Most Common Attack Methods – Phishing, Ransomware & Co. Simply Explained

One click on the wrong link, one email attachment opened – and suddenly the digital world comes to a standstill. Many successful cyberattacks begin with simple methods that have, however, become increasingly sophisticated. In this article, we examine the typical attack types that most frequently affect SMEs in Germany. Using examples, we explain how these attacks work and how you can protect yourself against them.

Phishing: The Most Common Method of Cyberattack

Probably the most widespread trick. Attackers send out mass fake emails or messages that look legitimate (as if they came from your bank, DHL, or even your own management). The goal is to prompt the recipient to take an action: clicking a link (leading to a fake login page) or opening a file attachment (containing malware).

Phishing is so dangerous because it appeals to human nature – curiosity, helpfulness, or fear. According to the BSI, over 37 million phishing attempts were registered in Germany in 2024 – 16% more than the previous year.

Protection: Be suspicious of unexpected emails with a sense of urgency (“click immediately”). Train employees to recognize such emails. Technically, spam filters and disabling macros in Office documents help to foil the most common tricks.

Ransomware: Digital Extortion with Encrypted Data

Ransomware Trojans encrypt your files and demand a ransom for decryption. They typically enter networks via phishing emails or exploited security vulnerabilities. Modern ransomware not only encrypts but also steals data beforehand (double extortion). SMEs are increasingly affected, often as collateral damage from automated campaigns.

Protection: Regular backups are essential – they allow you to restore your data in an emergency without having to pay. Additionally, a multi-layered security concept helps: up-to-date virus scanners, restricted access rights (to prevent the malware from spreading everywhere), and employee awareness training.

CEO Fraud: When Fraudsters Impersonate the Boss

In this attack, perpetrators use publicly available information to impersonate a manager or important business partner via email. They request, for example, an urgent wire transfer (“Confidential, just for you, here are the account details…”). A surprising number of companies have fallen for this, sometimes with six-figure losses.

Protection: Clear internal processes for payment approvals (dual-control principle) protect against such fraud attempts. And a culture in which employees feel able to question unusual instructions, even when they appear to come “from the very top.”

DDoS Attacks: Paralysis of Online Services

Distributed Denial of Service – your server or website is flooded with requests until it collapses. This can, for example, shut down an online shop. DDoS attacks are also often used as a distraction while a breach is occurring in the background.

For SMEs with a primarily local presence, the risk is lower, but anyone offering e-commerce or digital services should consider DDoS protection (e.g., through their hosting provider).

Protection: Using content delivery networks (CDNs) or DDoS protection services can help. Additionally, have emergency plans ready to inform customers if the service goes down.

Supply Chain Attacks: The Supply Chain as a Vulnerability

Larger companies are now relatively well protected, so attackers look for weaker links in the supply chain. Example: a mechanical engineering company (SME) supplies components to an automotive manufacturer. Attackers compromise the IT of the engineering company (e.g., via a phishing attack) and thus gain access to the large customer’s network using the supplier’s credentials.

This supply chain attack pattern is complex, but was used globally, for example in the SolarWinds hack in 2020.

Protection: It pays off for SMEs to maintain security measures at a level that satisfies even large partners. Some major customers now require security audits from their suppliers.

Practical tip: Do a small role-play exercise with your team: put yourself in the role of a hacker and think about how you would attack your own company. Which method would you choose? This way, you identify vulnerabilities from the attacker’s perspective – and can take targeted countermeasures before a real attacker finds them.