18 Types of Cyber Attacks Explained with Real-World Examples
30 September
In today’s hyper-connected world, cyber attacks are more than just IT issues — they’re real-world threats to businesses, governments, and individuals. From stolen bank details to national infrastructure breaches, cybercrime is constantly evolving. Understanding the different types of cyber attacks is the first step to protecting yourself and your organisation.
In this post, we’ll break down 18 major types of cyber attacks, complete with real-world examples to show just how serious — and creative — today’s cybercriminals can be.
1. Phishing
What it is: Fraudulent emails or messages tricking users into revealing sensitive information.
Real-world example:
In 2020, fraudsters posed as HMRC during the COVID-19 pandemic, sending phishing texts about “tax rebates” to exploit public confusion.
2. Spear Phishing
What it is: A targeted form of phishing aimed at specific individuals or organisations.
Real-world example:
In 2016, hackers spear-phished a Democratic National Committee (DNC) staffer, gaining access to emails that affected the US election narrative.
3. Whaling
What it is: Phishing attacks targeting high-level executives or “big fish”.
Real-world example:
In 2016, the CEO of a large Austrian aerospace firm fell for a whaling scam that led to a €50 million loss after fake invoices were paid.
4. Ransomware
What it is: Malware that locks systems or files until a ransom is paid.
Real-world example:
The NHS WannaCry attack in 2017 crippled hospital systems across the UK. It affected 200,000 computers in over 150 countries.
5. Malware
What it is: Malicious software designed to damage, disrupt or gain unauthorised access.
Real-world example:
In 2021, malware called Emotet was taken down by Europol after being used for years to install banking trojans and ransomware across Europe.
6. Spyware
What it is: Software that secretly monitors user activity.
Real-world example:
Pegasus spyware, developed by NSO Group, was used to surveil journalists and activists globally — including UK-based targets.
7. Adware
What it is: Automatically displays unwanted adverts, often slowing down devices or exposing users to more malware.
Real-world example:
Users downloading “free” software bundles often unknowingly install adware like Fireball, which affected 250 million computers globally.
8. Denial-of-Service (DoS) Attack
What it is: Overwhelms a system to make it unavailable.
Real-world example:
The BBC’s website was taken down by a massive DoS attack in 2015 — one of the largest of its kind at the time.
9. Distributed Denial-of-Service (DDoS) Attack
What it is: A DoS attack launched from multiple sources.
Real-world example:
The Mirai botnet in 2016 brought down Twitter, Spotify, and major news sites via compromised IoT devices.
10. Man-in-the-Middle (MitM) Attack
What it is: Cybercriminal intercepts communication between two parties.
Real-world example:
Attackers exploited public Wi-Fi in London cafes, intercepting users’ online banking sessions — a common MitM technique.
11. SQL Injection
What it is: Exploits vulnerable SQL code in web applications to access databases.
Real-world example:
In 2018, British Airways suffered a breach that exposed 500,000 customer records via a web vulnerability — a potential SQL injection vector.
12. Zero-Day Exploit
What it is: Attacks exploiting software vulnerabilities before a patch is available.
Real-world example:
The MOVEit Transfer zero-day in 2023 was used to steal data from numerous UK firms, including payroll providers.
13. Credential Stuffing
What it is: Using stolen usernames and passwords to gain unauthorised access.
Real-world example:
In 2020, over 500,000 Zoom accounts were compromised using credential stuffing from old data breaches.
14. Brute Force Attack
What it is: Repeated attempts to guess a password.
Real-world example:
UK businesses face tens of thousands of brute-force login attempts daily, often targeting Microsoft 365 accounts.
15. Drive-by Download
What it is: Malware is automatically downloaded when visiting a compromised website.
Real-world example:
Cybercriminals planted malware on a popular UK newspaper’s website, which infected users just by visiting the homepage.
16. Cross-Site Scripting (XSS)
What it is: Attackers inject malicious scripts into trusted websites.
Real-world example:
eBay was found vulnerable to XSS in 2014, allowing attackers to redirect users to phishing pages from listings.
17. Business Email Compromise (BEC)
What it is: Hackers impersonate business contacts to trick employees into transferring funds or data.
Real-world example:
In 2019, a UK energy firm lost £200,000 after an employee was tricked into wiring money to a scammer posing as the CFO.
18. Social Engineering
What it is: Manipulating people into breaking normal security procedures.
Real-world example:
In 2022, a cybercriminal posed as an IT support agent at a London-based fintech company and tricked a staff member into handing over login credentials.
Final Thoughts
Cyber threats are becoming more sophisticated and harder to detect. Whether you’re an individual, a small business owner, or a CISO at a multinational firm, staying informed is non-negotiable.
Pro Tip:
Always keep software updated, use strong, unique passwords, and train staff on cybersecurity basics. Prevention is much cheaper than recovery.