28 Most Common Types of Cyber Attacks

Tuesday, December 6, 2022
28 most common types of cyberattacks

Cyber attacks are malicious attempts by criminals & hackers to steal information or sabotage computers, websites and networks without being physically present at the location. There are so many types of cyberattacks that it can be tricky to know them all, so we made a list of the most common types based on their purpose. Let’s learn about these attacks so 2023 will be secure from digital threats.

Common Types of Cyber Attacks:

Our Ottawa cybersecurity teams deal with many cyber-attacks, risks and threats. Here are some of the most common cybersecurity threats in the wild. Protect yourself by being aware of the latest cyber trends, improving your cybersecurity posture, respond and mitigating risks as they get identified.


Cybercriminals use confidence tricks and other approaches to get employees to lower their guard and give sensitive information such as logins and passwords


A sort of encrypted cyberattack software that locks up and encrypts files, then demands a ransom (typically in Bitcoin) in exchange for the encryption to be removed and the system owner’s access restored.


Denial of Service (DoS) and other cyber attacks to take down business data, assets, websites or publicly accessible apps and services.


Phishing is when malicious actors leverage email and other forms of communication to persuade people to install malware or reveal sensitive information and data about business systems.


Viruses, worms, and trojans infiltrate computer systems and spread across networks. To steal access information and other data, they are frequently paired with keyloggers or other malicious software. They are designed to harm or exploit vulnerabilities within your network and devices.


Criminals exploit vulnerabilities in unpatched software and systems through targeted cyberattacks. In cybersecurity, a vulnerability is a weakness that can be abused to gain access to your devices or networks.

Password attack

Hackers are always looking for ways to break into your accounts and steal your personal information. They do this by trying out different passwords, or guessing the answers to security questions. Hackers can use software to try to guess your passwords, and if they get it right, they can access your accounts and do whatever it is you don’t want them to do.

Password attacks are when hackers finds out your passwords because they’ve stolen your answers or guessed what they are. If someone has stolen your password and you don’t change it right away, they might be able to use it to log in as you and access all of your private information.

Man In The Middle (MITM) Cyber Attacks

A Man In The Middle Attack (MITM) occurs when an attacker intercepts and possibly alters the communication between two parties who believe they are directly communicating. The attacker can do this by using various techniques, such as ARP spoofing or DNS spoofing, to convince both parties that they are talking to a legitimate network device.

SQL Injection Cyber Attacks

SQL injection is an attack where an attacker gets unauthorized access to data in a database by using malicious SQL statements.

Hackers often use SQL injection attacks to steal information from databases. They use the SQL language, which is part of most relational database management systems (RDBMS), to manipulate the database and access information they shouldn’t have access to.

DoS (Denial of Service) Attacks

Denial of Service (DoS) attacks are designed to make a service unavailable. They can be executed by a single attacker or a group of attackers. These attacks are usually executed by flooding the target with requests, causing the server to overload and not respond properly.

Distributed Denial of Service Cyber Attacks:

Distributed denial of service (DDoS) is an attack that involves flooding a network or system with more traffic than it can handle. This causes the system to become overloaded and temporarily unavailable.

DNSnetworks provide cybersecurity services in Ottawa serving clients from coast to coast. Take a look at some of the most common types of cyber attacks to watch out for.

Insider Threat

An insider threat is a threat that originates from within an organization. This can include employees, contractors, or partners. The threat of an insider is much greater than someone outside your organization, as they have access to sensitive information and can be more effective at carrying out their attack.


Cryptojacking is a cyberattack that involves hijacking a victim’s computer to mine cryptocurrency. This can happen when a victim visits a website running malicious code or when an attacker installs malware on the victim’s system. Cryptojacking attacks typically use JavaScript to mine for Monero, but other cryptocurrencies have also been targeted.

Zero-Day Exploit

Zero-day exploits are a type of software vulnerability unknown to the developer or vendor. A zero-day exploit is a code created to take advantage of a previously unknown flaw in an application, system, or network.

This means that when the vulnerability is discovered by someone else, there are yet to be patches or fixes available. That makes it highly vulnerable to attack because there’s nothing stopping hackers from using it to their advantage.

Due to this risk, organizations should ensure they have robust security practices to react quickly if an exploit is discovered.

Watering hole Attack

Whale-phishing cyber attacks

A whale phishing attack is a type of phishing attack that targets high-value targets, like celebrities, politicians, or business executives. Whale phishing attacks are highly sophisticated and well-planned, with the attackers taking great care to ensure everything about the attack is convincing.

Spear-Phishing Cyber Attacks

Spear phishing attacks are the more sophisticated form of phishing. These attacks use social engineering and network-based attack vectors to access a target’s computer or network.

Spear phishing attacks are much more dangerous than regular phishing because they can be personalized to the recipient. Spear phishing is also harder to detect than regular phishing because the attackers may use legitimate-looking email addresses and websites.

DNS Spoofing

DNS Spoofing is an attack that allows an attacker to change the DNS settings on a device without authorization from the user. This attack is done by changing the IP address of the DNS server in your computer or device’s settings. When you try to connect to a website, your computer will contact the DNS server and ask for the IP address associated with that website. If it receives an incorrect IP address, it will not be able to connect to that website, and you will be unable to visit it.

Session Attack

Session attacks are a type of attack that attempts to gain access to a user’s session. This attack can be difficult to defend against because it involves gaining access to a user’s credentials, which can be obtained by intercepting traffic, stealing cookies, and more.

A session attack usually involves an attacker accessing a user’s session cookie and using it to gain access to the user’s account. The attacker may also attempt to change the value of certain cookies to modify the content of pages viewed by the victim. This type of attack is called cross-site scripting

Brute Force Cyber Attacks

A brute force attack is a type of cyberattack where an intruder attempts to guess the password for a computer or network by systematically trying all possible combinations.

The term “brute force” comes from the fact that the attacker is performing a brute-force search—exhaustively testing all possible keys until one works.

Trojan Horses

A Trojan horse cyberattack is a type of cyberattack that uses a piece of malicious code to hide in plain sight, typically within an application or document. The malicious code then allows the attacker to access your system and steal data or perform other damaging actions.

Drive-By Cyber Attacks

A drive-by cyberattack is a malware that downloads itself onto your computer without your knowledge or permission. It’s called a drive-by attack because it doesn’t need the user to click or download anything. The malware loads itself when you visit a compromised website or open an infected email attachment.

XSS Cyber Attacks

XSS is an attack in which an attacker injects malicious code into a website. This can be done by inserting the code into the website’s HTML or JavaScript files or through cross-site scripting (XSS) attacks that target users.

The malicious code can be used to steal cookies, redirect users to another site, or even hijack accounts.

A successful XSS attack allows attackers to access your system and use it for nefarious purposes.

Eavesdropping Cyber Attack

Eavesdropping attacks are a form of cyber attack where hackers eavesdrop on sensitive information being transmitted across a network. The hacker then captures this information, including passwords, credit card info, social security numbers, and other sensitive data.

Birthday Attacks

Birthday attacks are cyberattacks where attackers try to gain access to your accounts by guessing the answers to your security questions. Since most of us have birthdays in our security questions, it’s easy for cybercriminals to guess your birthday and get into your accounts.

DNS Tunneling

DNS tunnelling uses the Domain Name System (DNS) to hide the actual IP addresses of a target. This means that instead of sending data directly to its destination, it’s sent through a server or computer that acts as an intermediary between the two endpoints.

IoT Based Cyber Attacks

IoT-based cyberattacks are a growing threat. The Internet of Things (IoT) is a network of physical devices, vehicles, home appliances and other items that are embedded with electronics, software, sensors, actuators and connectivity which enables these objects to connect and exchange data.

The increasing number of connected devices means more opportunities for hackers to take advantage of vulnerable systems.

AI-Powered Cyber Attacks

It’s not a question of if, but when.

AI-powered cyberattacks are coming, and they’re going to be hard to detect. They’re already here: The first AI-powered attack was documented in 2017. Since then, the number of AI-powered attacks has only increased.

Do you need cybersecurity services?

DNSnetworks provides leading cybersecurity services in Ottawa . We use a combination of our years of experience and technology to help protect your business from attacks, while also providing you with a seamless user experience.