The 10 Most Common Cyber Attacks and What You Can Do to Protect Yourself

As we covered in our last blog post, cyber crime is an insidious problem that is projected to get much worse over the coming years. IoT attacks (which target devices that are network connected but are not computers) alone are expected to double by 2025.1 Currently, there is one cyber attack every 39 seconds and 30,000 websites are hacked every single day.2

Why Is Cybercrime So Out of Control?

For starters, it’s a low-risk, high-reward path of crime.

The average rate of prosecution for a cybercrime in the US is as low as .05%,3 and the average ransomware payment is almost $1 million.4

It doesn’t even take a great deal of expertise for an aspiring cybercriminal to begin their career. There is a budding industry called “Cybercrime as a Service” (CaaS) where skilled hackers sell tools that make hacking easy or even rent out their own services.5

The rise of remote and hybrid work has also exacerbated the problem. As companies enable employees to access systems and software remotely, there are more entry points for cybercriminals to exploit. It’s reported that cybercrime has risen by as much as 600% since the pandemic.6

What Are the 10 Most Common Types of Cyber Attacks?

1. Malware

Malicious software is the most common cyberattack as it encompasses any programming, code, or software designed to negatively affect a network, server, or device. Viruses, spyware, trojans, worms, exploits, and bots are all types of malware.7

Antivirus software and firewalls are essential for protecting against malware. Regularly updating your operating system and browsers, and avoiding suspicious links and downloads are important as well.8

2. Phishing

Phishing is when a hacker imitates a legitimate email that contains a malicious link or attachment to infect the user’s device with malware. Phishing attacks are incredibly common and are involved in more than 90% of successful cyberattacks.9

Be very careful about which emails you open, lookout for any indicators of inauthenticity like grammatical errors and formatting issues, and install an anti-phishing toolbar on your browser.10

3. Spoofing

Spoofing is when a cybercriminal immitaes a trusted source, oftentimes a website, in order to infect the user’s device or induce them to provide personal information. This includes domain, email, and address resolution protocol (ARP) spoofing.

Although IT admins can utilize packet filtering, security tools, and other technologies to help prevent spoofing attacks, caution and skepticism on the part of the user are also essential defenses.

4. Password Attacks

Hackers can use a variety of methods, including password cracking tools, and different types of attacks, like brute force and keylogger, to compromise a password.

Only use strong passwords—ones that are impossible to guess, are made up of at least 12 characters, and use a mix of uppercase and lowercase letters, numbers, and symbols. Never reuse passwords and implement multi-factor authentication (MFA) whenever possible in case a password is compromised.

5. Man-in-the-Middle

This is a form of eavesdropping where a hacker positions themselves in between a user and host, or in conjunction with a spoofing site, to intercept data and communications.11

Avoid using any website that does not have SSL encryption and utilize a VPN whenever using public WIFI networks.

6. Code Injection

Malicious code is inserted into a computer or a network. The most common type is an SQL injection, where a hacker leverages malicious SQL statements to gain control of a database.12

Intrusion detection systems and user data validation requirements can help protect against code injection attacks.

7. IoT-Based Attacks

These attacks use devices that are not standard computing devices but are still connected to a network, such as smart appliances.

Keeping software and firmware up-to-date and practicing good password habits are essential protections for IoT attacks.13

8. Supply Chain Attacks

Hackers target a software developer or vendor and inject malicious code into applications or hardware, potentially compromising all end users.

Limiting the number of authorized apps and implementing code integrity policies and endpoint detection and response solutions can help protect against supply chain attacks.

9. Denial of Service (DoS) / Distributed Denial of Service (DDoS)

These attacks are meant to bring down a website, system, or network by overwhelming it with traffic. In a denial of service attack, a small number of systems are used to attack the target. In a distributed denial of service attack, hundreds or even thousands of systems are used to attack.14

Network vulnerability audits and multi-level network protection are critical protections for these attacks.15

10. Zero Day Exploits

This is when hackers find a vulnerability in software or a network before developers are aware of it, thus giving the developers “zero days” to fix it and prevent incursions.

Ensuring that operating systems and software are up to date, the use of applications is limited and monitored, and utilizing antivirus software and firewalls are core protections against zero day exploits.16

Is Anyone Trying to Control Cybercrime?

The Department of Homeland Security has an agency called CISA (Cybersecurity & Infrastructure Security Agency) that is devoted to the task. In many ways, CISA is like the CIA of cybersecurity. But unlike the CIA, CISA is accessible to anyone and has a wealth of free information and services for the public, including analysis and detection, anti-phishing training, and business impact analysis (BIA) system security.

CISA’s Shields Up initiative offers cybersecurity tips for everyone from business leaders to everyday families, all designed to help reduce the likelihood of a successful cyber intrusion.


In March of 2022, the government signed the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) into law. CIRCIA will require businesses involved in the nation’s critical infrastructure to follow specific guidelines and report cybersecurity breaches and ransom payments to CISA. 

It’s worthwhile checking if your business falls into a critical infrastructure designation as the categorization is quite expansive, with food and agriculture, commercial facilities, financial, and information technology encompassing a wide range of industries and verticals.

Why You Should Consider Security as a Service

Our description of the 10 most common types of cyberattacks is just scratching the surface of the cyber threats that businesses face. These threats are constantly evolving, and hackers across the world are trying to develop new methodologies and tools every single day.   

Unfortunately, most businesses have limited internal resources to devote to cyber security, and due to the scope and complexity of the challenges, it’s just not enough. In order to have truly comprehensive protection, you need an interdisciplinary team at your disposal.

1 https://techjury.net/blog/how-many-cyber-attacks-per-day/#gref
2 https://techjury.net/blog/how-many-cyber-attacks-per-day/#gref
3 https://www.embroker.com/blog/cyber-attack-statistics/
4 https://www.netapp.com/blog/ransomware-cost/#:~:text=It’s%20no%20secret%20that%20ransomware,payment%20is%20nearly%20%241%20million

5 https://www.stickmancyber.com/cybersecurity-blog/what-you-need-to-know-about-crime-as-a-service-csaas#:~:text=What%20is%20CaaS%3F,out%20attacks%20with%20relative%20ease
6 https://www.embroker.com/blog/cyber-attack-statistics/
7 https://www.crowdstrike.com/cybersecurity-101/cyberattacks/most-common-types-of-cyberattacks/
8 https://www.simplilearn.com/tutorials/cyber-security-tutorial/types-of-cyber-attacks
9 https://spanning.com/blog/cyberattacks-2021-phishing-ransomware-data-breach-statistics/#:~:text=How%20common%20was%20phishing%20in,breaches%20occur%20due%20to%20phishing
10 https://www.simplilearn.com/tutorials/cyber-security-tutorial/types-of-cyber-attacks
11 https://www.csoonline.com/article/3340117/man-in-the-middle-attack-definition-and-examples.html
12 https://www.crowdstrike.com/cybersecurity-101/cyberattacks/most-common-types-of-cyberattacks/
13 https://www.techtarget.com/iotagenda/post/How-to-secure-IoT-devices-and-protect-them-from-cyber-attacks#:~:text=Keep%20your%20software%2C%20firmware%20updated,to%20automatically%20check%20for%20updates
14 https://www.ncsc.gov.uk/collection/denial-service-dos-guidance-collection#:~:text=%22Denial%20of%20service%22%20or%20%22,frequently%20reported%20by%20the%20media
15 https://www.byos.io/blog/denial-of-service-attack-prevention#:~:text=For%20this%2C%20it%20is%20essential,before%20they%20overwhelm%20your%20network
16 https://usa.kaspersky.com/resource-center/definitions/zero-day-exploit

Check Out Our Solution to Cybersecurity

With more than 40 years of experience, our IT and network expertise offers the depth of knowledge and skills to keep you safe from both today’s and tomorrow’s cybercriminals.