Attack Type↕ | Category↕ | Severity↕ | Notable Example↕ | Primary Prevention↕ |
|---|---|---|---|---|
Phishing | Social Engineering | High | 2016 DNC email hack via spear-phishing | Security awareness training, email filtering |
Ransomware | Malware | Critical | WannaCry (2017) — 200,000+ systems in 150 countries | Regular backups, patch management, endpoint protection |
SQL Injection | Web Application | Critical | Heartland Payment Systems breach (2008) | Parameterized queries, input validation, WAF |
Cross-Site Scripting (XSS) | Web Application | High | Samy worm on MySpace (2005) | Output encoding, Content Security Policy |
Distributed Denial of Service (DDoS) | Network | High | Dyn DNS attack (2016) — took down Twitter, Netflix | DDoS mitigation services, rate limiting, CDN |
Man-in-the-Middle | Network | High | Superfish adware on Lenovo laptops (2015) | TLS/SSL encryption, certificate pinning |
Zero-Day Exploit | Vulnerability Exploit | Critical | Stuxnet (2010) — targeted Iranian nuclear centrifuges | Threat intelligence, defense in depth, rapid patching |
Credential Stuffing | Authentication | High | Spotify credential stuffing (2020) — 350K accounts | Multi-factor authentication, password managers |
Supply Chain Attack | Software Supply Chain | Critical | SolarWinds Orion hack (2020) — 18,000 organizations | Vendor auditing, SBOM, code signing verification |
Brute Force | Authentication | Medium | iCloud celebrity photo leak (2014) | Account lockout policies, CAPTCHA, rate limiting |
DNS Spoofing | Network | Medium | Brazilian bank DNS hijack (2017) | DNSSEC, DNS monitoring, secure resolvers |
Buffer Overflow | Memory Exploitation | Critical | Code Red worm (2001) — exploited IIS buffer overflow | Memory-safe languages, ASLR, stack canaries |
Insider Threat | Human | High | Edward Snowden NSA leak (2013) | Principle of least privilege, DLP, behavioral analytics |
Cryptojacking | Malware | Medium | Coinhive script on 4,000+ government websites (2018) | Ad blockers, endpoint monitoring, browser extensions |
API Abuse | Web Application | High | Facebook API data scraping — Cambridge Analytica (2018) | API rate limiting, OAuth scopes, input validation |
Watering Hole | Social Engineering | High | US Department of Labor website compromise (2013) | Browser isolation, web content filtering, patching |
Session Hijacking | Web Application | High | Firesheep tool for WiFi session stealing (2010) | HTTPS everywhere, secure cookie flags, session rotation |
Rootkit | Malware | Critical | Sony BMG rootkit on music CDs (2005) | Secure boot, integrity monitoring, EDR solutions |
Typosquatting | Social Engineering | Medium | Fake Python packages on PyPI (2017) | Package verification, dependency scanning, awareness |
Side-Channel Attack | Hardware | High | Spectre and Meltdown CPU vulnerabilities (2018) | Microcode patches, kernel isolation, hardware mitigations |
Cross-Site Request Forgery (CSRF) | Web Application | Medium | Netflix CSRF vulnerability (2006) | CSRF tokens, SameSite cookies, origin checking |
Keylogger | Malware | High | Zeus banking trojan (2007) — stole millions in credentials | Anti-malware, virtual keyboards, behavioral detection |
ARP Spoofing | Network | Medium | Common in public WiFi attacks | Dynamic ARP Inspection, VPN, network segmentation |
Privilege Escalation | Vulnerability Exploit | Critical | Dirty COW Linux kernel vulnerability (2016) | Principle of least privilege, kernel patching, containerization |
Business Email Compromise | Social Engineering | Critical | Ubiquiti Networks — $46.7M BEC fraud (2015) | Email authentication (DMARC/DKIM), verification procedures |
Free to explore · No signup needed
Frequently asked questions
How is the Cybersecurity Attack Types list ranked?
The Cybersecurity Attack Types list is ranked by community votes. Every visitor can pick one option over another in head-to-head matchups, and the running totals determine the order you see. No editors or algorithms — just real people voting.
How many entries are in this Cybersecurity Attack Types dataset?
This dataset contains 25 entries, each with multiple sortable, filterable columns. The full table is visible on this page and can be downloaded as a CSV, JSON, or Excel file.
Can I download the Cybersecurity Attack Types data?
Yes. The download buttons at the top of the page give you the full 25-row dataset as CSV, JSON, or Excel. Use of the data is permitted under a Creative Commons Attribution license — credit dtbse.com when you republish.
Related Datasets
More in Technology
DevOps Tools
The tools that keep software running — CI/CD, containers, and infrastructure.
Web Hosting
Web Hosting (Cloud & Shared)
Design Tools
The software designers use to create the visual world around us.
Mobile Phone Brands
Mobile phone manufacturers and brands by country.
JavaScript Frameworks
Popular JavaScript and TypeScript frameworks and libraries for frontend, backend, and full-stack development.
AI Image Generators
AI Image Generators
Popular Linux Distributions
The most widely used Linux distributions for desktop, server, and specialized use cases, with details on their base systems and target audiences.
Headphone & Earbuds Brands
AirPods, Sony WH-1000XM5, Bose, Sennheiser — the headphones glued to the world's ears.
Screen Recording & Video Messaging
Screen Recording & Video Messaging
Tech YouTube Channels
Popular technology-focused YouTube channels covering reviews, tutorials, and tech culture.
Search Engines
Internet search engines past and present.
Types of Cryptocurrency Consensus Mechanism
Proof of Work, Proof of Stake, Delegated PoS — which consensus mechanism best secures a blockchain?