Hackers are always looking for ways to break through the security systems that defend your devices and data from criminals. From web browsers to operating systems to chat apps, any piece of software is a potential target. It’s a constant game of cat and mouse, with developers releasing patches whenever security researchers discover a new exploit.
At Proton, our security team is constantly monitoring for new types of cyberattacks. Most attacks fall into one of a few categories, and if you know what to expect, you can take the right steps to prevent them.
Below we’ll explain some of the most common attacks targeting individuals and businesses, followed by a few simple tips to keep your identity, financial accounts, and data safe.
Types of attacks:
Over 500 million phishing attempts were reported in 2022, making it one of the most common types of cyberattack. In a phishing attack, hackers try to get you to divulge sensitive information, such as your credit card details or username and password. It involves some form of deception. For example, they might send you an email designed to look like it’s from a familiar company, asking you to click a link to log in to your account. But the link will take you to a website the hackers control, built for the sole purpose of collecting login credentials.
Phishing attacks can also be used to deliver other attacks, like malware, and they can arrive anywhere: email, SMS, social media accounts, or even through a phone call. The attackers often try to capitalize on a sense of urgency to get you to click a link or download an attachment without thinking too much about it. Sometimes, just clicking or tapping a link or downloading a file is enough to install malware on your device.
Historically, phishing attacks have been fairly easy to spot because they contain low-quality email designs or grammatical errors. Recently, however, we’ve noticed an uptick in the quality of the deception.
- You can see three examples of high-quality phishing attacks in our recent blog post.
- There are several types of phishing attacks, such as spear phishing and whaling. Learn how to spot phishing and prevent it.
Malware — malicious software — is a broad category that includes perhaps dozens of specific kinds of attacks. If the goal of most software is to help you, what defines malware is that it is designed to harm you, your device, or your network.
Different kinds of malware have different purposes, such as stealing sensitive information, holding data hostage, or causing damage to infrastructure. Hackers spread malware by various attack vectors, ranging from phishing attacks to drive-by downloads, in which you accidentally install the malware on your device simply by visiting a malicious website.
- We published a comprehensive guide to malware that explains the most common types of malware and attack vectors.
Spoofing attacks trick people by disguising an email address, website, or other form of identification as a trusted source to get what they want. They might use this deception to steal information, break into your network, or get you to download malware. Hackers often use spoofing to conduct other cyberattacks, such as phishing or man-in-the-middle.
SMTP doesn’t have any authentication mechanism, which predictably made spoofing a common attack in the past. In response, email providers developed the SPF, DKIM, and DMARC authentication methods that allow them to mark spoofing attempts as spam or block them from reaching you. Unfortunately, not all email services have configured or deployed SPF, DKIM, and DMARC.
Domain name spoofing tries to trick you into thinking you’re on a familiar website to distribute malware or to get you to divulge information.
- Email providers such as Proton Mail prevent your email address from being spoofed. We have a support article explaining how to set up anti-spoofing for custom domains. Our articles on SPF, DKIM, and DMARC explain each of these countermeasures.
- Proton Mail also helps prevent phishing by displaying a “domain authentication failure” alert if an email appears to be from a spoofed sender.
4. Insider threats
For a business, the people in your organization or contractors with access to your systems are a serious risk to your security. They already have two things hackers try to take by force or deception: your trust and access to your computer systems.
Just like other hackers, insiders might attack you for financial gain, data theft, espionage, or to introduce malware on behalf of someone else. Many well-known examples of insider threats involve corporate espionage, like the Uber executive who stole trade secrets from his previous employer, Google. Others involve data breaches, and some are even committed by accident, such as the Microsoft employee who posted internal login credentials on GitHub.
- If you’re concerned about cybersecurity at your organization, we published a cybersecurity guide for small businesses that includes strategies to mitigate insider threats.
5. Social engineering
Social engineering is a scientific-sounding name for tricking people into doing what you want for the purpose of exposing data or gaining access to systems. In a social engineering attack, a hacker may pretend to be an IT worker asking for personal details to “confirm your account” or someone passing out free USB drives infected with malware.
Social engineering tactics are designed to exploit weaknesses of human psychology, so they prey on emotions that cloud judgment, such as fear or curiosity. These attacks have been implicated in some of the most high-profile hacks. For example, in 2020, hackers used social engineering to take over prominent Twitter accounts to promote a Bitcoin scam.
6. Man-in-the-middle attacks
As the name suggests, hackers use man-in-the-middle (MITM) attacks to position themselves between parties communicating online to eavesdrop on the exchange or alter the parties’ experience. The attacker might do this to steal sensitive information, trick the victim into taking some action, or censor content. Censorship can be done on an individual basis, such as a single hacker going after a specific victim, or on a mass scale, as in the case of authoritarian governments that redirect their citizens’ internet traffic.
Thanks to TLS, MITM attacks tend to be difficult to execute. Typically, the hacker has to successfully forge a public key certificate. At Proton, we mitigate the risk of MITM attacks through several methods, including Address Verification, which lets you pin trusted keys to your contacts.
They’re also a favorite of some regimes that try to spy on their citizens or restrict their access to information. Kazakhstan, for example, tried to MITM all the encrypted internet traffic in the entire country. And China uses MITM attacks against its citizens for censorship as part of its Great Firewall.
- TLS certificates are a critical part of stopping MITM attacks. We explain how they work in depth.
7. Code-injection attacks
Hackers use code-injection attacks to insert new lines of code into computer systems that are poorly secured, causing them to execute malicious programs with sometimes disastrous consequences.
In 2012, Yahoo! lost hundreds of thousands of user credentials because hackers injected malicious code into the company’s database through search boxes and other forms on their websites.
More recently, injection attacks have taken a new turn with large language models. Security researchers have been feeding them faulty data to show how easy it is to train the models in directions their developers didn’t intend.
- Wired published a comprehensive explainer on SQL injection attacks, referring to the databases that websites often use to store sensitive information.
8. Distributed denial of service
A distributed denial of service (DDoS) attack is a kind of cyberattack that mainly targets businesses’ websites and networks. Hackers use multiple compromised computers to bombard a company’s servers with requests, effectively shutting down operations.
Attackers typically use DDoS attacks to extort money from their victims, demanding payment to stop the attack. But sometimes amateur hackers will use DDoS as a form of activism or simply for bragging rights.
DDoS attacks aren’t a major concern for individuals except to the extent they disrupt your ability to use a service you need. You should investigate a company’s service reliability and uptime guarantees if you’re concerned about downtime. Companies that have dealt with DDoS attacks in the past typically invest significantly in infrastructure to prevent them from happening again.
- There have been a few famous DDoS attacks, including the largest on record that hit GitHub in 2018.
How to mitigate cybersecurity attacks
Mitigating cyberattacks often comes down to choosing security-focused web services and properly securing your accounts. Here are the most important things you can do to stay safe:
- Use strong passwords — Your login credentials are the first line of defense for your online accounts. Always use unique, long, and complex passwords. You can generate and store strong passwords with the help of a password manager.
- Use two-factor authentication (2FA) — If hackers obtain your password, your next line of defense is 2FA. Many online services allow you to enable 2FA so that you have to enter a second piece of information, usually a temporary passcode from an authenticator app on your smartphone.
- Keep your software up to date — cyberattacks often exploit weaknesses in the software you use. Whenever developers find out about such weaknesses, they build a fix and release a software update. Always promptly install updates to your devices and apps.
- Be alert for phishing attacks — Phishing and other types of deception are becoming harder to spot as hackers get more sophisticated. Never click links or download attachments in emails or text messages you weren’t expecting.
- Use security-focused services — It’s easier to steal data from systems that don’t use strong encryption and take aggressive prevention measures. At Proton, we develop products with a security-first mindset, meaning we protect as much of your data as possible with end-to-end encryption. Whether it’s your email, calendar events, passwords, files, or your internet connection, Proton never has access to the contents of your data because it’s encrypted on your device before being sent to our servers. Learn more about Proton security.