Why This Matters
Understanding cyber attacks isn't just about memorizing definitions—you're being tested on how these threats exploit specific vulnerabilities, whether technical weaknesses in systems or human psychology. The business impact of each attack type varies dramatically, and exam questions often ask you to identify which attack vector poses the greatest risk in a given scenario or which mitigation strategy applies to which threat category.
These attack types demonstrate core cybersecurity principles: the CIA triad (confidentiality, integrity, availability), defense-in-depth strategies, and the critical intersection of human behavior with technical security. Don't just memorize what each attack does—know why it works, what it targets, and how businesses defend against it.
Social Manipulation Attacks
These attacks exploit human psychology rather than technical vulnerabilities. The weakest link in any security system is often the person using it, which is why these attacks remain devastatingly effective despite advanced technical defenses.
Phishing
- Deceptive communications impersonating trusted sources—attackers craft emails, texts, or messages that appear legitimate to harvest credentials or deploy malware
- Targets authentication data including usernames, passwords, and financial information through fake login pages or urgent requests
- Primary entry point for 90%+ of breaches—understanding phishing is essential because it's the gateway attack that enables ransomware, data theft, and account compromise
Social Engineering
- Psychological manipulation techniques that bypass technical controls entirely—pretexting (fabricated scenarios), baiting (enticing offers), and tailgating (physical access tricks)
- Exploits trust, authority, and urgency—attackers pose as IT support, executives, or vendors to pressure victims into compliance
- Human-layer vulnerability requires security awareness training rather than technical patches, making it a persistent organizational risk
Compare: Phishing vs. Social Engineering—phishing is actually a subset of social engineering, but exams often distinguish them. Phishing specifically uses digital communications, while social engineering encompasses all manipulation tactics including phone calls and in-person deception. If an FRQ describes a phone-based attack, that's social engineering, not phishing.
Malicious Software Attacks
These attacks involve code designed to compromise systems. The delivery mechanism varies, but the goal is unauthorized access, disruption, or data theft through software that executes on victim systems.
Malware
- Umbrella term for malicious software—includes viruses (self-replicating, attach to files), worms (self-propagating across networks), trojans (disguised as legitimate software), and spyware (covert surveillance)
- Multiple infection vectors including email attachments, compromised websites, infected USB drives, and software vulnerabilities
- Business impact includes data loss, system damage, and operational downtime—remediation costs often exceed the direct damage
Ransomware
- Encrypts victim files and demands payment for the decryption key—modern variants also threaten to publish stolen data (double extortion)
- Spreads through phishing and exploit kits—often the payload delivered after initial compromise through other attack vectors
- Operational paralysis makes this the most financially devastating attack type; organizations without offline backups face impossible choices between paying criminals and losing data permanently
Zero-Day Exploits
- Attacks targeting unknown vulnerabilities—zero days refers to the vendor having zero days to patch before exploitation begins
- No existing defenses available because security tools can't detect threats they don't know exist; relies on behavioral detection rather than signature matching
- Premium value on black markets—nation-states and sophisticated criminal groups stockpile zero-days for high-value targets
Compare: Malware vs. Ransomware—ransomware is a type of malware with a specific monetization model. Standard malware might steal data silently; ransomware announces itself and demands payment. Exam questions may ask which poses greater business continuity risk (ransomware) versus data confidentiality risk (spyware).
Network and Infrastructure Attacks
These attacks target the technical infrastructure that enables business operations. Rather than compromising individual users, these attacks exploit weaknesses in how systems communicate and process data.
Distributed Denial of Service (DDoS)
- Overwhelms servers with traffic from multiple sources—botnets (networks of compromised devices) generate massive request volumes that exhaust system resources
- Targets availability rather than confidentiality—legitimate users cannot access services during the attack
- Often used as distraction or extortion—attackers may launch DDoS while executing data breaches elsewhere, or demand payment to stop the attack
Man-in-the-Middle (MitM)
- Attacker intercepts communications between two parties—both sides believe they're communicating directly while the attacker captures or modifies data in transit
- Exploits unsecured connections—public Wi-Fi, unencrypted protocols, and compromised network equipment create opportunities for interception
- Targets financial transactions and credentials—encryption (HTTPS, VPNs) and certificate validation are primary defenses
SQL Injection
- Malicious database queries inserted through application inputs—attackers exploit poor input validation to execute unauthorized commands on backend databases
- Compromises data integrity and confidentiality—attackers can view, modify, or delete records including customer data, financial information, and authentication credentials
- Regulatory and reputational consequences often exceed direct financial losses; proper input sanitization and parameterized queries prevent this attack entirely
Compare: DDoS vs. MitM—both are network-layer attacks, but they target different elements of the CIA triad. DDoS attacks availability (systems become unreachable), while MitM attacks confidentiality and integrity (data is intercepted or altered). An FRQ asking about protecting transaction data points to MitM; one about uptime points to DDoS.
Access and Authentication Attacks
These attacks focus on bypassing or compromising the mechanisms that verify user identity. Once authentication is defeated, attackers gain legitimate-appearing access that's difficult to detect.
Password Attacks
- Techniques to crack or guess credentials—brute force (trying all combinations), dictionary attacks (common passwords), and credential stuffing (reusing breached credentials across sites)
- Exploits weak password practices—short passwords, common words, and password reuse dramatically reduce attack difficulty
- Multi-factor authentication (MFA) is the primary defense—even compromised passwords become useless without the second factor
Insider Threats
- Security risks originating within the organization—includes malicious actors (disgruntled employees, corporate espionage) and negligent behavior (accidental data exposure, policy violations)
- Bypasses perimeter defenses entirely—insiders already have legitimate access, making detection dependent on behavioral monitoring and access controls
- Intellectual property and sensitive data are primary targets; the principle of least privilege limits potential damage by restricting access to only what's necessary for job functions
Compare: Password Attacks vs. Insider Threats—password attacks come from external actors trying to gain access, while insider threats involve people who already have legitimate access. Defense strategies differ dramatically: technical controls (MFA, password policies) for external attacks versus administrative controls (background checks, access reviews, monitoring) for insider threats.
Quick Reference Table
|
| Human-Layer Vulnerabilities | Phishing, Social Engineering, Insider Threats |
| Malicious Code | Malware, Ransomware, Zero-Day Exploits |
| Availability Attacks | DDoS |
| Confidentiality/Integrity Attacks | MitM, SQL Injection, Password Attacks |
| Requires Technical Patches | SQL Injection, Zero-Day Exploits, Malware |
| Requires User Training | Phishing, Social Engineering, Password Attacks |
| Financial Extortion Motive | Ransomware, DDoS |
| Data Theft Motive | SQL Injection, MitM, Insider Threats |
Self-Check Questions
-
Which two attack types both exploit human psychology rather than technical vulnerabilities, and what distinguishes them from each other?
-
A company discovers that customer credit card data was stolen through a web form on their e-commerce site. Which attack type most likely occurred, and what coding practice would have prevented it?
-
Compare and contrast DDoS and ransomware attacks in terms of which element of the CIA triad each primarily targets and how businesses can recover from each.
-
An organization implements multi-factor authentication across all systems. Which attack types does this effectively mitigate, and which remain largely unaffected?
-
If an FRQ describes a scenario where an attacker poses as an IT technician over the phone to obtain an employee's login credentials, which attack category applies—and why isn't this considered phishing?