What Is a Cyberattack? Types, Methods, Major Incidents, and How to Stay Protected
A comprehensive overview of cyberattacks — the major types including phishing, ransomware, DDoS, and SQL injection, how they work, significant real-world examples, and evidence-based strategies for individuals and organizations to reduce risk.
What Is a Cyberattack?
A cyberattack is a deliberate attempt by an individual, group, or state actor to breach the information systems of another individual, organization, or government to steal data, disrupt operations, extort money, conduct espionage, or cause damage. Cyberattacks exploit vulnerabilities in software, hardware, network configurations, or human behavior to gain unauthorized access or cause harm.
The scale of cybercrime has grown dramatically in the internet age. According to Cybersecurity Ventures, global cybercrime costs are projected to reach $10.5 trillion annually by 2025 — making it, by comparison, the third-largest economy in the world after the U.S. and China. The average cost of a data breach for organizations reached $4.88 million in 2024 according to IBM's annual Cost of a Data Breach Report.
Major Types of Cyberattacks
1. Phishing
Phishing is the most prevalent form of cyberattack. Attackers impersonate legitimate entities — banks, government agencies, employers, or trusted contacts — through email, SMS (smishing), or voice calls (vishing) to trick victims into revealing credentials, clicking malicious links, or transferring money.
Spear phishing is a targeted variant using personalized information about the victim (gleaned from social media, data breaches, or reconnaissance) to appear more credible. Business Email Compromise (BEC) — where attackers impersonate executives to trick employees into wire transfers — cost organizations an estimated $2.9 billion in 2023 according to the FBI's Internet Crime Report.
The 2016 DNC email breach — which influenced the U.S. presidential election — began with a spear phishing email to campaign chairman John Podesta that appeared to be a Google security alert.
2. Ransomware
Ransomware is malicious software that encrypts a victim's files, rendering them inaccessible, then demands a ransom payment (typically in cryptocurrency) in exchange for the decryption key. Modern ransomware operations are often conducted by professional criminal organizations using a "Ransomware-as-a-Service" (RaaS) model — developers lease the ransomware to affiliates who conduct attacks and split proceeds.
Notable incidents:
- WannaCry (2017): Exploited the NSA-developed EternalBlue exploit (leaked by a hacking group) to spread autonomously across networks. Infected 200,000+ systems in 150 countries; caused an estimated $4–8 billion in damages; severely disrupted the UK's National Health Service.
- NotPetya (2017): Disguised as ransomware but designed purely for destruction; targeted Ukraine but spread globally; caused ~$10 billion in damages — the costliest cyberattack in history according to U.S. government estimates. Attributed to Russian military intelligence (GRU).
- Colonial Pipeline (2021): DarkSide ransomware shut down the largest U.S. fuel pipeline for 6 days; $4.4 million ransom paid; caused gasoline shortages across the southeastern U.S.
3. Distributed Denial-of-Service (DDoS)
A DDoS attack overwhelms a target's servers or network infrastructure with massive volumes of traffic from many sources simultaneously (typically a botnet — a network of compromised devices), rendering the service unavailable to legitimate users.
The largest DDoS attack on record occurred in 2023 when Cloudflare reported mitigating a 71 million requests-per-second HTTP DDoS attack against one of its customers — roughly three times larger than the previous record. DDoS attacks are commonly used against financial institutions, governments, and gaming platforms for extortion, activism, or competitive sabotage.
4. Malware
Malware (malicious software) is an umbrella term encompassing any software designed to harm or exploit systems:
- Viruses: Self-replicating programs that attach to legitimate files; spread when files are shared.
- Worms: Self-replicating programs that spread autonomously across networks without needing to attach to a file (e.g., WannaCry).
- Trojans: Malicious software disguised as legitimate programs; do not self-replicate.
- Spyware/Keyloggers: Silently monitor and record user activity, capturing credentials and sensitive information.
- Rootkits: Conceal their presence and other malware from detection by the operating system and security tools.
5. SQL Injection
A web application attack in which malicious SQL code is inserted into an input field (login form, search box) that is then executed by the database. If a web application fails to properly sanitize user inputs, an attacker can extract, modify, or delete database contents — including usernames, passwords, credit card numbers, and personal data.
SQL injection has been among the top web application vulnerabilities for over two decades (consistently in the OWASP Top 10). The 2009 Heartland Payment Systems breach — at the time the largest payment card breach in history (affecting 130 million cards) — was achieved via SQL injection.
6. Man-in-the-Middle (MitM) Attacks
An attacker intercepts communication between two parties — often by positioning themselves on the same network — to eavesdrop on or manipulate traffic. Common in unsecured public Wi-Fi environments. The widespread adoption of HTTPS/TLS has significantly reduced the practical impact of MitM attacks on encrypted web traffic, but attacks still occur on unencrypted connections.
7. Social Engineering
Manipulation of people rather than technical systems to obtain information or access. The most sophisticated attacks often combine technical and social engineering components. The 2020 Twitter hack — in which accounts of Barack Obama, Joe Biden, Elon Musk, and others were compromised to promote a Bitcoin scam — was achieved not through technical exploits but through social engineering of Twitter employees to gain admin tool access.
8. Supply Chain Attacks
Attackers compromise a software vendor or service provider to gain access to the vendor's customers — often at massive scale. The SolarWinds attack (2020), attributed to Russian SVR intelligence, inserted malicious code into a SolarWinds network monitoring software update; approximately 18,000 organizations installed the compromised update, including U.S. government departments and major corporations. This attack remains one of the most sophisticated supply chain compromises ever documented.
Who Conducts Cyberattacks?
| Actor Type | Primary Motivation | Common Tactics |
|---|---|---|
| Cybercriminals | Financial gain | Ransomware, phishing, fraud, credential theft |
| Nation-state actors | Espionage, disruption, geopolitical leverage | Advanced persistent threats (APTs), supply chain attacks |
| Hacktivists | Political/ideological | DDoS, defacement, data leaks |
| Insiders | Disgruntlement, financial incentive | Data exfiltration, sabotage |
| Script kiddies | Notoriety, vandalism | Automated tools, low-sophistication attacks |
How to Reduce Cyberattack Risk
For individuals:
- Use strong, unique passwords for every account — managed with a password manager (Bitwarden, 1Password, Dashlane)
- Enable multi-factor authentication (MFA) on all important accounts — reduces account compromise risk by 99.9% according to Microsoft research
- Keep software updated — the majority of successful attacks exploit known, patched vulnerabilities
- Be skeptical of unsolicited communications asking for credentials, payments, or personal information
- Use HTTPS websites and a reputable VPN on public Wi-Fi
- Regular backups to an offline or offsite location — the primary defense against ransomware
For organizations, the additional priorities include network segmentation, zero-trust architecture, employee security training (human error accounts for ~74% of breaches according to Verizon's 2024 Data Breach Investigations Report), vulnerability scanning and penetration testing, and incident response planning.