Types of cyber attacks

Attackers use a small set of patterns over and over. Knowing what each looks like helps you spot them before damage is done.

Ransomware and extortion

Ransomware locks your files with encryption and demands payment to unlock them. In double-extortion attacks, attackers also steal data and threaten to publish it if you do not pay. Hospitals, schools, and local governments have been hit because they often lack the budget for strong backups and segmentation.

The most effective defense is backups you can restore. Keep at least one copy offline or in a system the ransomware cannot reach. Test restores regularly—many organizations discover their backups are broken only when they need them. Patching known vulnerabilities and blocking macros in Office files also reduces the chance of initial infection.

Phishing and credential theft

Phishing uses fake emails, texts, or websites to steal passwords, session tokens, or payment details. A common pattern: an email that looks like it is from your bank or IT department, with a link to a login page that sends your credentials to the attacker. Spear phishing targets specific people—for example, finance staff who can approve wire transfers—using details from social media or prior breaches to sound credible.

Two-factor authentication (2FA) stops many attacks because the attacker needs more than your password. Prefer app-based codes or hardware keys over SMS, which can be hijacked via SIM swap. For high-risk actions like changing bank details, verify through a known phone number or in person—never trust a number or link from an email.

DDoS and availability attacks

Distributed denial-of-service (DDoS) attacks flood a website or service with traffic until it cannot respond to real users. Attackers often rent botnets—networks of compromised devices—to generate the volume. Small businesses and game servers are frequent targets because they rarely have the capacity to absorb large traffic spikes.

Mitigation usually happens at the network or hosting level. Many providers offer DDoS protection; if you run your own infrastructure, consider a scrubbing service that filters malicious traffic before it reaches your servers. There is little you can do from a single laptop to stop a DDoS—the defense is architectural.

Supply-chain compromises

Instead of attacking you directly, attackers compromise a vendor or tool you trust. Examples: malicious code injected into a popular open-source library, or a software update from a legitimate vendor that has been compromised. One compromise can affect thousands of organizations that use that dependency.

Reduce risk by keeping dependencies up to date, reviewing what you install, and using signed packages where possible. For critical systems, maintain a list of approved software and block unapproved installs. When a major supply-chain incident is announced, check whether you use the affected product and apply patches immediately.

Insider threats

Insiders—employees, contractors, or partners with legitimate access—can steal data, sabotage systems, or leak credentials. Motivations range from financial gain to resentment or coercion. High-profile cases often involve people who had broad access and little oversight.

Limit damage by giving people only the access they need (least privilege), logging sensitive actions, and separating duties so no one person can complete a high-risk process alone. Exit procedures should revoke access promptly when someone leaves. Culture matters: people who feel respected and fairly treated are less likely to become malicious insiders.