Common Cybersecurity Attacks

Non-exhaustive list of common Cybersecurity Attacks:

List of Common Cybersecurity Attacks

Non-exhaustive list of common cybersecurity attacks:

  1. Brute-force Attack
  2. Cross-Site Request Forgery (XSRF)
  3. Cross-Site Scripting (XSS)
  4. Denial of Service (DoS)
  5. Man-in-the-middle (MITM)
  6. Rogue access point
  7. Session hijacking
  8. Spoofing of data packets
  9. SQL Injection
  10. Pharming
  11. Pass the Hash
  12. Pass the Key

Brute-force Attack

A brute-force attack (a.k.a. brute force cracking) is the cyberattack equivalent of trying every key on your key ring, and eventually finding the right one.

External link

Cross-Site Request Forgery (XSRF)

XSRF is a type of web site attack in which unauthorized commands are transmitted from a trusted user.

XSRF exploits inadequate authentication mechanisms in web applications that rely only on elements such as cookies when performing a transaction.

It is mentioned on CISM Review QA&E Manual 9th Edition, question S3-200.

Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

External link

Denial of Service (DoS)

Denial of Service (DoS) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.

Packet filtering techniques are the only ones which reduce network congestion caused by a network denial-of-service attack.


It is sometimes abbreviated with the acronym MITM attack.

Rogue access point

A rogue access point masquerades as a legitimate access point. The risk is that legitimate users may connect through this access point and have their traffic monitored.

It is a significant risk when using wireless local area network technology.

SQL Injection

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution

External link


Pharming is a cyberattack intended to redirect a website’s traffic to another, fake site by installing a malicious program on the computer. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software.

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *