Types of cybersecurity attacks
Common cybersecurity attacks include:
Malware, or malicious software, is an umbrella term which refers to intrusive programs designed to exploit devices at the expense of the user and to the benefit of the attacker. There are various types of malware, but they all use techniques designed not only to fool users, but also to evade security controls so they can install themselves on a system or device covertly without permission. Some of the most common types of malware include:
- – extortion software that can lock your computer and then demand a ransom for its release.
- – a type of malware that typically gets hidden as an attachment in an email or a free-to-download file, then transfers onto the user's device. Trojans are capable of gathering sensitive user data, including credentials, payment information, and more.
- – software that enables an attacker to obtain covert information about another's computer activities by transmitting data covertly from their hard drive. Spyware is also able to function as a keylogger and can take screenshots of sensitive data.
Distributed Denial-of-Service attacks (DDoS)
involves multiple compromised computer systems attacking a target, such as a server, website, or other network resource, causing a denial of service for users of the targeted resource. The sheer volume of incoming messages, connection requests or malformed packets to the target system forces it to slow down or crash – which denies service to legitimate users or systems.
is a form of fraud in which an attacker masquerades as a reputable entity, such as a bank, well-known company, or person in email or other forms of communication, to distribute malicious links or attachments. This is to trick an unsuspecting victim into handing over valuable information, such as passwords, credit card details, intellectual property and so on.
are directed at specific individuals or companies, while whaling attacks are a type of spear phishing attack that specifically targets senior executives within an organization. One type of whaling attack is the business email compromise, where the attacker targets specific employees who can authorize financial transactions to deceive them into transferring money into an account controlled by the attacker. The FBI estimates that $43 billion was lost between 2016 and 2021 because of business email compromises.
Cross-site scripting (XSS) attacks
XSS enables an attacker to steal session cookies, allowing the attacker to pretend to be the user, but it can also be used to spread malware, deface websites, create havoc on social networks, phish for credentials and—in conjunction with techniques—perpetrate more damaging attacks.
comprises a collection of internet-connected computers and devices that are infected and controlled remotely by cybercriminals. They are often used to send email spam, engage in click fraud campaigns, and generate malicious traffic for DDoS attacks. The objective for creating a botnet is to infect as many connected devices as possible and to use the computing power and resources of those devices to automate and magnify the malicious activities. Thanks to the growth of the Internet of Things, botnet threats are one of the fastest growing categories of threats.
A data breach is a security incident in which private or sensitive information (such as student data) is accessed without authorization.
These threats involve hackers holding data hostage in exchange for money or other demands.
IoT (Internet of Things) devices such as laptops, smart home accessories and tablets often lack security or are not updated on a regular basis, making it vital for teachers to prioritize security when incorporating IoT devices into the classroom.