Cybersecurity Deep-Dive: 18 Types of Cyberattacks & Prevention Methods

Alex Popa

By Alex Popa . 22 November 2023

Cybersecurity Journalist

Miklos Zoltan

Fact-Checked this

Cybercrime will cost $10.5 trillion annually by 2025, according to Cybersecurity Ventures. Individuals, governments and businesses alike are more and more at risk of cyberattacks.

According to ITGovernance, there have been 73 publicly disclosed security incidents just in August 2023, which resulted in the loss of 79 million records.

It’s bad. Really bad.

But don’t despair yet. I’m here to educate you on what cybercrime is, types of cyberattacks, and ways you can protect yourself.

Here are the main types of cyberattacks observable today:

  1. Malware
  2. Phishing
  3. DoS & DDoS Attacks
  4. Identity Theft
  5. Website Spoofing
  6. Cyberstalking
  7. Man-in-the-Middle (MITM) Attacks
  8. SQL Injection
  9. URL Interpretation
  10. DNS Spoofing
  11. Password Attack
  12. Insider Threat
  13. Zero-Day Exploit
  14. Cryptojacking
  15. Watering Hole Attack
  16. DNS Tunneling
  17. Business Email Compromise (BEC)
  18. Eavesdropping Attack

And here are a few examples of cybercrimes committed through these cyberattacks:

  • Internet and email fraud
  • Illegal gambling
  • Ransomware attacks
  • Theft and sale of corporate data
  • Infringing copyrights
  • Cyberbullying
  • Cyberextortion
  • Cyberespionage
  • Theft and sale of personal or corporate financial data
  • Only drug trafficking
  • Software piracy
  • Compromising IoT devices
  • Identity fraud

And the list goes on with countless new victims appearing every day. Hackers are getting smarter, their tools are getting more advanced, and there will be victims.

But we at PrivacyAffairs want to even the odds for the little guy.

Below, I’ll go through every cyberattack type, explain how it works, and how to protect against it.

Let’s get started!


Image showing a digital spider on a circuit board

The malware is the most common cyber-threat and also the most versatile due to its many forms.

In short, a malware is a program or software that infects your device without your permission.

Once it enters a system, it will begin following its programming to achieve its goal, whether that is to steal data, encrypt data, display ads, etc.

There are 10 types of malware that we’ve been able to identify:

  • Virus – a program that replicates itself and spreads to files and folders on a device. If a user transfers the virus to another system or network, it can infect those too
  • Trojan – a program that disguises itself as a harmless, legitimate software and tries to trick users into opening the executable file
  • Adware – computer code that shows advertisements on your device, which can impact your device’s performance
  • Worm – virus-like program that can spread independently to other systems and networks without the need for a user to carry it externally
  • Spyware – a program that identifies and collects information about a user’s activities on a system. It can collect personal information, financial information, record keystrokes, and monitor your browser
  • Botnet – a network of infected computers controlled by a hacker to perform malicious acts such as sending spam or performing DDoS attacks. These computers are controlled without the owners’ knowledge
  • Ransomware – a program that infects a device, encrypts specific files, and then leaves behind a ransom for the victim to pay if they want to regain their files
  • Keylogger – a program that identifies and records keystrokes made on a device. This lets hackers find out passwords, login credentials, credit card details, and other personal/corporate sensitive data
  • Rootkit – a program that enables access to a device and offers the required privileges for other malicious software to access and operate on the device. Rootkits also mask their own presence and the presence of other malware
  • Fileless Malware – a program that doesn’t need files to spread and infect a system. Instead, the malware is located in the memory or registry of the device

Since malware can come in so many different forms, it’s not easy to defend against it. But it’s not impossible.

Prevention Methods:

  • A strong alphanumerical password with symbols (15+ characters)
  • Cybersecurity awareness training for your staff
  • Multi-Factor Authentication
  • Antimalware software
  • Constant monitoring of network-wide malicious activities and server performance issues
  • Least-Privilege Model
  • Limited closely-controlled use of administrator accounts

Malware is an insidious piece of software that often slips through the cracks of a security system. Its favorite victim is the unprepared, inattentive, and oblivious individual with low cybersecurity awareness.

As such, the best protection against malware is to become unforgiving to security mistakes, impose airtight security policies, and become hyperaware of the slightest issues with your network and servers.


Image showing a hooded hacker using a laptop

Phishing relies on social engineering to convince you to divulge sensitive information. There are multiple types of phishing attacks:

  • Spear Phishingaccording to the Director National Intelligence, spear phishing “targets a specific person or group and often will include information known to be of interest to the target, such as the current events or financial documents
  • Whale Phishing – they target high-ranking individuals within a company with the goal of stealing their money, confidential information, or access data to the company network. This allows them to launch further attacks
  • SMS Phishing – by posing as legitimate entities, hackers will send you SMS messages asking for confidential information like usernames, credit card numbers, passwords, etc.
  • Voice Phishing – the same as SMS Phishing only done through voice messages and calls

Phishing attacks are some of the most insidious cyberattacks on this list. They’re very common and use social engineering to deceive unsuspecting users into disclosing their personal information.

The infamous attack on Colonial Pipeline in May 2021, which resulted in the payment of $4.4 million and the loss of €3.4 billion, started through an email phishing attack.

According to the same site, email was the “primary delivery method for high-profile infrastructure attacks”.

Prevention Methods:

  • Cybersecurity and cyberthreats employee awareness
  • Antimalware software

Phishing relies only on social engineering, negligence, inattentiveness, and gullibility. To avoid this, cybersecurity awareness is a must.

Your employees should be able to reasonably identify suspicious emails, attachments, SMS messages, websites, and so on.

They should not download information or files from unknown or untrusted sites either.

An antimalware software will automatically identify phishing sites and warn you not to access them.

I cannot overstate the importance of cybersecurity and threat awareness regarding phishing, though. Phishing attacks succeed only because someone:

  • Doesn’t know something
  • Does not pay attention to something
  • Underestimates the risks involved
  • Is easily deceived and has no security awareness training

Solve these four problems and you’re well-defended against phishing attacks.

DoS & DDoS Attacks

Image showing a hacker surrounded by a network of laptops

DoS and DDoS attacks aim to disrupt a system’s service and force it to shut down completely.

The difference between the two is that:

  • DoS (Denial of Service) uses one host machine to overwhelm a system with false requests, forcing it to shut down
  • DDoS (Distributed Denial of Service) that uses multiple attacking machines to overwhelm a system and induce shut down.

In both of these cases, the end-goal is service disruption. The simple inactivity of the company and incurred losses is a win for the hackers in some cases.

In other cases, the system becomes vulnerable to other attacks once it goes through a DoS or DDoS attack.

Most DDoS attacks will target online retailers, government websites, gambling companies, financial and fintech companies, and IT service providers.

A botnet is usually used to launch the DDoS attack due to the sheer number of requests that the hackers can send simultaneously from multiple devices.

Prevention Methods:

There are seven steps you can take to prevent and/or respond better to a DDoS attack:

  • Create a DDoS response plan where you instruct your employees to act accordingly during a DDoS crisis. You’ll need specific tools, knowledge on which systems are critical, share team responsibilities, and create escalation protocols
  • Secure your network accordingly with antimalware software, endpoint security, network segmentation, firewalls, intrusion detection systems, and anti-spoofing tools
  • Employ server redundancy protocols to avoid putting all the load onto a single server. During a DDoS attack, your other servers will take on some of the load and disperse it, avoiding a complete shutdown.
  • Watch out for red flags like slow server performance, crashes, a massive traffic spike from users who have a common profile, poor connectivity, suspicious traffic from a singular or a group of IP addresses, and a high demand for a single server endpoint
  • Real-time network monitoring can help you detect DDoS attempts ahead of time. This gives you precious time in employing the response plan and keeping critical systems alive
  • Limit network broadcasting to cut short a high-volume DDoS attack and save the network from complete shutdown
  • Outsource server requirements to Cloud providers. A transition on the cloud will mitigate low, medium, and even high-volume DDoS attacks easily because of the much higher bandwidth. Many cloud data centers use network redundancy, backups, and you can choose on-demand or always-on cloud DDoS protection

DDoS attacks are becoming more common in 2023. According to Kaspersky’s quarterly report, over 57,116 DDoS attacks were reported in 2023 so far. And Cloudflare says that there’s been an increase of 67% in ransom DDoS attacks in 2022. If you want to read more about them, check out this guide I did!

Identity Theft

Image showing a hacker using a laptop

Identity theft happens when a criminal uses your stolen personal data to:

  • Empty your bank account
  • Access confidential information
  • Create accounts in your name
  • Claim government benefits in your name
  • Participate in tax or health insurance fraud in your name

It’s a case of impersonation, in other words. The criminal gets ahold of your personal data through phishing or other methods. Then, they use that information to impersonate you and obtain benefits.

The hacker can also sell your information to the highest bidder on the dark web. The buyer will then pretend to be you, effectively stealing your identity.

Prevention Methods:

  • Avoid having your personal data stolen by using strong passwords, using antimalware software, not divulging your personal data publicly, etc.
  • Set alerts to your banking account so you notice the identity fraud as soon as it happens
  • Watch yourself against phishing and spoofing attacks
  • Set a 2FA to your banking transactions so you need to confirm every transaction manually
  • Watch your mailbox for suspicious emails claiming you’ve created accounts to unknown platforms

Identity theft often happens because you’re unaware of the way hackers operate or you don’t pay attention to phishing links or attachments. Or you overshare online.

Cherish your privacy, adopt a healthy password policy, and you’ should be safe from identity theft!

Website Spoofing

Image showing a hacker coming out of a laptop

Website spoofing replicates the design and interface of a legitimate site to trick users into providing their personal data.

The appear legitimate, the hackers replicate the:

  • Overall design style of the original site
  • The branding
  • The user interface
  • The domain name
  • The email address

Once they trick you into believing the legitimacy of the site, they’ll either steal your data or install malware into your system.

The way website spoofing often works is by sending you an “urgent” email, asking you to change your credentials because there may be a data breach going on.

Crypto spoofing is especially insidious because the hackers will ask you to send your crypto into another account to keep it safe.

Prevention Methods:

  • Don’t panic when you receive any “urgent” email from anyone. Instead, go to the legitimate site, search for a contact form, and ask them about the email you received
  • Check the sender email address and see if it matches the one from the company it claims to be from. Visit the company’s site, search for its email, and compare the two
  • Check the URL and domain name of the site you’re on. Are they the same as the original site or are they different?
  • Never open links in your email. It’s better to do a Google search and find the site you’re looking for than opening any links sent via email
  • Don’t enter personal information into links you receive in your email inbox

Website spoofing is another cyberattack that relies entirely on social engineering. It’s devised to use your expectations against you.

So, always expect your emails to come from a bad actor and double-check or triple-check their authenticity.

Better safe than sorry, after all.


Image showing a laptop with the picture of a man, surrounded by data

Cyberstalking happens when a criminal stalks you online, on social media or other communication channels. They’ll gather information about you, harass or even threaten you.

They may install spyware on your device, gain access to your phone camera, and try to blackmail you with the stolen data.

They may use photos or videos against you in an attempt to extort certain things from you (money or sex).

Doxxing is not out of the question either, if the stalker wants to push you to the edge.

Prevention Methods:

  • Avoid toxic communities, as they’re the most likely sources of cyberstalking you’ll find online
  • Be very careful about sharing your personal information online, since you don’t know who’s going to read it. You should never post your personal information publicly, if possible
  • Steel yourself when going online because the internet is not for the faint of heart
  • Distance yourself from stalkers and harassers. You don’t have to take their abuse. Report them to the necessary authorities if they’re becoming an actual threat and move on with your life
  • Use the “block” button on social media. There’s a reason it’s there

Cyberstalking is very common on social media, forums, and other chatting platforms these days. It affects many people, especially those who aren’t experienced in the more mature side of the internet.

The biggest risk to cyberstalking is doxxing, where the hacker publishes your private information online to make fun of you or put you in a tough situation.

Man-in-the-Middle Attacks

Image showing a hacker surrounded by a geographical map of interconnected data points

A man-in-the-middle attack, MITM for short, occurs when a hacker hijacks the communication between two parties with malicious intent.

The goal of a MITM attack could be:

  • To spy on the two parties and glean private information from the chat
  • To steal personal information or credentials
  • To alter the conversation and attempt to deceive the two parties

The attacker effectively inserts itself in the “middle” of the data transfer or communication between the two parties.

A notable example of this is Equifax, a credit score company. In 2017, they removed all their apps from Google and Apple following a data breach that resulted in leaked personal data.

Apparently, their app did not always impose the HTTPS protocol, which allowed hackers to launch MITM attacks when users were accessing their accounts in the app.

Prevention Methods:

  • Always use HTTPS websites. The “S” from “HTTPS” comes from “secure”, and it encrypts the data transfer between the web browser and the website. This means MITM attacks are somewhat harder to pull off (not impossible)
  • Enable end-to-end encryption on your messaging apps, if you use any. WhatsApp has native end-to-end encryption, while Telegram needs you to enable it, for instance. This type of encryption thwarts MITM attacks entirely by securing both the sending and receiving parts of the data transfer
  • Use a VPN when going online or when connecting to a public Wi-Fi network. VPNs spoof your IP address, which stops spoofing-based MITM attacks dead in their tracks. Your traffic is also encrypted through multiple servers
  • Watch out for fake websites or intrusive pop-ups. These may be hiding hackers who intercept your data transfer when you click on these websites or pop-ups
  • Avoid sites with invalid security certificates. When a website has an invalid certificate, it means their identity is not confirmed and they don’t have an SSL certificate installed. Without an SSL certificate, they can’t encrypt the connection between the website and browser

MITM attacks are less common in 2023 because end-to-end encryption has become the norm for most chat platforms and email providers.

Even if the network itself is not secure, the end-to-end encryption ensures the data transmitted is safe from prying eyes.

SQL Injection

Image showing a hacker standing in front of a flux of information

SQL injections are very common hacking techniques used by criminals to attack websites. Here’s how they work:

  • A hacker interferes with the queries (requests) of an app to the SQL database
  • The hacker will be able to access data in the app’s database that isn’t normally public
  • They can modify or even delete the data in the database, effectively altering the way the app works
  • Hackers can gain access to passwords, personal user information, credit card details, and anything else in the database

Since SQL lies at the basis of most databases today, you can see how SQL Injection can be a problem.

When successful, an SQL Injection provides hackers with free reign over a company’s databases.

Prevention Methods:

  • Input validation, which means that app developers will “sanitize” all inputs into the database. In simple terms, this means that data entered into input boxes doesn’t go directly into a database. It first needs to be validated
  • Parametrized queries, which means that a user input value (password in a password box) cannot contain an executable code anymore. The database treats it as an input value only
  • Provide SQL Injection training to all your developers to raise awareness about the risks involved
  • Assume that all user inputs are malicious to avoid dealing with unsolicited SQL queries that might be malicious
  • Use whitelists to filter user inputs rather than blacklists. It’s much harder for a hacker to find a way inside your database when you only have a few access points instead of a few denied access points

SQL Injections are one of the most common infiltration methods used by hackers today. They’re also quite complicated and require some technical skills to prevent.

But there are many web development technologies today that include automatic SQL Injection defense layers. It’s already a common element of the programming environment in 2023.

URL Interpretation

Digital landscape with code

URL Interpretation, also known as URL Poisoning, refers to the act of URL manipulation by hackers. They alter its parameters to try and access potentially private information from the web server.

For instance, the “preview=true” parameter added at the end of the URL may show an unpublished version of the page that may contain sensitive information.

Here’s what hackers can do with URL Interpretation:

  • Access unwanted information from the site’s database
  • Access files and folders within the database
  • See the architecture of a web application
  • Execute commands on the web server
  • Obtain various resources from the site’s database

In very simple terms, a URL is used to access different resources from a website. Change the URL – access a different resource.

If the web developers are inattentive, they may forget to remove public access to certain resources through the URL.

Prevention Methods:

The only solution to URL Interpretation is to ensure that your URL does not lead to any unwanted sections of your database.

This requires a web developer to analyze the database and patch any vulnerabilities coming from URL accessibility.

It’s not a complicated process. In fact, URL Interpretation only works when web developers have been inattentive.

DNS Spoofing

Digital landscape with code

A DNS is the “domain name system”, which connects web browsers to websites, in short.

DNS Spoofing happens when a hacker alters a DNS server to redirect a user to an unwanted and malicious website that is likely controlled by the hacker.

This usually happens when users connect to public Wi-Fi networks but that’s not necessary. If the hacker has access to the Address Resolution Protocol tables and alter them, they can change the DNS.

This way, they can create a phishing website that resembles the one the user was trying to access.

Here’s how DNS Spoofing is done:

  • The hacker establishes a goal, like stealing banking information
  • They find a banking site, downloading its code and styling files, and then upload them to their computer to hijack the connections
  • When a user tries to access the original banking domain, they’re redirected to the malicious version created by the hacker
  • Any information entered into the malicious website is collected by the hacker

It’s one of the more common attack methods used by hackers due to the vulnerability of public Wi-Fi networks.

Prevention Methods:

  • Watch for the lack of an encryption certificate when you access websites. Many times, DNS Spoofed websites lack one
  • Use a VPN. Its encrypted servers are very resistant to DNS spoofing and will keep your information private
  • Watch for anything suspicious on the site, whether that is an asset that isn’t loading or a slightly odd URL address
  • Avoid using public Wi-Fi networks if possible. Use your mobile network whenever you’re on the go. It’s much safer

DNS Spoofing is less common on regular networks because many internet providers have started adopting DNSSEC (DNS Security). It specifically protects against DNS Spoofing.

Password Attack

Image showing a lock and numbers on a wall

In a Password Attack, the criminal is trying to find out your password for an account. This process is also known as “cracking a password”.

Here are the different techniques used by hackers to crack your password:

  • Brute-Force Attack, where the criminal tries to “guess” your password. They’ll use special tools that can try trillions of password/username combinations in a few seconds. The more complex your password is, the less successful a brute-force attack is
  • Dictionary Attack, where the hackers use your personal data to try and figure out your password. Things like your name, birthplace, your wedding anniversary, child’s name, etc. Avoid using such familiar information for your password
  • Credential Stuffing, where the hacker assumes that you may have used a former username and password that were disclosed during a data breach. Never use the same usernames and passwords across different accounts. You can use to see if any of your accounts have been part of a data breach
  • Rainbow Table Attack, where a criminal uses a precomputed table with the password hash values for each plain text character that someone uses during the authentication process on a website. To create this table, they would need to get the password hashes from the website, though. And in recent times, most websites have begun using salting” to prevent this attack
  • Password Spraying, a method similar to brute-forcing. The hacker tries the same password on different accounts to avoid the account lockout upon entering too many wrong passwords. This method is especially effective against entities that engage in password sharing
  • Keylogger, where the password installs a program in your device that records keystrokes. It can easily identify your password in order of your keystrokes. This program is usually installed without your knowledge

Password attacks are incredibly common and a big cause of cyberattacks worldwide. If people took greater care in creating their passwords, cybercrime wouldn’t nearly be as profitable as it is.

Prevention methods:

  • Use a strong password made from alphanumerical characters, symbols, and 10-15 characters in total
  • Never reuse the same password across accounts. This is one of the biggest mistakes people make
  • Don’t use familiar elements for your password. Your birthday, name, pet’s name or children’s name can become public information if disclosed during a data breach
  • Use a password manager. A password manager lets you create custom password for every account and locks them all behind a master password. You only have to remember your master password, so one strong password that locks the rest
  • Use Two-Factor Authentication (2FA). Assume that your password may be cracked at some point. 2FA will lock your account with an additional layer of security that verifies your identity. It’s not foolproof but it’s something
  • Watch out for phishing. A password’s complexity is pointless if it gets disclosed through a phishing attack. Don’t click any suspicious links or visit any odd websites. Watch for SSL certificates online, and be aware of your surroundings

I cannot overstate the importance of having a strong and complex password for your online security. Your password is the number one credential you don’t want to be found out or leaked.

Protect it at all costs!

Insider Threat

Image showing a hacker using a laptop behind several individuals

Often, the threat isn’t external but internal. Internal actors like former disgruntled employees present a much bigger risk to companies.

These insider threats know the layout of the security system, they know fallback plans, access procedures, validation processes, where IP assets are located, and more.

Basically, they have all the information to bleed your company dry if they ever turn sides and hack you.

There are three types of insider threats:

  • Malicious insider threats that steal company data intentionally
  • Malicious disgruntled employees that hack your company after being fired
  • Negligent insider threats that let company data be stolen through negligence

Negligence is the number one cause of cybersecurity failures in history. It’s what leads to most data breaches no matter where you look.

Prevention Methods:

  • Conduct background checks on new employees to know exactly who you’re hiring and what to expect from them
  • Educate your employees on cybersecurity to prevent mistakes out of negligence. Your employees should know about security risks, best security practices, how to notice suspicious activities, and more
  • Use 2FA. More security – less chance for cyberattacks to succeed. It works the same with insider threats
  • Use the Principle of Least Privilege where only those required to access certain resources have the clearance to do so. Provide as little privilege as necessary to your employees
  • Promote transparency and open communication to avoid having to deal with disgruntled employees who turn rogue
  • Apply security patches regularly. Every business has vulnerabilities, no matter how big or small. What matters is that you patch them in due time. Don’t let them fester because someone will find them and use them against you
  • Prepare an incident response plan for when a data breach does happen. Your employees should know beforehand how to react and how to mitigate the breach quickly

Once you employ strong cybersecurity measures, security awareness education, and address employee grievances, insider threats are a non-issue, more or less.

Zero-Day Exploit

Image showing a red digital landscape

A zero-day exploit happens when hackers discover a previously-unknown vulnerability in an operating system or software application.

The vulnerability either hasn’t been discovered at all or has just been discovered and security patches haven’t been applied yet.

The hackers will attack companies exhibiting this zero-day vulnerability and exploit it before the patch becomes available.

Here’s the timeline of a zero-day exploit attack:

  • Vulnerability Is Introduced – At this stage, the software application with the zero-day vulnerability is made public
  • Vulnerability Is Discovered by Hackers – Threat actors discover the dormant vulnerability and find a way to exploit it
  • Vulnerability Is Discovered by Vendor – The software vendor discovered the vulnerability but does not have a security patch for it
  • Vulnerability Is Made Public – Either the vendor or independent security researchers announce the vulnerability publicly, raising awareness among users and hackers alike
  • Anti-Virus Signatures Are Released – Anti-virus vendors will identify the signature of zero-day malware created to exploit the vulnerability and release patches against it
  • Patch Is Released – The software vendor releases a comprehensive patch for the zero-day vulnerability, which could take upwards of a few months
  • Patch Is Deployed – It takes time for all users to deploy it and protect against exploitation. But eventually, the zero-day vulnerability will become risk-free

Zero-day exploits are extremely tricky because there’s effectively no defense against them before a patch comes out.

Prevention Methods:

There’s no current solution against zero-day exploits due to their very nature. Before a security patch comes out, these exploits can be used by hackers if they learn about them.

Next-Generation Antivirus software might be useful because they stop hackers from installing unknown hackers on a device.

You should also have an incident response plan ready for when an attack happens. You need to be able to recover fast and keep your most essential systems running.


Image showing a hacker's profile on a bitcoin logo

Cryptojacking uses a user’s device to mine cryptocurrency for the hackers without the user’s knowledge. This type of attack should remain invisible from the victim at all times.

Here’s how cryptojacking works:

  • The hackers infiltrate a user’s device and install a cryptojacking software. This can happen through a malicious link or an infected website or online add that the user clicks on
  • The cryptojacking software works in the background as the device is open, stealing its resources

Usually, a user may see higher electricity costs, performance issues, a higher CPU usage, or overheating. These are all potential follow-ups of cryptojacking.

Watch out for your PC or laptop fan running faster than before for no apparent reason. Overheating is a direct cause of cryptojacking software due to how intensive it is.

Your CPU will also be overused for performing complex mathematical equations in order to mine the cryptocurrency. So, it will have a higher usage, which will also impact performance.

There have been several known cases of cryptojacking like the Los Angeles Times’ Homicidal Reports case in 2018 or the CoinHive case in the same year.

Eventually, they’re found out by eagle-eyed security researchers or users. However, cryptojacking software is innately harder to find because it works in the shadow at all times.

Prevention Methods:

  • Use antivirus and antimalware software to protect against cryptojacking software being installed on your computer. Also, make sure you keep your antivirus updated at all times
  • Use ad blockers. Many cryptojacking scripts are embedded into online ads, so an ad blocker will eliminate that risk entirely
  • Disable JavaScript. Cryptojacking code runs on JavaScript, so disabling it will also make you somewhat immune to this attack. However, disabling JavaScript may also disable some other functions on your browser

Cryptojacking isn’t as dangerous as other forms of attack but it’s unpleasant nonetheless. In extreme cases, it can even damage your computer parts due to overheating.

Watering Hole Attack

Image showing a hacker using a laptop on a chair, in a red room

A watering hole attack works by infecting a well-known and reputable site in order to target its users.

This usually means installing infected HTML code into the site to redirect users to malicious websites, which will then install the malicious software on the users’ devices.

This attack is specifically devised to target professional individuals in the hope of gaining access to their corporate network.

By infecting an industry professional and gaining access to their device, the hackers may discover access credentials, information on the user’s corporate ties, and more.

Hackers use this attack to:

  • Steal personal information
  • Steal banking data
  • Gain unauthorized access to sensitive corporate information
  • Steal intellectual property

Watering hole attacks aren’t as well-known due to their specific nature. But there have been several infamous attacks (Forbes in 2015).

Prevention Methods:

  • Employee security awareness regarding internet browsing, the download of software, accessing infected or malicious websites, and more. Watering hole attacks rely on social engineering. So, if your employees are well-prepared, this attack vector has no attack patterns left
  • Employ advanced threat protection like behavioral analysis solutions and antimalware software
  • Keep your systems updated at all times. Install security patches as soon as they’re out, keep your operating systems up-to-date, and make sure you discover zero-day vulnerabilities early on
  • Assume all traffic is malicious if you’re an organization with sensitive information onboard. Until you validate the incoming traffic, assume that it may be malicious
  • Use Secure Web Gateways (SWGs). This security solution filters malicious software from ever reaching your employee’s internet connection and decreases overall attack surface.

As we’ve seen with previous cases of Watering Hole Attacks, the hackers either used backdoors to infiltrate known software or created fake versions of known known website features.

This all led to information theft and data breaches that were soon reported by users and discovered by the vendors.

DNS Tunneling

Image showing a digital tunnel

DNS Tunneling exploits the DNS protocol (queries and responses) to insert malware software into the DNS queries (requests sent to the server from the client).

The malware employed has a special function, and that is to create a constant communication channel between the hacker and the victim’s device. Most firewalls will not be able to detect this “tunnel”.

Here’s how DNS Tunneling happens:

  • The hacker registers a domain that links to the attacker’s server
  • The hacker’s server holds a malware program that’s already installed
  • The hacker infects a company computer with the malware at the DNS level
  • The company’s firewall allows DNS requests to go through, so the infected computer can send queries to the DNS resolver
  • The DNS resolver redirects the queries to the hacker’s server where the malware tunneling program is installed
  • There is now a connection between the victim’s computer and the hacker’s server through the DNS resolver, which is allowed by the company’s firewall

It’s a pretty complex process that often goes unnoticed until it’s too late. It’s not impossible to track down or prevent, though.

Prevention Methods:

  • Watch out for strange DNS query strings that might be hiding an attack. A web developer will best know how to notice these things
  • Use system behavior analytics to spot suspicious DNS activities. With this, you will know which domains have been accessed, the access methods, and the frequency
  • Watch out for the size, length, and type of inbound and outbound DNS queries. Again, a web developer will know what to look for that seem suspicious and out of character
  • Block domain-names based on their reputation and whether they’re known to be dangerous

It’s important to educate your security staff in the best practices for identifying threats and malicious activities. With DNS tunneling, it’s a matter of negligence that leads to the installation of malware on a company device, or a phishing attack gone wrong.

Business Email Compromise (BEC)

Image showing a hooded and masked hacker

Business Email Compromise relies fully on social engineering to convince a company employee to transfer funds into the attacker’s account.

This type of attack usually takes months to implement because research and planning are key. The hackers need to understand:

  • The victim’s position within the company
  • The company’s customers
  • The company’s executives
  • The company’s business partners
  • The company’s usual routine regarding financial transactions
  • Communication patterns and preferred communication channels

Because of this, Business Email Compromises attacks aren’t as common. However, they’re among the most catastrophic cyberattacks for a company to go through.

The financial losses, if the attack succeeds, could be in the millions of dollars. That’s something no company wants to go through.

Prevention Methods:

  • Don’t open emails from unknown entities. These emails may contain malicious attachments with malware inside. Train your employees to be very aware of this possibility
  • Don’t use free web-based email accounts. Instead, you should create a company domain name and then use that domain name for your email addresses
  • Use 2FA for all your email accounts. With this, a hacker will have a harder time breaching your company’s email account
  • Verify the sender’s email address. Make doubly sure that the sender’s email address is 100% correct. Many times, there’s just one character that’s different. Hackers rely on inattention and familiarity to deceive their victims. Don’t fall into the same trap
  • Triple-check before making any financial transaction. Train your employees to always confirm with the other party for any financial transfer. A phone call or a face-to-face meeting would be best. Assume that any email received might be compromised and inauthentic
  • Watch out for any change in business practices. Everyone has a habit, including your partners and vendors. If there’s any sudden and unexplainable breach of habit or protocol, suspect the worst. Perhaps a vendor suddenly wants a financial transaction when one wasn’t scheduled, or a business partner sends an email from their “personal email address”. These are all suspicious

Business email compromises are responsible for some of the biggest cyberattacks in recent years.

The Norfund heist in March 2020 is the most sophisticated and well-planned BEC attack in cybersecurity history, for instance.

Eavesdropping Attack

Image showing a hooded hacker using a computer in a digital room

Eavesdropping attacks are similar to Man-in-the-Middle attacks with one difference – the former are more passive rather than active.

Eavesdropping attacks allow for the monitorization of a victim through an unsecure network (Wi-Fi network). This is also known as “snooping” in hacker terms.

The hacker intercepts the data coming through the unsecured communication channel and is able to access it.

By comparison, man-in-the-middle attacks allow for a more active approach, where the hacker can install malware on the victim’s device or gain control of it.

Whereas eavesdropping attacks only allow for a passive infiltration of a user’s device. The hacker can only see the data passively.

Prevention Methods:

  • Employ a firewall that stops any malicious or suspicious connections from interacting with your phone
  • Use VPNs to defend against infected networks and protect your device while using public Wi-Fi networks
  • Adopt a zero-trust model where you demand authentication from all incoming communication and packets
  • Learn to identify phishing attempts. Whether it’s a malicious email, a spoofed DNS address that leads to an infected website, these are all phishing attempts. Learn to notice them before you become the victim of an eavesdropping attack or worse
  • Segment your network to limit the attack surface in case a cyberthreat does manage to avoid all your security methods

Eavesdropping attacks are very similar to MITM attacks in how they manifest. Adopt the same protection methods for both and you’ll limit the attach chance significantly.

Conclusion: Know Your Enemy

Cybercrime is at an all-time high not only because the technology is evolving but because the victims are taken by surprise.

They’re negligent with their data, oblivious about the risks, and inattentive about their actions online.

Even within companies, not all employees are trained the same. Some receive a superficial cybersecurity training. Others don’t receive it at all.

This lapse in cybersecurity awareness is the number one reason why cyberattacks are so common these days.

Knowledge is power, and this is true for preventing cyberattacks too. Know your enemy to know their tactics and how to defend against them!


Cybersecurity VenturesCybercrime to Cost the World $10.5 Trillion Annually By 2025
ITGovernanceList of Data Breaches and Cyber Attacks in 2023
Privacy Affairs Why Is Phishing so Common and How to Protect Against It?
Privacy AffairsThe State of Cyberbullying in 2023
Lepide15 Common Types of Cyber Attacks and Threats
Privacy AffairsCybersecurity Deep Dive: What Is the Principle of Least Privilege?
PrivacyAffairsThe Art of Cyber Deception: Social Engineering in Cybersecurity
DNI Gov. Spear Phishing and Common Cyber Attacks
Abnormal SecurityColonial Pipeline Attack: Phishing Email Likely the Culprit
Phoenix NapHow to Prevent DDoS Attacks: 7 Tried-and-Tested Methods
Privacy AffairsCybersecurity Deep Dive: Everything About DDoS Attacks
GetAstra – 45 Global DDOS Attack Statistics 2023
ProofPointWhat Is DNS Spoofing?
BeyondIdentityRainbow Table Attack
Cynet Zero-Day Attack Prevention
KasperskyWhat Is Cryptojacking and How Does It Work?
HubspotWhy Disabling JavaScript in Chrome Could Be the Best Thing You Do Today?
FortinetWatering Hole Attack
SecurityWeekChinese Attackers Hacked Forbes Website in Watering Hole Attack: Security Firms
PaloAltoNetworksWhat Is DNS Tunneling?
WestStarBankBEC Attacks: What They Are and How to Protect Yourself?
Privacy AffairsTop 20 Largest-Ever Cyberattacks in Europe

Leave a Comment