Types of Network or Cyber Security Attacks

A cyber or network security attack is an action a hacker or adversary performs to steal, modify, or delete data from a computer or network. Understanding network cyber attack types is the first step in securing your network or system from hackers. This tutorial explains the most common cyber or network security attack types.

Social Engineering Attacks

In this attack, an attacker interacts with users to gain information about network resources and security policies. The attacker pretends to be an authorized person while interacting with the victim. After getting information from the victim, the attacker uses the gained information to launch subsequent attacks.

The following are examples of social engineering attacks.

  • The attacker calls an employee and impersonates the company’s network administrator. He convinces the employee to change his password or reveal password information. If the employee performs the suggested action, the attacker gains access to his account.
  • The attacker impersonates a frustrated user who cannot log on to the network and calls an unsuspecting network administrator for help. If the administrator helps the user who is an attacker, the attacker gains access to the network.
  • The attacker impersonates the software developer. He sends a mail or notification to the customer to convince the user to install an update. If the user installs the mentioned update from the offered link, a Trojan horse gets installed in the system. It allows the attacker to access the system.

Social Engineering Attacks

Phishing Attack

In a phishing attack, a hacker creates a fake website that looks exactly like a popular website. Then, the attacker sends an e-mail message to trick the user into clicking a link that leads to the fake website. If the user attempts to log on to the fraud website, the website saves the username and password. The hacker uses the saved information to log on to the original website.

Phishing Attack

Eavesdropping attack

In an eavesdropping attack, the hacker uses a network monitoring tool such as a packet sniffer to capture and analyze network traffic. If the traffic is unencrypted, the hacker reads confidential data, including usernames and passwords.

Eavesdropping attack

Spoofing attack

In a spoofing attack, the hacker changes the source address of packets and sends them to the target. The target thinks the packet arrived from the destination mentioned in the source address.

Hackers mainly use spoofing attacks to bypass access controls placed on switches, routers, or firewalls. The following are common types of spoofing attacks.

MAC spoofing

Switches use MAC addresses to filter and forward frames. MAC spoofing occurs when the attacker alters the source MAC address of frames. Attackers mainly use MAC spoofing to bypass the port security feature on Ethernet switches and MAC filtering features on an access point.

IP spoofing

Routers use IP addresses to filter and forward packets. IP spoofing occurs when the attacker alters the source IP address of packets. Attackers mainly use IP spoofing to bypass the Access Control Lists feature on routers.

IP spoofing

E-mail spoofing

E-mail spoofing occurs when the attacker alters the source e-mail address of an e-mail message. Attackers mainly use E-mail spoofing in a phishing attack to make the e-mail look like it is coming from someone else (a known party).

Man-in-the-middle (MITM) attack

In the MITM attack, the attacker inserts himself in the middle of a communication path. The attacker then forwards the information back and forth between the two, with neither party knowing all the communication is passing through the attacker’s system. The attacker can view all confidential information shared between the two systems.

Man-in-the-middle  attack

Hijack attack

In the hijack attack, the attacker takes over a session between two users and disconnects one from the communication. Another user still believes he is talking to the original party and may send private information to the attacker instead of the original user.

Hijack attack

Denial of Service (DoS) attack

In the DoS attack, the attacker sends too many requests to the targeted service that the service either crashes or becomes unresponsive. For example, the attacker performs a DoS by sending so many requests to the web server that it becomes overwhelmed and too busy to service valid requests.

Denial of Service attack

Smurf attack

In the Smurf attack, the attacker pings several computers but modifies the source address of those packets so they appear to come from another system. When all of these systems receive the ping request, they reply to the same source address, essentially overburdening that targeted system with data.

Buffer overflow

In the Buffer overflow attack, the attacker sends more data to a buffer than it can hold. The data includes malicious code that corrupts data or reveals private information. The attacker uses the revealed information to gain administrative access to the system in a command prompt or shell.

Buffer overflow

Exploit attack

In the Exploit attack, the attacker uses a vulnerability to gain access or steal information. A vulnerability is a security problem or a bug within an operating system or a piece of software.

DNS poisoning attack

In the DNS poisoning attack, the attacker does a zone transfer (copy of the DNS data) to map the network. After mapping, the attacker poisons DNS data to redirect clients to the wrong system.

Physical attack

In a physical attack, the attacker gains physical access to the facility and causes damage to the equipment or the facility. Attackers mainly do physical attacks on a known facility.

ARP poisoning attack

ARP poisoning is a method of performing an MITM attack. In this, the attacker inserts himself in the middle of communication by changing the Address Resolution Protocol (ARP) cache on a victim’s system and causing all communication to pass through the hacker’s system, enabling her to capture all traffic.

VLAN hopping attack

In the VLAN hopping attack, the attacker double-tags the frames for different VLANs or imitates a trunk port to receive all traffic. It is an exploit. It allows the attacker to gain access to all VLANs.

Deauthentication attack

A deauthentication attack occurs in the wireless network. In this attack, the attacker sends a command to disconnect the client from the wireless network. The client reauthenticates to connect. The attacker captures reauthentication traffic to gain access to the wireless network.

Zero-day attack

A zero-day attack occurs when the hacker discovers a vulnerability before the developer realizes the exploit and issues a patch.

Password Attack

In a password attack, the attacker cracks passwords to gain access. There are three types of password attacks: a dictionary attack, a brute-force attack, and a hybrid attack.

  • In the dictionary attack, the attacker uses a list of all potential passwords. The attacker uses a program to try each of the passwords from the file to break into a system.
  • In brute-force attacks, the attacker uses a program that tries every possible combination of characters to guess a password.
  • In the hybrid attack, the attacker uses a mixture of dictionary and brute-force attacks. This method uses a word list. It also places numbers at the end of the words to catch passwords that are not dictionary words, in case a password contains a number at the end. For example, a dictionary attack would not find the password abc123, but a hybrid attack might.


In this tutorial, we discussed and learned about the common cybersecurity attacks. Understanding these network attack types is essential to protect the network from cyber-attacks.

ComputerNetworkingNotes CCNA Study Guide Types of Network or Cyber Security Attacks