Get technical


12 October 2020
10 min read

Types of cyber attack you should know about

Many people are well aware of the existence of cybercrimes but not all of them are able to distinguish between the different types of the attacks. It is beneficial to know the whole range of spectrum of cybercrime as you can prepare for the forms of attack that might take place on your business.

It takes one click to put your data at risk

Based on statistics in 2020 informed by ABC news, up to 59% of cyber-scams come in the form of sphere phishing. Most often scammers use emails to impersonate government and health authorities, giving financial support initiatives, vaccine offers, COVID-19 tracking apps, stock tips and COVID-19 charity donations in the attempt to entice victims into providing their personal data and downloading malicious content.

Interpol has also reported an increase in the amount of unverified information, inadequately understood threats, and conspiracy theories that have facilitated the execution of some cyberattacks. With these looming threats, business owners are strongly advised to educate themselves about the common forms of cyberattacks and always be ready.


More on Cyber Security Threats

The paragraphs below present the information, taken from phoenixNAP, on the various types of cyber security threats.


Malware is a code that is made to affect a compromised computer system without the consent of the user.
Malware differs from other software because it can spread across a network, cause changes and damage, remain undetectable, and be persistent in the infected system.

Spyware is an unwanted software that infiltrates computing devices, stealing your internet usage data and sensitive information.

Ransomware locks your hard drive or encrypt your files and demand money to access your data. However, there is no guarantee that by paying a ransom you will regain access to your data.

Drive-by attack is a malicious script is planted into PHP or HTTP in a website page. These attacks are known as drive-by because they don’t require any action on the victim’s part except visiting the compromised website. The system is automatically infected when the user enters the site if security updates have not been applied.

Trojan horse is a malicious software program that misrepresents itself to appear useful. They spread by looking like routine software and persuading a victim to install.


Phishing is defined as attempts by outside parties to gain access to private information about users. Hackers seek passwords, credit card numbers, bank account info – or any information capable of being used to access data.

Sphere phishing is an email aimed at a particular individual or organization, aiming to gain unauthorized access to crucial information. These hacks are most likely done for secrets trade, financial gain, or military intelligence. Cybercriminals also carry out these attacks to resell confidential data to private companies and governments.

Whale phishing attack is aimed at high-profile employees such as the CFO or CEO since they are likely to have unlimited access to sensitive information. The term whaling signifies the size of the attack.

Web attacks

SQL injection is a kind of attack that employs malicious code to manipulate backend databases to access information that was not intended for display. A successful SQL injection can cause deletion of entire tables, unauthorized viewing of user lists, and in some cases, the attacker can gain administrative access to a database.

Cross-site scripting (XSS) is a kind of injection breach where the attacker sends malicious scripts into content of reputable websites. The malicious code is bundled together with dynamic content that is then sent to the victim’s browser. Malicious code is usually sent as pieces of JavaScript code that is executed by the target’s browser.

Other Attacks

Denial-of-service (DDoS) aims at shutting down a network or service, causing it to be inaccessible to its intended users by overwhelming the target with traffic or flooding information that triggers a crash. Although these attacks don’t result in the loss of vital information, they can cost the victim lots of money and time to mitigate. DDoS is, therefore, often used in combination to distract from other network attacks.

Password attack is simply an attempt to decrypt or obtain a user’s password with illegal intentions. Password attacks are often carried out by recovering passwords stored or exported through a computer system.


What’s Your Next Step?

In order to mount a good defense mechanism, you need to understand the offense. It is evident that cybercriminals have many ways of performing their attacks on your business. You need to be proactive in defending and securing your network.

At KOS design, we provide a comprehensive digital identity protection service and carry out risk assessment and health check for your website. Not sure where to start? Begin by contacting us and we will give you our full support!

Related Posts