Attack Type↕ | Category↕ | Severity↕ | Notable Example↕ | Primary Prevention↕ |
|---|---|---|---|---|
Phishing | Social Engineering | High | 2016 DNC email hack via spear-phishing | Security awareness training, email filtering |
Ransomware | Malware | Critical | WannaCry (2017) — 200,000+ systems in 150 countries | Regular backups, patch management, endpoint protection |
SQL Injection | Web Application | Critical | Heartland Payment Systems breach (2008) | Parameterized queries, input validation, WAF |
Cross-Site Scripting (XSS) | Web Application | High | Samy worm on MySpace (2005) | Output encoding, Content Security Policy |
Distributed Denial of Service (DDoS) | Network | High | Dyn DNS attack (2016) — took down Twitter, Netflix | DDoS mitigation services, rate limiting, CDN |
Man-in-the-Middle | Network | High | Superfish adware on Lenovo laptops (2015) | TLS/SSL encryption, certificate pinning |
Zero-Day Exploit | Vulnerability Exploit | Critical | Stuxnet (2010) — targeted Iranian nuclear centrifuges | Threat intelligence, defense in depth, rapid patching |
Credential Stuffing | Authentication | High | Spotify credential stuffing (2020) — 350K accounts | Multi-factor authentication, password managers |
Supply Chain Attack | Software Supply Chain | Critical | SolarWinds Orion hack (2020) — 18,000 organizations | Vendor auditing, SBOM, code signing verification |
Brute Force | Authentication | Medium | iCloud celebrity photo leak (2014) | Account lockout policies, CAPTCHA, rate limiting |
DNS Spoofing | Network | Medium | Brazilian bank DNS hijack (2017) | DNSSEC, DNS monitoring, secure resolvers |
Buffer Overflow | Memory Exploitation | Critical | Code Red worm (2001) — exploited IIS buffer overflow | Memory-safe languages, ASLR, stack canaries |
Insider Threat | Human | High | Edward Snowden NSA leak (2013) | Principle of least privilege, DLP, behavioral analytics |
Cryptojacking | Malware | Medium | Coinhive script on 4,000+ government websites (2018) | Ad blockers, endpoint monitoring, browser extensions |
API Abuse | Web Application | High | Facebook API data scraping — Cambridge Analytica (2018) | API rate limiting, OAuth scopes, input validation |
Watering Hole | Social Engineering | High | US Department of Labor website compromise (2013) | Browser isolation, web content filtering, patching |
Session Hijacking | Web Application | High | Firesheep tool for WiFi session stealing (2010) | HTTPS everywhere, secure cookie flags, session rotation |
Rootkit | Malware | Critical | Sony BMG rootkit on music CDs (2005) | Secure boot, integrity monitoring, EDR solutions |
Typosquatting | Social Engineering | Medium | Fake Python packages on PyPI (2017) | Package verification, dependency scanning, awareness |
Side-Channel Attack | Hardware | High | Spectre and Meltdown CPU vulnerabilities (2018) | Microcode patches, kernel isolation, hardware mitigations |
Cross-Site Request Forgery (CSRF) | Web Application | Medium | Netflix CSRF vulnerability (2006) | CSRF tokens, SameSite cookies, origin checking |
Keylogger | Malware | High | Zeus banking trojan (2007) — stole millions in credentials | Anti-malware, virtual keyboards, behavioral detection |
ARP Spoofing | Network | Medium | Common in public WiFi attacks | Dynamic ARP Inspection, VPN, network segmentation |
Privilege Escalation | Vulnerability Exploit | Critical | Dirty COW Linux kernel vulnerability (2016) | Principle of least privilege, kernel patching, containerization |
Business Email Compromise | Social Engineering | Critical | Ubiquiti Networks — $46.7M BEC fraud (2015) | Email authentication (DMARC/DKIM), verification procedures |
Free to explore · No signup needed
Frequently asked questions
How is the Cybersecurity Attack Types list ranked?
The Cybersecurity Attack Types list is ranked by community votes. Every visitor can pick one option over another in head-to-head matchups, and the running totals determine the order you see. No editors or algorithms — just real people voting.
How many entries are in this Cybersecurity Attack Types dataset?
This dataset contains 25 entries, each with multiple sortable, filterable columns. The full table is visible on this page and can be downloaded as a CSV, JSON, or Excel file.
Can I download the Cybersecurity Attack Types data?
Yes. The download buttons at the top of the page give you the full 25-row dataset as CSV, JSON, or Excel. Use of the data is permitted under a Creative Commons Attribution license — credit dtbse.com when you republish.
Related Datasets
More in Technology
Online Course & Learning Platforms
Online Course & Learning Platforms
Types of Insulation Material for Buildings
Fiberglass batts, spray foam, cellulose, mineral wool, aerogel — which insulation material traps heat best while being safest to install?
Streaming & Recording Software
Streaming & Recording Software
Linux Distributions
Linux distributions and their derivatives.
Messaging Apps
WhatsApp, iMessage, Telegram, Signal — which messaging app is the best way to chat?
Databases
Popular database management systems spanning relational, document, key-value, graph, and time-series types.
Productivity & Note-Taking Apps
Notion, Obsidian, Todoist, Linear — the tools knowledge workers obsess over instead of doing actual work.
Website Builders & CMS
Website Builders & CMS
Types of Heating System for Buildings
Radiant floor heating, forced air, heat pumps, steam radiators, geothermal — which heating system keeps you warmest while burning the least energy?
Social Media Platforms Ranked
Instagram, TikTok, X, Reddit, YouTube — which social platform actually deserves your screen time?
Programming Paradigms
Major programming paradigms that have shaped software development, including their core philosophies, key example languages, and historical origins.
Programming Languages
Popular programming languages with their creation year, paradigm, typing system, and common use cases.