In computer and computer networks an attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorised access to or make unauthorised use of an asset.
Computer attacks can take on a variety of forms.
“Malware” refers to various forms of harmful software, such as viruses and ransomware. Once the malware is on your computer, it can wreak all sorts of havoc, from taking control of your machine to monitoring your actions and keystrokes to silently sending all sorts of confidential data from your computer or network to the attacker's home base.
Attackers will use a variety of methods to get malware into your computer, but at some stage, it often requires the user to take an action to install the malware. This can include clicking a link to download a file, or opening an attachment that may look harmless (like a Word document or PDF attachment), but actually, has a malware installer hidden within.
When an attacker wants you to install malware or divulge sensitive information, they often turn to phishing tactics or pretending to be someone or something else to get you to take an action you normally wouldn’t. Since they rely on human curiosity and impulses, phishing attacks can be difficult to stop.
In a phishing attack, an attacker may send you an email that appears to be from someone you trust, like your boss or a company you do business with. The email will seem legitimate, and it will have some urgency to it (e.g. fraudulent activity has been detected on your account). In the email, there will be an attachment to open or a link to click. Upon opening the malicious attachment, you’ll thereby install malware on your computer.
Many of the servers that store critical data for websites and services use SQL to manage the data in their databases. A SQL injection attack specifically targets this kind of server, using malicious code to get the server to divulge information it normally wouldn’t. This is especially problematic if the server stores private customer information from the website, such as credit card numbers, usernames and passwords (credentials), or other personally identifiable information, which are tempting and lucrative targets for an attacker. An SQL injection attack works by exploiting any one of the known SQL vulnerabilities that allow the SQL server to run malicious code.
If you flood a website with more traffic than it was built to handle, you'll overload the website's server and it'll be nigh-impossible for the website to serve up its content to visitors who are trying to access it. This is known as a Denial of Service attack or DOS for short.