Cybersecurity 101: 10 Types of Cyber Attacks to Know

The first step of handling any problem is to know what you’re dealing with. So, here are the definitions for 10 different types of cyber attacks that we think you should know about:

1. Account Takeover

An attack where a malicious third party gains access to a legitimate online account. This allows the malicious actor to steal data, impersonate the user, etc.

2. Advanced Persistent Threat (APT)

When an attacker gains access to an account or network through phishing or malware and remains undetected after the initial breach. The attacker continues to carry out the attack through reconnaissance and internal spread long after the initial breach.

3. Clickjacking

Also known as UI redressing. A hacking attack that tricks users into clicking on an unintended link or button, usually disguised as a legitimate one. Thus the “clicks” are being “hijacked” to other elements, rather than the ones intended by the user.

4. Credential stuffing

An attack method in which attackers use lists of compromised (stolen or leaked) user credentials (combinations of usernames and passwords) to break into a system. The attackers systematically and automatically "stuff" these stolen credentials into login forms to identify instances where users have reused the same login information.

5. Distributed Denial-of-Service (DDoS)

An attack in which hundreds or thousands of internet-capable devices are hijacked to strike against a single system, network, or application. If an organization becomes compromised by a DDoS attack, its servers become overwhelmed by the barrage of “hits” from the botnet and its services become unavailable.

6. Information disclosure

The breach of privacy or leak of information to unauthorized persons or to the public domain. In the cloud, information disclosure often takes the form of a data leak from misconfigured public cloud data stores.

7. Man-in-the-Middle (MITM) Attack

An attack where the adversary positions themself in between the user and the system so that they can intercept and alter data traveling between them.

8. Phishing

An attack in which a message is sent from a malicious party disguised as a trusted source, with the intention of fooling the recipient into giving up credentials, money, or confidential data.

9. Ransomware

Malicious software that gains access to an organization’s systems and data and then encrypts these systems and data, rendering them inaccessible without the encryption key. The attacker supplies the decrypt key only if the victim pays a fee (ransom).

10. Tampering

An intentional but unauthorized act resulting in the modification of a system, components of systems, its intended behavior, or data.

CSA’s Top Threats Working Group provides organizations with an up-to-date, expert-informed understanding of cloud security risks, threats, and vulnerabilities.

Make sure to check out their Top Threats to Cloud Computing Pandemic Eleven publication and its accompanying Top Threats to Cloud Computing: Pandemic 11 Deep Dive to learn all about the eleven most salient threats in cloud environments.