From Phishing to Ransomware: The Most Common Types of Cyber Attacks

Cyber-attacks come in many shapes, forms, and sizes. Some are more dangerous than others, but we can all agree that the idea of experiencing either one of them is frightening. Luckily, some cyber-attacks can be prevented by being aware of different variants and techniques cybercriminals use. With that in mind, let’s see what the most common types of cyber-attacks are.

Reading Time: 11 minutes

cyber attacks

Illustration: Milica Mijajlovic

This article will focus on different types of cyber-attacks. However, check out this cyber-attack guide first if you want to learn more about them, including how they work and what you need to do to elevate your online safety.  

At the moment, the most frequent cyber-attack types are: 

  1. Malware  
  2. Ransomware 
  3. Spyware 
  4. Phishing 
  5. Backdoor Trojan 
  6. Denial-of-service (DoS) 
  7. DNS tunneling 
  8. Cross-site scripting (XSS) attack 
  9. Cryptojacking 


Malware is an abbreviation of malicious software– files or codes designed to interfere with a computer’s standard functioning. It serves as a catch-all phrase for trojans, viruses, and other detrimental programs hackers use to access their victims’ data. 

Malware attacks are predominately delivered over a network, and they can explore and exploit victims’ data, lock up essential files, spam a user with ads, or crack user passwords. Not only that, but as malware exists in many forms, hackers rely on different ways to infect a computer, including: 

  • Email attachments: When an unsuspecting email recipient opens an attachment containing malware, the virus infects their device without the victim noticing. Even worse, if a cyber victim forwards that email to someone else (which often happens in companies), the entire organization can fall victim to a cyber attack in the blink of an eye.  
  • File-sharing network: When using a file-sharing network, your PC is at risk, as it acts as a server for everyone else’s devices and vice versa. This implies that you have no control over the information being communicated across the file-sharing network you’re using. Every machine on the network is accessible, allowing hackers to spread malware inside a file that appears to be legitimate. 
  • User vulnerabilities: Weak network passwords, old software versions, and poor cyber hygiene are vulnerabilities hackers can remotely exploit. For example, they can benefit from someone’s weak Wi-Fi password and steal their data without setting up a ‘bait’ and waiting for the victim to take it.  

But what do hackers gain by infecting your device with malicious software? 

Believe it or not, cybercriminals rely on cyber attacks to gain the following: 

  • Unauthorized access to victims’ computers 
  • Access to victims’ local networks  
  • The ability to flood a device with spam 
  • Sensitive and valuable data that sell well on the black market 
  • Power and satisfaction from harming others 


Ransomware is a type of malware, but what makes it so special to deserve a separate heading? 

As the name says, ransomware is a malware type that locks your computer and then demands a ransom for returning access. A device infected with ransomware will deny your access until you pay the requested sum of money, and unfortunately, thousands of people fall into this trap. 

This attack is scary because the hacker has complete control over the victim’s device and, for that matter, their mind. That said, a cyber intruder can demand money. When a victim delivers what was expected, the criminal behind the operation can always ask for more, leaving the victim empty-handed and helpless. Knowing that someone is keeping you in their pocket is psychological torture, and hackers know it, which is why this malware type is one of the most popular ways to attack.  


Just as malware has subtypes, so does ransomware. Although ransomware has many variants, here’s how to distinguish the most popular ones: 

  1. Locker ransomware: Lockers are ransom variants that will completely deny your access to a device, affecting everything from basic functions to apps and files. When a computer becomes infected with a locker, the lock screen will likely display a ransom demand, urging the victim to deliver the money. 
  2. Crypto ransomware: Encryptors are nasty beasts, as these cyber attacks that belong to the ransomware family do the most damage. Crypto ransomware encrypts individual files, making them inaccessible without a decryption key.   
  3. Scareware: Ransomware that disguises itself as fake software claiming to have detected issues on your computer is called scareware. Scareware will usually offer a solution to your problem (for example, a button you need to click on to get rid of the virus). Still, once selected, it will spread the virus, lock the computer, or bombard a victim with spam.  
  4. Doxware: This ransomware threatens to expose private and sensitive information online. It primarily targets companies and influential or famous people who are likelier to pay for something to stay under the rug. Doxware has many variations, but if you ever encounter one, it’s recommended not to pay the ransom. Instead, back up your data, folks! Wiping the system clean and restoring it with backup data could eliminate the ransomware.  


Here we have another malicious software that infects a device to obtain information about the victim’s computer activities. Just like any other malware, it was created to gain unauthorized access to data and profit from it.  

Now, spyware can obtain all sorts of data. It can track and obtain data stored on your hard drive, acquire password credentials, and track location. Furthermore, it can allow cyber criminals to remotely control users’ device functions, which they can use to turn on the camera/microphone, and record images, audio, and even video.  

With that in mind, the most popular spyware variants are: 

  1. Keyloggers: By capturing keyboard input, keyloggers can acquire passwords, email addresses, financial information, social media logins, and much more. All in all, keyloggers will track and steal every piece of information tied to a browsing session, including a victim’s search history, banking credentials, PINs, and other data that comes up as a result of a user’s browsing habits. 
  2. Sound recording and video spyware: When infected with sound or video recording spyware, devices become a direct gateway to hackers. They can eavesdrop, record conversations, remotely set up the device to take pictures, and invade the victim’s privacy.  
  3. Password stealers: Similarly to keyloggers, password stealers are designed to detect and steal user passwords. The only difference is that the former captures all keyboard input, while the latter only goes after passwords.  
  4. Cookie trackers: Compared to other spyware types, cookie trackers are relatively harmless. Once infiltrated into your system, this spyware will gather information about your browsing behavior and send it to marketers. 

Another important detail is that spyware is often disguised as software a regular computer or mobile user might want to install on their device. So, if a user has fallen victim to a spyware attack, they most likely installed the virus themselves.  

Suppose you’re now wondering how to avoid catching spyware when scouting the web. In that case, it’s advisable to pay attention to suspicious pop-ups and email attachments from unknown senders and avoid downloading files from unreliable web sources. These are the most common ways to catch spyware, so if you pay extra attention while browsing, you can minimize the risks of spyware infestation.  


Have you ever opened an email that says you only have a few minutes to update your information unless you want your accounts suspended and credit cards canceled? 

If so, that was phishing, a type of social engineering where a cybercriminal sends a suspiciously urgent call to action or another fraudulent message that tricks the victim into disclosing sensitive data to the perpetrator.  

Just like previous cybercrime examples, these cyber attacks are designed to steal your data, usually passwords and credit card information. But they’re easy to defend from, especially if you remember some rules.  


It’s phishing if: 

  • The offer is suspiciously alluring: Cyber attackers try to bait users with lucrative offers followed by a sense of urgency.  
  • Something seems odd: Regardless of whether a message appears to be coming from someone you know or someone you don’t, if anything seems odd, out of the norm, or just plain suspicious, it could be phishing.  
  • Hyperlinks are misspelled: Bank impersonation is common in phishing. It’s when a fraudster tries impersonating someone from the victim’s bank to extort financial information. If the message seems suspicious, it’s advisable to look for misspelled hyperlinks or email addresses, as they’re the first and best indication of phishing. 
  • Attachments don’t make sense: Opening an attachment that you weren’t expecting or that doesn’t match the rest of the email could pave the way for ransomware to infect your device. Instead, delete the message, and if it was, indeed, coming from a reliable source, they will likely send a follow-up email or resend the attachment upon your request. 

Backdoor Trojan 

When a cybercriminal finds a target using scanners that look for systems, networks, and websites with obsolete or unpatched components and vulnerabilities that allow for file injection, they will likely install a backdoor Trojan on the said system. A backdoor Trojan is a malicious program that compromises an entire computer, giving perpetrators access for a remote attack.  

Once executed, a backdoor Trojan can hijack a server, perform website defacement with a PHP backdoor injection, initiate DDoS or APT assaults, update the malware, and/or steal the victim’s data.  

Now, most malware act like a biological virus, replicating and integrating itself into all other computer programs. Backdoor Trojan works a bit differently. 

It’s not a virus. It’s usually a malicious program that a regular user might not even notice. However, just like malware, it must bypass security measures before settling down and laying waste from the shadows.  


To get around security measures, backdoor Trojan injection is performed in two steps. Installing a dropper—a small file whose sole purpose is to obtain a larger file from a distant location—is the first step in the process. The backdoor script is downloaded and installed on the server, starting the second phase. Once injected, it’s there to stay, even if a victim notices and fixes the vulnerability that allowed this attack in the first place.  

Backdoor Trojans are stubborn, and their removal requires blood, sweat, and tears. That is because a backdoor Trojan blends well with the computer environment, making it challenging for a software scanner to find and distinguish it from other files in the file system. Not only are backdoor shells concealed via alias names, but also through code obfuscation (the process of making code difficult to understand and impossible to decompile or reassemble.), thus causing the malicious program to appear harmless. 

Denial of Service (DoS) 

Denial of service is a cyber attack against computer and network services. Once executed, a denial of service attack can rob authorized computer users of device resources by reducing or denying their accessibility.  

How does that happen, you might ask.  

Simply put, DoS attacks flood networks with traffic. During the attack, the service is put out of action as the overload of TCP (transmission control protocol) and UDP (user datagram protocol) packets, for example, overwhelms the server, making it unavailable to other devices and network users. 

In other words, when a server’s resources are depleted, a problem known as server overload occurs, which prevents the server from responding to incoming requests. For example, if many users attempt to access a website at once, this spike in traffic could lead to server overload. Similarly, when a DoS attack occurs, the server is overwhelmed by data packages, eventually leading to a crash.  


The purpose of this attack is, as the name says, denial of service. Individual machines and network collapse under these cyber attacks, which might give you an idea of how much damage the raid can do.  

DoS and DDoS attacks (which I’ll introduce you to in a minute) are some of the most intimidating cyber threats. The damage they cause is astronomical, and if executed correctly, the removal and neutralization will cost the cyber victim (usually an organization, business, or government body) more than a fortune.  

DoS vs DDoS 

DDoS or distributed denial of service attacks are somewhat similar to DoS attacks. It’s also worth noting that every DDoS attack is classified as a DoS, but not every DoS attack is considered a DDoS.  

So, in what ways are they similar? 

For example, the goals of DoS and DDoS assaults are identical regarding the exploitation techniques hackers tend to employ. However, DoS attacks happen when one system attacks the other with the intent to incapacitate the target and cut access to authorized network users.  

Although they have the same purpose, DDoS attacks come from multiple systems. The DDoS attack is backed by potent, dispersed, and authentic resources, leaving a more substantial impact than a regular DoS attack.  

In other words, DDoS attacks use the connectivity of numerous infected devices to target a particular website or Internet service with an overwhelming amount of data packets in an effort to take said service offline. More importantly, as hackers rely on multiple compromised systems worldwide, it’s nearly impossible to stop the attack, let alone deduce where it’s coming from.  

DoS and DDoS Attack Types 

Generally, we can separate DoS attacks into three categories: 

  • Volume-based attacks: As we learned earlier, volume-based attacks aim to flood a server with traffic, resulting in bandwidth saturation. The immensity of volume-based attacks is measured in bits per second. Attacks such as TCP, UDP, and ICMP floods fall into this category.  
  • Application-layer attacks: These attacks target apps and their vulnerabilities to prevent the programs from communicating with the user or fulfilling their purpose.  
  • Protocol attacks: SYN floods, Ping of Death, and Smurf DDoS are some of the most popular protocol attacks. This type of attack eradicates all server resources as well as resources from load balancers and firewalls. 

Now that we’ve covered the basics of DoS/DDoS, let’s dive deeper into the topic and explore DDoS attack types. 

  1. TCP/UDP/ICMP floods: Flooding attacks are all similar in nature, as their purpose is to exhaust the victim with overwhelming resources, making it unable to respond to new, real connections and requests.  
  2. Ping of Death: A ping of death happens when a cyber criminal attacks a system with oversized data packers using a ping command (used for sending data packets to specific IP addresses on a network). The attack crashes or freezes the target machine by delivering a package that exceeds the maximum permitted size that the target allows. Still, the ping of death isn’t as frequent as it used to be, as ICMP flooding is a more efficient attack.  
  3. Smurf DDoS: Ping floods and smurf attacks work similarly, as they both rely on a surge of ICMP Echo request packets to do the desired damage. However, most network administrators can immunize the network from a smurf cyber attack. So, Smurf attacks rarely work in today’s world.  
  4. Slowloris: If a cyber attacker uses partial HTTP requests to establish a connection with a targeted web server, that could be the first step to a slowloris denial of service attack. This attack aims to hold the established connections open for as long as possible, weakening and slowing down the target server.  
  5. Zero-day DDoS Attacks: Cyber criminals are constantly testing new ways to attack. So, when they finally find a new approach and employ techniques and threats that don’t match any known malicious software signatures, that is when the zero-day DDoS attack begins. This DDoS attack is the scariest of them all, as victims have no way to detect the attack or prepare for what’s coming. And if you can’t prevent or detect a threat, imagine the damage it could do. 

DNS Tunneling 

Now that we’ve exited the complicated world of DoS attacks, let’s take a breather by talking about DNS tunneling. 

For those unfamiliar with DNS protocol, I’ll explain how that part of the Internet ecosystem works before we dive deeper into the topic.  

Okay, so a DNS stands for Domain Name System, and it’s essentially the Yellow Pages of the Internet. Now, every website on the Internet has its own IP address, which is like a long string of data computers use for identification and location addressing. In other words, when you type in an IP address in your browser and press enter, it can take you to the desired destination. 


But who has the time and capacity to memorize all those long data strings? 

Instead, we use web addresses and domain names to communicate with the browser. Still, since browsers use IP addresses, we need a protocol that translates readable domains into IPs and vice versa. In other words, the DNS protocol allows us to browse the web more efficiently, which makes it one of the most important Internet protocols.  

DNS tunneling is a form of cyber attack that exploits the DNS protocol. It works by moving malware and other data through a client-server model. During the attack, the cybercriminals redirect DNS requests to their infected server, establishing a connection with the victim via a DNS resolver. This allows them to build a tunnel to their targets and, therefore, remotely control the servers, steal data, or prepare for other, more potent attacks.  

Cross Site Scripting (XSS) Attacks 

Cross-site scripting, or XSS, is one of, if not the most common cyber attacks. It’s an injection attack (when an unauthorized code is added to a program and interpreted as a standard command) that allows the attacker to merge malicious code with dynamic content (a changing web page or email element such as the HTML content) delivered to the victim.  

However, what’s interesting is that XSS isn’t a direct attack on the victim. Instead, an XSS attack allows a cybercriminal to execute a malicious script in a victim’s browser by compromising a vulnerable website the victim in question visits.  


Here’s how we can categorize them: 

  1. Stored XSS: This attack happens when a hacker injects malicious content (payload) into the target application. The most common way to do that is by inserting a payload into a comment field under a blog post. So, when a victim opens the affected web page, it will execute the malicious code implemented by attackers.  
  2. Reflected XSS: Reflected XSS attack consists of injecting a malicious code into an HTTP response. So, when a client makes an HTTP request to a host located on a server, the payload is reflected back to the client via HTTP response.  
  3. DOM-based XSS: Finally, DOM-based XSS attacks modify the Document Object Model (DOM) environment, a programming interface for XML and HTML documentation. As a result of DOM modification, the client-side code doesn’t run as it should. 

The reason why XSS attacks happen often is that these attacks have a high success rate. That is because browsers are incapable of distinguishing legitimate from malicious instructions. However, unlike some DDoS attacks, cross-site scripting attacks are relatively easy to catch and neutralize. 


The crypto world is full of scammers searching for newbie investors to sell them fraudulent crypto coins. But not all scammers aim for this type of exchange. Instead, some scammers tend to employ cryptojacking, a cyber crime that allows attackers to secretly utilize victims’ computing power for crypto mining.  

Crypto mining is expensive, and not all Web3 enthusiasts want to cover these costs. Instead, they would hack into a compatible device and install cryptojacking software, which mines or steals coins from the shadows.  

Unlike other cyber attacks that have the power to destroy or deplete complex systems of resources, cryptojacking doesn’t meddle with files or primary computer functions. Instead, it does what it’s designed to do, which is mining crypto, eventually only slowing down a device.

Jelena is a content writer dedicated to learning about all things crypto. Her hobbies are playing chess, drawing, baking, and going on long walks. During winter, she usually spends her leisure time reading books.