By no means all though !!
Very common. An attacker will send an email designed to look genuine or even like it's from someone you know. The attachment is invariably bad news, designed to attack your computer in some way. Examples would be;
An email from a courier company asking you open the attached invoice.
An email from HMRC explaining you have a tax refund so 'please read the attached.
Malware is usually installed via browsing around web sites although it can also be delivered via email. It usually needs be installed consciously, ie 'Click here to install Yahoo search into your toolbar' or 'Click here to install our AntiVirus software' are the more honest methods but it can also be secreted in a download link or as an email attachment. Malware is usually (but not always) harmless, being more of an irritant in making your web browser do things that you didn't actually ask it to do - using a non standard search engine for instance. Malware sweeps should be done regularly of course. Not all Malware is harmless, Ransomware attacks and keystroke recorders are both forms of Malware.
Probably the most invasive and dangerous of all. Usually delivered by an email via a Phishing Attack the Encryption virus propagates around a local network by utilising known security flaws in the client Operating Systems. Once delivered the Virus encrypts client files and displays a message asking for a fee to be paid in order to obtain the decryption key. Payment of a fee does NOT guarantee the decryption code will either work or actually even be delivered. Once infected then best advise is to reformat and reinstall from back up
Denial of Service attack
Denial of Service (DoS) attacks aren't actually designed to steal Data. They are, however, extremely effective in denying access to a particular website. Websites are designed to service traffic requests, an attacker simply generates thousands of web requests and fires them off at the target site. The volume of requests denies service to genuine queries. A Dos attack can be effectively dealt with by programming the sites router to drop all traffic from the originator meaning the requests never actually reach the server. In response to this defence hackers developed the Distributed Denial of Service attack. The attackers code is distributed about the internet using malware. When the attack commences all infected computers send thousands of web requests to the target server. Because the traffic is coming from many more sources then filtration and thereby defence agains a DDoS attack is much more difficult.
SQL Injection attack.
SQL is the predominant database and database query language used today. There are known vulnerabilities with SQL which can be used to exploit a Database server into divulging Data it otherwise would not. The really dangerous point with an SQL injection attack is that unlike the methods mentioned above it is a targeted attack on a specific server. A hacker will typically use 1 type of attack and if that doesn't yeild results then they will move on to another type of attack. Sadly the internet allows hackers to share newly discovered vulnerabilities almost instantaneously. The best defence here is to keep SQL and the core operating system up to date with latest patches and fixes.
Cross Site Scripting