Attackers can initiate different types of security breaches. Here are three big ones.
Viruses, spyware, and other malware
Cybercriminals often use malicious software to break in to protected networks. Viruses, spyware, and other types of malware often arrive by email or from downloads from the internet.
For instance, you might receive an email with an attached text, image, or audio file. Opening that attachment could infect your computer. Or you might download an infected program from the internet. In that case, your computer would become infected when you open or run the malicious program. If it’s a virus, it could spread to other computers on your network.
Impersonation of an organization
Cybercriminals sometimes can create a gap in security by sending a bogus, but convincing email to an employee of an organization. The email is made to appear like it’s from an executive with an urgent request for, say, employment records, log-in information, or other sensitive data. Eager to fill the request, the employee may email back the information — putting it in the hands of cybercriminals.
This tactic is known as phishing — or spearfishing, if the email is highly targeted to a specific person.
The attacks often target the financial industry, with the goal of accessing financial accounts. Or a phishing email may target you, as an account holder. You might receive an urgent email saying, there’s been an attempt to access your bank account, so click on this link and log-in now. But the link is fake, and your log-in information goes straight to fraudsters.
Denial of service (DDoS) attacks
A denial-of-service attack is capable of crashing websites. Hackers can make a website — or a computer — unavailable by flooding it with traffic. DDoS attacks are considered security breaches because they can overwhelm an organization’s security devices and its ability to do business. DDoS attacks often target government or financial websites. The motive can be activism, revenge, or extortion. During an attack, anyone who has legitimate business with an organization — like you — will be unable to access the website.
But these three examples are just a start. There are other types of security breaches. Cybercriminals can also exploit software bugs or upload encryption software onto a network to initiate ransomware attacks — in essence, demanding a ransom in exchange for the encryption key. Or intrusions may occur inside an organization, with employees seeking to access or steal information for financial gain.