that process retail transactions. Once this data is collected, the malware must then transmit it out of the victim's network. In many cases, direct outbound connections from PoS systems are blocked or closely monitored.
So instead of transmitting this data directly, which could trigger security alerts, the malware employs DNS tunneling. Stolen data is split into small chunks and embedded within DNS queries. Network security tools, which often allow DNS traffic because it's essential for internet access, may overlook these queries. The malicious DNS queries reach an attacker-controlled server, which then reassembles the data.
14. IoT-based attacks
These attacks target Internet of Things devices and/or networks, often exploiting weak security.
Example: Mirai botnet attack
The Mirai malware targeted IoT devices such as IP cameras and routers, primarily exploiting default username and password combinations to gain access. Once infected, these devices became part of a botnet, was used to launch the DNS Dyn DDoS attack.
The 13 Most Common Types of Social Engineering Attacks + How to Defend Against Them
10 Ways to protect your organization against cyberattacks
While no business is immune to cyber attacks, you can significantly reduce the likelihood and impact of an attack with strong cybersecurity practices. Follow these ten steps to fortify your business:
1. Security awareness training
The human factor is often the weakest link in cybersecurity. Regularly train employees about security best practices so they can recognize phishing emails and other scam tactics, use strong password practices and safe browsing habits, and avoid suspicious downloads or links.
2. Regular backups
Data is the lifeblood of modern businesses. Protect against data loss due to ransomware or other disasters by conducting regular backups of critical data. Store backups both onsite and offsite, preferably in a cloud service with multiple availability zones, strong encryption, and regularly tested backups to ensure data integrity and restoration processes work.
3. Regular patching and software updates
Attackers often exploit vulnerabilities in outdated software. Regularly update operating systems and software applications, and use automated patch management tools where possible.
4. Network security
Safeguarding your network is crucial. Employ firewalls to monitor and control incoming and outgoing traffic. Intrusion detection and prevention systems (IDPS) can identify and halt suspicious activities. And by segmenting networks, you can ensure sensitive data is isolated.
5. Endpoint protection
Every device is a potential entry point for threats. Ensure endpoint security by installing updated antivirus and anti-malware solutions on all devices. Mobile device management (MDM) solutions can also protect mobile and BYOD devices.
6. Data encryption
Encrypt sensitive data, both in transit and at rest, and use strong encryption standards like AES. As well as secure communication protocols such as SSL/TLS.
7. Access controls
Not every employee needs access to all data. Tighten security by implementing the principle of least privilege (PoLP), regularly reviewing and updating user access rights, and using multi-factor authentication (MFA).
8. Vendor management
Third-party vendors can unintentionally introduce vulnerabilities. Strengthen vendor management by sending security questionnaires before partnering with vendors, clearly defining security expectations in contracts, and monitoring vendor access and activities on your network.
9. Incident response plan
Even with robust defenses, breaches can occur. Create a comprehensive incident response plan that outlines roles, responsibilities, and actions during a security breach. Regularly practice and test the plan to ensure it’s up-to-date and effective.
10. Continuous monitoring
Continuous monitoring can identify potential threats before they can lead to an attack. It can also detect cyber threats and vulnerabilities in real time, giving organizations the chance to respond quickly, contain a security incident, and prevent it from escalating.