Anatomy of a Breach: A Review of the Most Common Cyber-Attacks

Anatomy of a Breach: A Review of the Most Common Cyber-Attacks on

Think your company is immune from cyber-attacks? Think again.

Today’s business owners and executives don’t just have to be looking out for what their competitors are doing, they also have to ensure they’re protected from the flood of cyber-attacks that are unfolding on a regular basis. A recent survey of tech executives in the automotive, retail, banking, and technology industries by KPMG found that 81% of those polled had experienced some type of cyber-attack. With these stark statistics, it’s critical that organizations understand the different types of attacks as well as how to prevent or respond to them.

Common types of cyber attacks

Below are some of the most common ways that cyber criminals attempt to gain access to valuable company data.


Phishing attacks typically start with an email that looks like it’s coming from a reputable third party. Once a user clicks on a link within the spoofed email, they’re taken to a website that looks legitimate and asks for personal information. These emails and websites have become much more sophisticated in recent years, making it difficult for the average computer user to spot that anything is awry.

In the past, such an attack was somewhat easy to spot; they wouldn’t use the secure site certificates (HTTPS://) that the legitimate site used. Even more obvious was the lack of any spellchecking of the email text and/or unprofessional or “abnormal” grammar and colloquialisms. Many of today’s phishing attacks look, feel, and behave legitimately, however.

How can it be prevented?

If you receive requests for personal information through email, it’s always best to contact the institution or individual by phone to ensure the request is legitimate. If the email lists a phone number, don’t call it; instead, look online or find documentation to ensure the number you’re calling is legitimate.


Malware is a term that is used to encompass a large number of viruses, Trojans, and worms that have an intent to steal or destroy data on any type of computer device. Today’s protections are known as anti-malware (not anti-virus) to more accurately reflect the threat landscape. Malware infections are often distributed via software downloads, email attachments, or by exploiting operating system vulnerabilities.

How can it be prevented?

The easiest way to prevent malware infections is to avoid opening attachments or clicking on links in emails from unknown parties. Organizations can implement a variety of software and hardware tools that can help to prevent some of these threats from ever making their way into your inbox.

It’s also critical that you have procedures in place to consistently install the latest security updates, regardless of your operating system. This vastly decreases the likelihood that a cyber-attack will be able to exploit any vulnerabilities.

Password attacks

A password attack is, quite simply, the act of a third party gaining access to your system by cracking or guessing a user’s password. Attackers will use a variety of methods to crack a user’s password including brute force attacks that employ software to guess passwords based on various word, number, and symbol combinations. Brute force attacks can try thousands of password variations a minute.

How can it be prevented?

The primary way to protect against the use of password attacks is by selecting strong passwords and changing them on a regular basis. Also, try not to use words that can be found in a common dictionary. Finally, ensure your password includes a combination of letters, numbers, and special characters.

The best passwords are actually easy to remember pass phrases. For example, [email protected] is much easier to crack than a simple, easy-to-remember phrase like CyberGuard360 Protects Us! The former can be cracked quickly by a brute force attack while the latter is nearly impossible.

Man in the Middle attacks

A man in the middle attack is the process of impersonating the endpoints of an information exchange, such as the connection between your computer and a website, allowing the ‘man in the middle’ to gain access to information from the end user.

These types of attacks are often used by cyber criminals impersonating financial institutions or government entities to gain access to bank information, such as bank account numbers and other personal data.

How can it be prevented?

The best way to protect against man in the middle attacks is to always connect to secure networks, especially when you’re connecting wirelessly, as well as by ensuring you’re always communicating via an HTTPS connection, or, if possible, a virtual private network (VPN).

Denial of Service attacks (DoS)

The primary goal of a denial of service (DoS) attack is to disrupt the traffic on a network. Typically, cyber attackers will send massive amounts of traffic through a network until it can no longer keep up with the volume. Attackers will often use multiple computers to send traffic to a network, thus overloading it. This is referred to as a distributed denial of service (DDoS) attack.

How can it be prevented?

The best way to prevent against DoS attacks is to ensure your entire network is as secure as possible by installing the latest software updates, as well as by utilizing the latest security software and hardware to spot and respond to any issues before they overwhelm a network. In addition, don’t expose your network by broadcasting its existence; responding to “pings” tells a hacker your network is there and then they launch their attacks.

Unsure of whether your organization is properly protected against cyber-attacks?

We hope this guide has helped you understand the most common cyber-attacks. If you’re unsure of whether you have adequate security policies in place to protect yourself and your organization from any of these threats, reach out to the CyberGuard360 team today for a free security assessment. We can be reached at 844-315-9882 or through our online contact form.