Cybersecurity pillar · Module 2 of 6

How attacks actually happen

Hollywood makes hacking look like frantic typing and green text. Reality is usually more mundane—and that’s what makes it dangerous. Most attacks exploit human behaviour, not movie-style technical wizardry.

← Back to Cybersecurity Fundamentals Training

2.1 Who’s attacking?

Understanding your adversaries helps you understand what you’re defending against:

Cybercriminals. The most common threat. Motivated by money. They run ransomware, steal data to sell, commit fraud. They’re business-minded and opportunistic.
Nation-states. Government-backed hackers with serious resources. They’re after intelligence, intellectual property, or geopolitical advantage. If you’re in critical infrastructure or defence, this matters a lot.
Hacktivists. Ideologically motivated. They target organisations they disagree with. Think Anonymous or groups protesting environmental issues.
Insiders. Current or former employees with access and grievances. Sometimes the most dangerous because they know where the valuables are.
Script kiddies. Low-skill attackers using tools others built. They’re not sophisticated, but they can still cause damage if you’re not protecting basics.

2.2 The attacks you’ll actually see

Let’s cut through the jargon:

Phishing

Fake emails that trick people into clicking links, opening attachments, or entering credentials. Still the #1 way attackers get in. Looks like it’s from someone you trust—your bank, your CEO, IT support.

Why it works: We’re wired to trust and help. Attackers exploit that.

Ransomware

Malware that encrypts your files and demands payment for the key. Modern ransomware also steals data first and threatens to publish it. Devastating for businesses.

Why it works: Backups are often inadequate. Paying feels easier than rebuilding.

Credential attacks

Stealing or guessing passwords. People reuse passwords everywhere. One breach exposes credentials used on dozens of sites.

Why it works: “Password123” is still shockingly common.

Supply chain attacks

Compromising a vendor or supplier to reach their customers. SolarWinds is the famous example—attackers compromised their software, reaching 18,000+ organisations.

Why it works: We trust our suppliers. That trust can be weaponised.

💡 The uncomfortable truth

Over 90% of successful attacks involve human error. Technical vulnerabilities matter, but the weakest link is usually us—clicking the wrong link, using weak passwords, ignoring security warnings. That’s actually good news: training people is often the best investment.

Free resources to go deeper

Hands-on lab: TryHackMe: Phishing Analysis — Learn to spot phishing emails
Case studies: Krebs on Security — Brian Krebs investigates real breaches in detail
Video: Darknet Diaries: NotPetya — The story of the most destructive cyberattack in history
Test yourself: Google Phishing Quiz — Can you spot the fakes?

← Previous: What is cybersecurity?

Next: Building defences →