Redsauce's Software QA Blog

Types of cyber-attacks: Usual suspects

Posted by Héctor Sisternas

{1570}

With the evolution of the digital world, barriers between countries and continents have gradually fallen. Although this generally has allowed us to progress more rapidly, it has also led to an exponential increase in scammers and cybercriminals.


The Hollywood vision of a cyberattack often involves a hooded figure sneaking into company servers, dodging laser beams, and bypassing guards to insert a tiny USB that breaks through all defenses. But reality isn't as "cool" and is much more obscure. One day, without knowing how or why, our data is compromised, we lose access to our computer, or our system crashes.


That's the moment we throw our hands up in frustration and ask, "What the heck happened?" To address these questions, and after sharing some cybersecurity tips tips, today I’ll tell you about different types of cyberattacks, so you can stay vigilant in front of the screens.

What is a Cyberattack?

First things first, a cyberattack is an offensive action that aims to damage, disrupt, or steal data from computer systems. Attackers exploit security vulnerabilities (in networks or devices) to infiltrate them.


A cyberattack can mean not just financial loss, but also a loss of confidence and reputation for the company. Not only are its data compromised, but also those of employees, customers, or suppliers.

Knowing and understanding types of cyberattacks will help you protect yourself from cybersecurity threats out there:

1. Phishing

Imagine the internet is a giant river, and each of us is a little fish. As we swim peacefully, we suddenly see something delicious and tempting that catches our eye: an inheritance looking for an heir, a lottery ticket, a lost package... all sorts of tricks to lure us into bait that dangles from the cybercriminals' fishing lines.


Phishing is one of the most common types of cyberattacks. It involves tricking victims through fake emails or messages that look legitimate, making them believe they come from a trusted source, like a bank or social network.


The goal is to get you to share sensitive information, like passwords or credit card details.

Tips to avoid phishing

  • Always check the sender's email address.

  • Do not open emails or messages from unknown senders.

  • If you click on a link, check the URL carefully. (Even a single different character is a trap).

  • Verify the information with the official source (visit the real website).

  • Browse the website without sharing any information. If the external links don’t work (logos, menus, footer...), it’s likely a trap.

  • Don’t share personal information via email.

  • Analyze the spelling. These messages are often full of errors because the attacker may not be a native speaker. They also won’t address you by name.

2. Malware

This encompasses different types of malicious software designed to infiltrate systems and cause harm. Viruses, worms, trojans, and spyware each have unique ways to mess up your computer (and your day). Malware can steal information, control your device, or damage important files.

How to avoid malware

  • Install and keep a good antivirus updated.

  • Avoid suspicious websites. Always check the URLs!

  • Do not download attachments from dubious sources.

3. Ransomware

Maybe you're trying to explain a program to someone. So you download a screen recorder to make a tutorial... The next day, you get a message saying you need to send a Bitcoin to access your computer.


My friend, you've been hit by ransomware.


Ransomware is a type of malware (malicious software) that encrypts the victim’s files and demands a ransom to unlock them. This type of attack is especially devastating for business cybersecurity, which could lose access to critical data.

How to avoid ransomware

  • Back up your data.

  • Keep your operating system and programs updated.

  • Do not download files or programs from untrusted sources.

4. Denial of Service (DDoS) Attacks

Imagine it’s Halloween, and you have a bowl full of candy. A little kid dressed as Darth Vader rings your doorbell and asks:

  • Hello, do you have candy?

Touched by his great taste in movies, you reply:

  • Of course, take some.

Now imagine it’s not just one kid, but an entire school arriving at the door all at once. A legion of stormtroopers endlessly ringing the doorbell: DING DONG, DING DONG, DING DONG... Eventually, you’d hide in a corner hoping they’d go to the next house, with that sound echoing in your worst nightmares.


Well, a DDoS attack is something like that. Denial of Service attacks, or DDoS, aim to make a website or service inaccessible by overwhelming it with massive traffic from different sources. This can make a company's online services crash and become inaccessible for legitimate users, affecting its operation and reputation.

How to mitigate a DDoS attack:

  • Perform performance testing to ensure a good experience.

  • Hire DDoS protection services.

  • Limit the number of requests to the server.

  • Use content distribution networks (CDN) to mitigate the impact.

5. Social Engineering Attacks

The best example of a social engineering attack is in the movie "Now You See Me." In one scene, they teleport an audience member to his bank to rob it.

The relevant part is when they explain the trick and talk about all the information collected on this seemingly random person, from rummaging through their emails to casual conversations gathering bits of info. Subtle strategies that wouldn’t catch anyone’s attention, but when targeted, can reveal a lot.


Social engineering relies on psychological manipulation to trick people into revealing confidential information or performing specific actions. Social engineering attacks can include phone calls, emails, or even social media interactions. Attackers earn the victim’s trust and manipulate them to obtain sensitive data.

How to avoid being a victim of social engineering:

  • Be skeptical of requests for personal information.

  • Do not share passwords or sensitive information over the phone or email.

  • Train your team on social engineering tactics.

6. SIM Swapping

Imagine you wake up, and suddenly, your phone has no signal. You think it might be a network issue, but when your partner says you’re “online” on WhatsApp, you realize someone else is using your number. You've been SIM-swapped, and someone is using your number to send messages, make calls, and access your bank accounts.


SIM swapping is an attack where criminals convince your carrier to transfer your number to a new SIM card in their possession. With this, they gain access to all the information linked to your number. Think about it—how many verification messages do you receive? From where? The bank, email, social networks... So, while you’re trying to figure out why your phone doesn’t work, they hold the keys to your digital life.

How to prevent SIM swapping:

  • Avoid sharing too much personal information on social media, especially birthdates or significant locations.

  • Enable two-factor authentication (but use an email or authenticator app instead of SMS whenever possible).

  • Set up an additional password with your carrier so changes cannot be made without confirmation.

  • Report any suspicious service interruptions with your carrier immediately.

7. Man-in-the-Middle (MITM) Attacks

If you’ve ever played telephone (where a message is passed from person to person), you know that the initial message rarely ends up the same at the end.


A MITM attack is like that, except that one of your friends intercepts and uses the information in the message for their own benefit.


It happens when an attacker intercepts communication between two parties to spy on or modify transmitted information. This often occurs on public Wi-Fi networks, where attackers can capture sensitive data like passwords and credit card numbers.

Protect yourself from a MITM attack:

  • Avoid connecting to unprotected public Wi-Fi networks.

  • If you must use public Wi-Fi, use a virtual private network (VPN).

  • Ensure the websites you visit use HTTPS.

And there you have it! Now that you understand how each of these cyberattacks works, you’re one step closer to protecting yourself in a digital world full of traps. Cybersecurity is like having a lock on your front door; it doesn’t stop all thieves, but it makes them think twice.


So, next time you see a suspicious link, an open Wi-Fi network, or receive an email from a supposed Nigerian prince offering you a fortune, remember that not all that glitters is gold. Keep your devices and data safe, stay curious but cautious, and remember that online, caution is never too much.


Happy and safe browsing!

Tags

Cybersecurity
Development
QA

About us

You have reached the blog of Redsauce, a team of experts in QA and software development. Here we will talk about agile testing, automation, programming, cybersecurity… Welcome!