TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Huntress

The 36 Most Common Cyberattacks (2025) | Huntress

2025-05-02 · Read original ↗

ATT&CK techniques detected

50 predictions
T1486Data Encrypted for Impact
99%
"to inject malicious code the goal is to trick the user into opening the infected file, which then lets the virus take hold and do its dirty work. 2. ransomware ransomware is a type of malicious software that lets attackers hold your data hostage. the threat actor locks users out …"
T1190Exploit Public-Facing Application
99%
"can be done through techniques like transaction id prediction or by exploiting known vulnerabilities in dns software. once the dns cache is poisoned, anyone using that dns server will be redirected to the attacker ' s malicious website, which may look identical to the legitimate …"
T1189Drive-by Compromise
99%
"external threat actors may even try to recruit insiders to perform malicious actions on their behalf. 34. data breach data breaches are a top concern in various industries. they ’ re a larger category that describes many of the types of attacks on this list where sensitive, confi…"
T1566.002Spearphishing Link
98%
"malicious link or attachment that, when clicked, installs malware or steals credentials. because of the personalized nature of spear phishing, it can be extremely difficult to detect, even for experienced users. 13. whaling a reference to the famous white whale from moby dick, wh…"
T1056.001Keylogging
95%
"sizes, letting threat actors launch large - scale attacks that can overwhelm websites, steal data, or spread malware further. 8. worms computer worms are a type of malware that can self - replicate and spread across networks without needing user interaction. unlike viruses, which…"
T1566.002Spearphishing Link
94%
"administrators. this lets threat actors maintain long - term access to compromised systems, letting them steal data and wreak additional havoc. phishing and social engineering we surveyed it professionals about remote and hybrid cybersecurity and found that phishing and social en…"
T1110.003Password Spraying
94%
"detection systems may not be effective. once the vendor discovers the vulnerability, they quickly develop patches, making the window of opportunity short but highly damaging. other types of cybersecurity attacks many types of cybersecurity attacks fall outside of the four above c…"
T1204.002Malicious File
93%
"exploitation attacks : every software has potential weaknesses, or " vulnerabilities. " these attacks occur when someone finds those weak spots and uses them to break in. it ' s like finding an unlocked back door to a building and going inside to cause problems. malware - based a…"
T1566.002Spearphishing Link
93%
"notification from your bank or an email saying there ’ s a sale at your favorite store. - take advantage of current events or popular trends to make their campaigns more relevant and effective. their key strategy is to play on emotions like fear, curiosity, or greed to increase t…"
T1014Rootkit
90%
"for identity theft, financial fraud, or other malicious purposes. it ' s like having someone looking over your shoulder as you enter all your sensitive information. keyloggers can be software - based or hardware - based. hardware keyloggers are physical devices that are plugged i…"
T1557.001Name Resolution Poisoning and SMB Relay
87%
"malicious websites or launch dos attacks. the attacker sends out these forged arp packets consistently, poisoning the arp caches of the devices on the network. 21. dns spoofing also called dns cache poisoning, dns spoofing is a cyberattack where a threat actor manipulates the dom…"
T1498Network Denial of Service
87%
"generate excessive traffic. the goal is to disrupt the target ' s operations, causing financial losses, reputational damage, or even political disruption. 17. distributed denial - of - service ( ddos ) attack a ddos attack is a more powerful and complex version of a dos attack. i…"
T1539Steal Web Session Cookie
86%
"into clicking on something they didn ’ t mean to. they do this by overlaying hidden elements on top of legitimate web pages, effectively hijacking the user ' s clicks. imagine a transparent button placed over a " delete " button, tricking you into deleting something when you thou…"
T1557.002ARP Cache Poisoning
83%
"gain unauthorized access to a network. - launching a ddos attack that appears to come from multiple sources. ip spoofing can also be used in adversary - in - the - middle attacks to intercept and manipulate network traffic. 20. arp spoofing also known as arp poisoning, arp spoofi…"
T1110.004Credential Stuffing
79%
"##ing many accounts using common passwords. so, instead of hammering one account with endless password guesses, password spraying distributes a small set of commonly used passwords across a large number of accounts. this makes it less likely to trigger account lockouts, as it avo…"
T1499Endpoint Denial of Service
77%
"immediate action, like a security breach or system error. by creating a sense of urgency or fear, they pressure victims into providing sensitive information or doing things they wouldn ' t normally do. they might also use information gathered from social media or other public sou…"
T1059.007JavaScript
74%
"gain administrative control of the server. think of it as tricking the database into running commands it wasn ' t supposed to. threat actors identify input fields that aren ' t properly sanitized or validated, then craft sql queries that are attached to real requests. for example…"
T1110.003Password Spraying
74%
"##ing many accounts using common passwords. so, instead of hammering one account with endless password guesses, password spraying distributes a small set of commonly used passwords across a large number of accounts. this makes it less likely to trigger account lockouts, as it avo…"
T1589Gather Victim Identity Information
73%
"threat actors, often state - sponsored or organized criminal groups, carry out cyber espionage through various methods, including phishing, malware, and zero - day exploits. they target specific individuals or systems with access to valuable information, using sophisticated techn…"
T1498Network Denial of Service
72%
"immediate action, like a security breach or system error. by creating a sense of urgency or fear, they pressure victims into providing sensitive information or doing things they wouldn ' t normally do. they might also use information gathered from social media or other public sou…"
T1684.001Impersonation
71%
"entices victims with a false promise or reward to trick them into revealing sensitive information or installing malware. threat actors create a sense of urgency or exclusivity, making the victim feel like they ' re getting a valuable opportunity that they can ' t pass up. threat …"
T1557Adversary-in-the-Middle
68%
", adversary - in - the - middle attacks are when a threat actor gains access to data or information by intercepting between you and the website or app, both on send and return. an example of this would be something like working in a cafe and signing in to their network, but an at…"
T1204.004Malicious Copy and Paste
67%
"into clicking on something they didn ’ t mean to. they do this by overlaying hidden elements on top of legitimate web pages, effectively hijacking the user ' s clicks. imagine a transparent button placed over a " delete " button, tricking you into deleting something when you thou…"
T1498.001Direct Network Flood
66%
"generate excessive traffic. the goal is to disrupt the target ' s operations, causing financial losses, reputational damage, or even political disruption. 17. distributed denial - of - service ( ddos ) attack a ddos attack is a more powerful and complex version of a dos attack. i…"
T1584.005Botnet
66%
"top threats in our 2025 cyber threat report. they ’ re often disguised as legitimate software or embedded in seemingly harmless files. once installed, the infostealer silently collects data in the background, often logging keystrokes, capturing screenshots, and extracting saved p…"
T1195.001Compromise Software Dependencies and Development Tools
65%
"vulnerabilities in these websites and inject malicious code, like javascript or iframes. when a target user visits the compromised site, their browser executes the malicious code, which can then install malware, steal credentials, or redirect them to phishing websites. this attac…"
T1557.001Name Resolution Poisoning and SMB Relay
60%
", adversary - in - the - middle attacks are when a threat actor gains access to data or information by intercepting between you and the website or app, both on send and return. an example of this would be something like working in a cafe and signing in to their network, but an at…"
T1539Steal Web Session Cookie
56%
"javascript code, which gets executed when other users view the affected page. this code can then steal user credentials, modify website content, or perform other harmful actions. 24. cross - site request forgery ( csrf ) csrf is a type of vulnerability that lets an attacker trick…"
T1185Browser Session Hijacking
55%
"into clicking on something they didn ’ t mean to. they do this by overlaying hidden elements on top of legitimate web pages, effectively hijacking the user ' s clicks. imagine a transparent button placed over a " delete " button, tricking you into deleting something when you thou…"
T1176.001Browser Extensions
53%
"is a type of software that displays unwanted ads on a user ' s computer or mobile device. while not always inherently malicious, it can be incredibly annoying and sometimes carry security risks as a gateway for more serious malware. think of it as those pop - up ads that won ' t …"
T1539Steal Web Session Cookie
51%
"actions as if they were the actual user. threat actors implement session hijacking through various methods, including xss attacks, adversary - in - the - middle attacks, and malware. once they have the cookie, they can access the user ' s account without needing their username or…"
T1195Supply Chain Compromise
47%
"vulnerabilities in these websites and inject malicious code, like javascript or iframes. when a target user visits the compromised site, their browser executes the malicious code, which can then install malware, steal credentials, or redirect them to phishing websites. this attac…"
T1056Input Capture
47%
"##ware - controlling the infected computer remotely like the original trojan horse, these malicious programs ( the attack ) are disguised as legitimate software ( a giant, beautiful wooden horse ). unlike viruses, they don ' t self - replicate. instead, they trick users into inst…"
T1189Drive-by Compromise
46%
"javascript code, which gets executed when other users view the affected page. this code can then steal user credentials, modify website content, or perform other harmful actions. 24. cross - site request forgery ( csrf ) csrf is a type of vulnerability that lets an attacker trick…"
T1598.003Spearphishing Link
45%
"notification from your bank or an email saying there ’ s a sale at your favorite store. - take advantage of current events or popular trends to make their campaigns more relevant and effective. their key strategy is to play on emotions like fear, curiosity, or greed to increase t…"
T1190Exploit Public-Facing Application
44%
"actions as if they were the actual user. threat actors implement session hijacking through various methods, including xss attacks, adversary - in - the - middle attacks, and malware. once they have the cookie, they can access the user ' s account without needing their username or…"
T1185Browser Session Hijacking
44%
"javascript code, which gets executed when other users view the affected page. this code can then steal user credentials, modify website content, or perform other harmful actions. 24. cross - site request forgery ( csrf ) csrf is a type of vulnerability that lets an attacker trick…"
T1566.004Spearphishing Voice
44%
"entices victims with a false promise or reward to trick them into revealing sensitive information or installing malware. threat actors create a sense of urgency or exclusivity, making the victim feel like they ' re getting a valuable opportunity that they can ' t pass up. threat …"
T1598.004Spearphishing Voice
42%
"entices victims with a false promise or reward to trick them into revealing sensitive information or installing malware. threat actors create a sense of urgency or exclusivity, making the victim feel like they ' re getting a valuable opportunity that they can ' t pass up. threat …"
T1557Adversary-in-the-Middle
41%
"gain unauthorized access to a network. - launching a ddos attack that appears to come from multiple sources. ip spoofing can also be used in adversary - in - the - middle attacks to intercept and manipulate network traffic. 20. arp spoofing also known as arp poisoning, arp spoofi…"
T1189Drive-by Compromise
40%
"into clicking on something they didn ’ t mean to. they do this by overlaying hidden elements on top of legitimate web pages, effectively hijacking the user ' s clicks. imagine a transparent button placed over a " delete " button, tricking you into deleting something when you thou…"
T1557Adversary-in-the-Middle
40%
"javascript code, which gets executed when other users view the affected page. this code can then steal user credentials, modify website content, or perform other harmful actions. 24. cross - site request forgery ( csrf ) csrf is a type of vulnerability that lets an attacker trick…"
T1056Input Capture
38%
"sizes, letting threat actors launch large - scale attacks that can overwhelm websites, steal data, or spread malware further. 8. worms computer worms are a type of malware that can self - replicate and spread across networks without needing user interaction. unlike viruses, which…"
T1110.001Password Guessing
38%
"detection systems may not be effective. once the vendor discovers the vulnerability, they quickly develop patches, making the window of opportunity short but highly damaging. other types of cybersecurity attacks many types of cybersecurity attacks fall outside of the four above c…"
T1195.002Compromise Software Supply Chain
37%
"vulnerabilities in these websites and inject malicious code, like javascript or iframes. when a target user visits the compromised site, their browser executes the malicious code, which can then install malware, steal credentials, or redirect them to phishing websites. this attac…"
T1056.001Keylogging
36%
"##ware - controlling the infected computer remotely like the original trojan horse, these malicious programs ( the attack ) are disguised as legitimate software ( a giant, beautiful wooden horse ). unlike viruses, they don ' t self - replicate. instead, they trick users into inst…"
T1679Selective Exclusion
34%
"to inject malicious code the goal is to trick the user into opening the infected file, which then lets the virus take hold and do its dirty work. 2. ransomware ransomware is a type of malicious software that lets attackers hold your data hostage. the threat actor locks users out …"
T1204.001Malicious Link
34%
"into clicking on something they didn ’ t mean to. they do this by overlaying hidden elements on top of legitimate web pages, effectively hijacking the user ' s clicks. imagine a transparent button placed over a " delete " button, tricking you into deleting something when you thou…"
T1657Financial Theft
33%
"entices victims with a false promise or reward to trick them into revealing sensitive information or installing malware. threat actors create a sense of urgency or exclusivity, making the victim feel like they ' re getting a valuable opportunity that they can ' t pass up. threat …"
T1190Exploit Public-Facing Application
32%
"gain administrative control of the server. think of it as tricking the database into running commands it wasn ' t supposed to. threat actors identify input fields that aren ' t properly sanitized or validated, then craft sql queries that are attached to real requests. for example…"

Summary

Learn about some of the most common cyberattacks, how threat actors access computers and networks, and how to lower future risks.