What is an Attack Vector? Common Attack Vectors

What is an Attack Vector?

Table of contents

  1. What is the difference between an attack vector, attack surface and data breach?
  2. Why are attack vectors exploited by attackers?
  3. How do attackers exploit attack vectors?
  4. What are the common types of attack vectors?
  5. How UpGuard can help you understand your organization’s attack surface

1. What is the difference between an attack vector, attack surface and data breach?

  • Attack vector:A method or way an attacker can gain unauthorized access to a network or computer system.
  • Attack surface:The total number of attack vectors an attacker can use to manipulate a network or computer system or extract data.
  • Data breach:Any security incident where sensitive, protected, or confidential data is accessed or stolen by an unauthorized party.

2. Why are attack vectors exploited by attackers?

3. How do attackers exploit attack vectors?

  • Attacker identifies a potential target.
  • Attacker gathers information about the target using social engineering, malware, phishing, OPSEC and automated vulnerability scanning.
  • Attackers use the information to identify possible attack vectors and create or use tools to exploit them.
  • Attackers gain unauthorized access to the system and steal sensitive data or install malicious code.
  • Attackers monitor the computer or network, steal information or use computing resources.

4. What are the common types of attack vectors?

  • Compromised credentials: Usernames and passwords are still the most common type of access credential and continue to be exposed indata leaks,phishing scams and by malware. When lost, stolen or exposed, credentials give attackers unfettered access. This is why organizations are now investing in tools to continuously monitor for data exposures and leaked credentials. Password managers, two-factor authentication and biometrics can reduce the risk of leak credentials resulting in a security incident too.
  • Weak credentials: Weak passwords and reused passwords mean one data breach can result in many more. Teach your organization how to create a secure password, invest in a password manager or a single sign-on tool, and educate staff on their benefits.
  • Malicious insiders: Disgruntled employees can expose private information or provide information about company specific vulnerabilities.
  • Missing or poor encryption: Common encryption methods like SSL certificates and DNSSEC can prevent man-in-the-middle attacks and protect the confidentiality of data being transmitted. Missing or poor encryption for data at rest can mean that sensitive data or credentials are exposed in the event of a data breach or data leak.
  • Misconfiguration: Misconfiguration of cloud services, like Google Cloud Platform, Microsoft Azure or AWS, or using default credentials can lead to data breaches and data leaks, check your S3 permissions or someone else will. Automate configuration management where possible to prevent configuration drift.
  • Ransomware: Ransomware is a form of extortion where data is deleted or encrypted unless a ransom is paid, such as WannaCry. Minimize the impact of ransomware attacks by keeping your systems patched and backing up important data.
  • Phishing: Phishing is a social engineering technique where the target is contacted by email, telephone or text message by someone who is posing to be a legitimate colleague or institution to trick them into providing sensitive data, credentials or personally identifiable information (PII). To minimize phishing, educate your staff on the importance of cybersecurity and prevent email spoofing and typosquatting.
  • Vulnerabilities: New vulnerabilities are added to CVE every day and zero-day vulnerabilities are found just as often. If a developer has not released a patch for a zero-day vulnerability before an attack can exploit it, it can be hard to prevent.
  • Brute force: Brute force attacks are based on trial and error. Attackers may continuously try to gain access to your organization until one attack works. This could be by attacking weak passwords or encryption, phishing emails or sending infected email attachments containing a type of malware.
  • Distributed Denial of Service (DDoS): DDoS are cyber attacks against networked resources like data centers, servers or websites and can limit the availability of a computer system. The attacker floods the network resource with messages which cause it to slow down or even crash, making it inaccessible to users. Potential mitigations include CDNs and proxies.
  • SQL injections: SQL stands for structured query language, a programming language used to communicate with databases. Many of the servers that store sensitive data use SQL to manage the data in their database. An SQL injection uses malicious SQL to get the server to expose information it otherwise wouldn’t. This is a huge cyber risk if the database stores customer information, credit card numbers, credentials or other personally identifiable information (PII).
  • Trojans: Trojan horses are malware that misleads users by pretending to be a legitimate program and are often spread via infected email attachments or fake software.
  • Cross-site scripting (XSS): XSS attacks involve injecting malicious code into a website but the website itself is not being attacked, rather it aims to impact the website’s visitors. A common way attackers can deploy cross-site scripting attacks is by injecting malicious code into a comment e.g. embed a link to malicious JavaScript in a blog post’s comment section.
  • Session hijacking: When you log into a service, it generally provides your computer with a session key or cookie so you don’t need to log in again. This cookie can be hijacked by an attacker who uses it to gain access to sensitive information.
  • Man-in-the-middle attacks: Public Wi-Fi networks can be exploited to performman-in-the-middle attacks and intercept traffic that was supposed to go elsewhere, such as when you log into a secure system.
  • Third and fourth-party vendors: The rise in outsourcing means that your vendors pose a huge cybersecurity risk to your customers data and your proprietary data. Some of the biggest data breaches were caused by third-parties.

5. How UpGuard can help you understand your organization’s attack surface

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store