What is a Cyberattack?
What is a Cyberattack?
10:08
What Makes Something a Cyberattack?
A cyberattack is any deliberate attempt to access, damage, disrupt, or steal from a computer system, network, or device without authorization. The attack surface is vast: your phone, your smart TV, your company's servers, a hospital's MRI machine, a power plant's control system — all are potential targets.
The Four Main Attack Categories
🦠 1. Malware Attacks
Malware (malicious software) is code designed to damage, disrupt, or gain unauthorized access to systems. It is the broadest category and encompasses viruses, worms, trojans, ransomware, spyware, and more. Malware typically enters through infected email attachments, malicious downloads, or compromised websites.
🎣 2. Social Engineering Attacks
Instead of breaking through technical defenses, social engineering exploits human psychology. The attacker manipulates people into revealing information or taking actions that compromise security. Phishing is the most common form — a fake email that tricks you into clicking a malicious link or entering your password on a fake website.
Social engineering is the attack vector behind over 80% of successful breaches. Technical defenses mean nothing if a human can be tricked into opening the door.
💥 3. Denial of Service (DoS / DDoS)
A Denial of Service attack overwhelms a target with so much traffic that it becomes unable to respond to legitimate requests. A Distributed DoS (DDoS) uses a botnet — thousands of compromised machines — to multiply the attack. The target doesn't get "hacked" in the traditional sense — it simply gets flooded until it collapses.
Normal traffic: ██████████ (40% capacity) DDoS attack: ████████████████████████ (850% — server crashes)
🕵️ 4. Man-in-the-Middle (MitM)
A MitM attack intercepts communication between two parties who believe they are talking directly to each other. The attacker can read, modify, and relay messages — often without either party noticing. Classic MitM scenarios include ARP poisoning on a local network and fake Wi-Fi hotspots in public places. Without proper encryption (HTTPS, TLS), MitM attacks are trivially easy on public Wi-Fi.
Advanced Attack Types
Zero-Day Exploits
A zero-day is a vulnerability in software that is unknown to the vendor — meaning there is zero days of warning, zero days to patch it. These are the most dangerous attacks because no defense exists at the time of exploitation. They are often kept secret, sold on black markets, or used by nation-states for espionage.
Supply Chain Attacks
Instead of attacking a target directly, attackers compromise a software vendor or hardware supplier used by the target. The infamous SolarWinds attack (2020) injected malicious code into a software update used by 18,000 organizations, including US government agencies. It went undetected for months.
Cyberattacks are not a single thing — they are a spectrum. From an automated virus to a sophisticated nation-state operation. Understanding the category of an attack tells you immediately what motivated it, how it works, and what defenses apply. This vocabulary is the common language of every security professional.