Modern Cyberattacks: How Are Criminal Methods Changing?

Unfortunately, every year, cybercriminals develop new (and also improve the existing ones) tactics to steal important information. They are increasingly attacking strategic targets such as water supply, energy, and state institutions. For example, in May 2025, it was reported that during the ongoing presidential campaign in Poland, coordinated actions took place: attacks on critical infrastructure and disinformation campaigns aimed at paralysing the functioning of the state. This example of a cyberattack shows that hackers are increasingly combining technical, psychological and political elements.

Among such large-scale cyberattacks, there are also smaller ones that hit private individuals and their businesses. What are the types of cyber attacks? How have they changed over the years, and how can you effectively protect yourself against them? We’ll take a look. 

Cyberattacks then vs. today

In the past, cyberattacks were simple technical actions – most often they were computer viruses spread through floppy disks, the first DoS attacks or harmless from today’s perspective hacks “for sport”, carried out by hackers wanting to prove their skills. However, over time, with the spread of the Internet, cyberattacks began to take on a commercial character – massive phishing campaigns, banking Trojans and ransomware appeared, the goal of which was to make a quick financial profit. 

Today, cyberattacks are much more complex and pose real threats to the economy, the security of states, and citizens’ everyday lives. Examples of modern cyberattacks show the absolute scale of the problem.

Examples of cyberattacks in Poland

The following examples of cyberattacks show that they are no longer limited to “hacking for fun” or stealing data from individual computers. Today, cyberattacks have a geopolitical dimension. They are aimed at critical infrastructure and state security, and often also at citizens’ lives. Cybersecurity statistics in 2025 speak for themselves—their number and scale reach record levels.

Examples of cyberattacks in Poland over the past few years:

• Ransomware attack on ALAB (Poland, 2023): Criminals hacked into medical laboratory systems and stole the data of hundreds of thousands of patients, then started publishing it online when the ransom was not paid.
• DDoS attacks during the NATO summit (Warsaw, 2023): The websites of public institutions and companies in Poland were massively overloaded, temporarily preventing them from working.
• An attempted cyberattack on the water supply system of a large city in Poland (2025) was successfully thwarted. Still, it shows that cybercriminals can try to physically disrupt the water supply for thousands of residents.
• Presidential elections in Poland (2025): Russian hacker groups carried out attacks on the websites of institutions and political parties and disinformation campaigns on social networks to influence public opinion.

Common types of cyberattacks

Currently, the most common types of cyberattacks include:

• Phishing and phishing – a social engineering tool based on impersonating trusted entities.
• Attacks on passwords – brute force, dictionary attacks, credential stuffing.
• Malware – ransomware, trojans, spyware malware.
• Spoofing attacks – impersonating known sources for deception.
• Supply chain attacks – infection through a weak link in the supplier.
• DDoS (Distributed Denial of Service) – overloads servers to disrupt the operation of services.
• Man in the Middle (MitM) – interception and modification of communication.
• Cyber-physical attacks – hitting physical infrastructure, such as water or energy systems; although often hidden, they pose a real threat.

How can the risk of a cyberattack be reduced?

One of the defence tools that can protect a company from a cyberattack is IT audit and consulting. As part of its offer, Exorigo-Upos supports organisations in diagnosing and strengthening the security of their IT infrastructure. Professional security audit and consulting allows:

• identify weak points in the system,
• implement best practices (e.g. updates, network segmentation, strong authentication),
• Reduce incident response time.

Such a comprehensive assessment not only improves the performance of your systems but also reduces the likelihood of an enemy taking over your company’s critical assets, making you less likely to be attacked by a cyberattack.