Main section
What types of cyberattacks are out there?
Cyberattacks take place in the digital space and aim to impair the integrity, confidentiality and availability of data. These attacks can be launched by private and state actors alike. They are always malicious, illegal and intentional. Here we have provided an overview of the different types of attacks.
Malware
Malware refers to programs that have been specially developed to cause damage to targeted individuals or companies. Attackers inject the malware into computer systems with the aim of causing disruption and damage. These attacks can take different forms:
Computer virus
Just like a medical virus, a computer virus spreads uncontrollably and attacks its host’s systems – in this case, operating systems, software or even data carriers. The colloquial term "computer virus" is regularly used to describe all types of malware.
Ransomware
Ransomware is a type of software designed to extort money from victims. It is sent, for example, via email attachments. If a device becomes infected, this can result in the encryption of individual data (file encrypter/crypto ransomware) or even the entire file system (screenlocker/locker ransomware). The attackers then demand ransom money in exchange for removing the encryption or providing the relevant private key. They often set tight deadlines, putting their victims under even more pressure.
Trojans
Trojans install – without any prompting and ideally without anyone noticing – additional software on the user’s device. Examples of trojans include DDoS trojans, trojan spies and trojan mailfinders.
-
DDoS trojans: DDoS stands for distributed denial-of-service. During these attacks, servers or networks are bombarded with such a volume of requests that websites, for example, are no longer accessible. If a computer is infected with a DDoS trojan, it too takes part in such bombardments and can therefore be regarded as an accomplice.
-
Trojan spies: Trojan spy programs are used to spy on your computer. For example, they record what you enter on your keyboard (e.g. passwords) or they take screenshots.
-
Trojan mailfinders: Mailfinders collect email addresses from your computer – for example, from address books in your email program.
Cryptojacking
Anyone interested in mining cryptocurrencies will need a whole lot of computing power. This in turn is associated with high costs. Attackers therefore infect external computers and other devices with the aim of secretly mining cryptocurrencies at the expense of their victims. Such attacks often go undetected because nobody notices the damage caused at the time – but that’s not to say that it hasn’t happened. Such malware slows down other processes, increases the victim’s electricity bill and reduces the service life of the infected devices.
Social engineering
The "human factor" continues to pose a serious risk to IT security. Attackers are well aware of this fact and try to exploit this vulnerability by gaining access to sensitive data or networks. To this end, they play the part of a trustworthy individual – in some cases, someone the victim might even know.
Phishing
Phishing emails are often so well disguised that they are indistinguishable from harmless or authentic emails. Attackers invite recipients to reveal sensitive data such as usernames or passwords or to click on an infected link.
Scareware
Scareware notifications look a lot like virus warnings. Recipients are therefore made aware of the fact that their device has been infected by malware. The goal of the attacker is to frighten the victim and scare them into visiting unsafe websites or paying for bogus security software in order to solve the problem as quickly as possible.
Supply chain attacks
These types of cyberattacks target a company’s supply chain or value creation chain. During such attacks, viruses or other malware are passed on to the company via (software) suppliers or providers. The result: attackers gain quick – and often undetected – access to large volumes of sensitive company data. This can include, for example, customer or payment data.
Cyber-physical attacks
Cyberattacks can also be launched for the purpose of inflicting physical damage. For example, industrial plants are often a target. Attackers inject malicious commands into a system via malware. These systems can suffer severe damage in a short space of time or be taken offline as a result. However, since it is not uncommon for plants and machines to suffer failures, these attacks also often go undetected initially or are sometimes confused with regular malfunctions.
State-sponsored cyberattacks
Governments, too, sometimes employ the services of hackers – usually in an unofficial capacity of course. Their assignments include, for example, espionage or attacks on critical infrastructures in order to test or weaken the defence capability of the opponent. Cyberattacks are also sometimes used in political disputes in order to spread misinformation and cause subsequent unrest.
Advanced persistent threat (APT)
An advanced persistent threat is an example of a prevalent state-sponsored cyberattack. In such cases, the attacker gains extended access to the system of their victim. They collect information (espionage) or carry out sabotage.