Top Cyber-Attack Vectors – Past, Present, and Future

Are you wondering what exploits represent the biggest threats in 2019?  It can be difficult and expensive to defend against everything.  If your company is budget-constrained, it may make more sense to defend against what is “likely” instead of everything that is “possible.”  Today we look at some of the biggest cyber-attack methods from the past, the present and the future.


While these threats are by no means non-existent, the cyber-criminals and threat actors have moved on from these exploits to newer and more profitable schemes.

  • Crypto-ransomware – There is significant overhead for a criminal organization running a data encryption and ransom campaign, including the high cost of providing human tech support to your victims.  Additionally, most of the endpoint anti-malware companies have developed solutions that defend against the spread of the encryption process.  If you install one of those products, such as Sophos Intercept X, you should be protected from this one.
  • DDoS – Again, by no means over, but this exploit has not been a particularly good money-maker for cyber-criminals.  These DDoS botnets are being redeployed in crypto-mining and crypto-jacking exploits.
  • Malware and Scareware – Exploits like the fake anti-virus style campaigns are all but dead.  We still see fake security pop-ups being used by the fake tech support players out there.  Again, there is a higher cost to run these scams, as they require a lot of human “tech support” agents.  With the recent takedown and arrests of 6 fake support gangs in India, we may expect to see less of this in the future, hopefully.


These exploits represent some of the most successful and most profitable attack over 2017 and 2018.

  • Email Account Hijacking – The FBI says this was the top money-maker in 2017, and I expect it will retain its top spot when the 2018 data comes put in May 2019.  This is maybe the worst cybercrime that can happen to you, and if you need to know why, check out the articles I have posted before about email account hijacking.
  • Personal Data Breach – Data losses like the Equifax breach represents ongoing threats to all of us.  The stolen information is sold on the Dark Web.  This is the second most profitable exploit.
  • Identity Theft – The stolen data is sold to identity thieves and used in a variety of money making schemes, including credit card fraud.
  • Corporate Data Breach – Information stolen in this scheme may be valuable intellectual property that is sold to competitors, or may be held for ransom, sold on the Dark Web, or used in extortion schemes.
  • Phishing – Phishing is the number one cause of network intrusions and computer hijacking.  It is often the opening act in an extended exploit.
  • Crypto-jacking/Crypto-mining – These exploits use hijacked computers phones and other devices to mine for crypto-currencies such as BitCoin and Monero.


  • Biometric Hacking – Spoofing techniques to bypass or trick fingerprint readers or facial recognition software.
  • Banking Attacks – Cybercriminals are moving past simple ATM skimmers to putting malware onto banking systems to permit larger thefts.
  • Wireless Carrier Attack – These attacks may be to steal subscriber information, or to take down an entire wireless network.
  • Cloud Vendor Attacks – There have been some successful attacks against these companies already.  Attacks on cloud service providers would potentially provide access to the information of hundreds of client companies.
  • Online Gaming Attack – Targeting gaming networks for personal information, credit card information, and valuable game tokens and objects could be

Cyber-criminals and other bad actors have become adept at changing their tactics and targets, and staying one step ahead of common security measures.  These are threats to be looking for in the coming year.

More information:


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.