In cybersecurity, an attack vector is a method of achieving unauthorized network access to launch a cyber attack. Attack vectors allow cybercriminals to exploit system vulnerabilities to gain access to sensitive data, personally identifiable information (PII), and other valuable information accessible after a data breach.
With the average cost of a data breach at $4.35 million, it's important to plan ahead to minimize potential attack vectors and prevent data breaches. Digital forensics and IP attribution are helpful for cleaning up data breaches, but it's much more important to know how you can prevent them.
The most common attack vectors include malware, viruses, email attachments, web pages, pop-ups, instant messages, text messages, and social engineering. However, the number of cyber threats continues to grow as cybercriminals look to exploit unpatched or zero-day vulnerabilities listed on CVE and the dark web, as there is no single solution for preventing every attack vector.
Cybercriminals are growing increasingly sophisticated and it is no longer enough to rely on antivirus software as the primary security system. This is why organizations must employ defense in depth to minimize cybersecurity risk.
What is the Difference Between an Attack Vector, Attack Surface and Threat Vector?
An attack surface is the total number of attack vectors an attacker can use to manipulate a network or computer system or extract data.
Threat vector can be used interchangeably with attack vector and generally describes the potential ways a hacker can gain access to data or other confidential information.
Why are Attack Vectors Exploited by Attackers?
Cybercriminals can make money from attacking your organization's software systems, such as stealing credit card numbers or online banking credentials. However, there are other more sophisticated ways to monetize their actions that aren't as obvious as stealing money.
Attackers may infect your system with malware that grants remote access to a command and control server. Once they have infected hundreds or even thousands of computers they can establish a botnet, which can be used to send phishing emails, launch other cyber attacks, steal sensitive data, or mine cryptocurrency.
Another common motivation is to gain access to personally identifiable information (PII), healthcare information, and biometrics to commit insurance fraud, credit card fraud or illegally obtain prescription drugs.
Competitors may employ attackers to perform corporate espionage or overload your data centers with a Distributed Denial of Service (DDoS) attack to cause downtime, harm sales, and cause customers to leave your business.
Money is not the only motivator. Attackers may want to leak information to the public, embarrass certain organizations, grow political ideologies, or perform cyber warfare on behalf of their government like the United States or China.
How Do Attackers Exploit Attack Vectors?
There are many ways to expose, alter, disable, destroy, steal or gain unauthorized access to computer systems, infrastructure, networks, operating systems, and IoT devices.
In general, attack vectors can be split into passive or active attacks:
Passive Attack Vector Exploits
Passive attack vector exploits are attempts to gain access or make use of information from the system without affecting system resources, such as typosquatting, phishing, and other social engineering-based attacks.
Active Attack Vector Exploits
Active cyber attack vector exploits are attempts to alter a system or affect its operation such as malware, exploiting unpatched vulnerabilities, email spoofing, man-in-the-middle attacks, domain hijacking, and ransomware.
That said, most attack vectors share similarities:
- The attacker identifies a potential target
- The attacker gathers information about the target using social engineering, malware, phishing, OPSEC, and automated vulnerability scanning
- Attackers use the information to identify possible attack vectors and create or use tools to exploit them
- Attackers gain unauthorized access to the system and steal sensitive data or install malicious code
- Attackers monitor the computer or network, steal information, or use computing resources.
One often overlooked attack vector is your third and fourth-party vendors and service providers. It doesn't matter how sophisticated your internal network security and information security policies are — if vendors have access to sensitive data, they are a huge risk to your organization.
This is why it is important to measure and mitigate third-party risks and fourth-party risks. This means it needs to be part of your information security policy and information risk management program.
Consider investing in threat intelligence tools that help automate vendor risk management and automatically monitor your vendor's security posture and notify you if it worsens.
Before considering a new vendor perform a cybersecurity risk assessment to understand what attack vectors you could be introducing to your organization by using them and ask about their SOC 2 compliance.
What are the Common Types of Attack Vectors?
1. Compromised Credentials
Usernames and passwords are still the most common type of access credential and continue to be exposed in data leaks, phishing scams, and malware. When lost, stolen, or exposed, credentials give attackers unfettered access. This is why organizations are now investing in tools to continuously monitor for data exposures and leaked credentials. Password managers, two-factor authentication (2FA), multi-factor authentication (MFA), and biometrics can reduce the risk of leak credentials resulting in a security incident too.
2. Weak Credentials
Weak passwords and reused passwords mean one data breach can result in many more. Teach your organization how to create a secure password, invest in a password manager or a single sign-on tool, and educate staff on their benefits.
3. Insider Threats
Disgruntled employees or malicious insiders can expose private information or provide information about company-specific vulnerabilities.
4. Missing or Poor Encryption
Common data encryption methods like SSL certificates and DNSSEC can prevent man-in-the-middle attacks and protect the confidentiality of data being transmitted. Missing or poor encryption for data at rest can mean that sensitive data or credentials are exposed in the event of a data breach or data leak.
Misconfiguration of cloud services, like Google Cloud Platform, Microsoft Azure, or AWS, or using default credentials can lead to data breaches and data leaks, check your S3 permissions or someone else will. Automate configuration management where possible to prevent configuration drift.
Ransomware is a form of extortion where data is deleted or encrypted unless a ransom is paid, such as WannaCry. Minimize the impact of ransomware attacks by maintaining a defense plan, including keeping your systems patched and backing up important data.
Phishing attacks are social engineering attacks where the target is contacted by email, telephone, or text message by someone who is posing to be a legitimate colleague or institution to trick them into providing sensitive data, credentials, or personally identifiable information (PII). Fake messages can send users to malicious websites with viruses or malware payloads.
New security vulnerabilities are added to the CVE every day and zero-day vulnerabilities are found just as often. If a developer has not released a patch for a zero-day vulnerability before an attack can exploit it, it can be hard to prevent zero-day attacks.
9. Brute Force
Brute force attacks are based on trial and error. Attackers may continuously try to gain access to your organization until one attack works. This could be by attacking weak passwords or encryption, phishing emails, or sending infected email attachments containing a type of malware. Read our full post on brute force attacks.
10. Distributed Denial of Service (DDoS)
DDoS attacks are cyber attacks against networked resources like data centers, servers, websites, or web applications and can limit the availability of a computer system. The attacker floods the network resource with messages which cause it to slow down or even crash, making it inaccessible to users. Potential mitigations include CDNs and proxies.
11. SQL Injections
SQL stands for a structured query language, a programming language used to communicate with databases. Many of the servers that store sensitive data use SQL to manage the data in their database. An SQL injection uses malicious SQL to get the server to expose information it otherwise wouldn't. This is a huge cyber risk if the database stores customer information, credit card numbers, credentials, or other personally identifiable information (PII).
Trojan horses are malware that misleads users by pretending to be a legitimate program and are often spread via infected email attachments or fake malicious software.
13. Cross-Site Scripting (XSS)
14. Session Hijacking
When you log into a service, it generally provides your computer with a session key or cookie so you don't need to log in again. This cookie can be hijacked by an attacker who uses it to gain access to sensitive information.
15. Man-in-the-Middle Attacks
Public Wi-Fi networks can be exploited to perform man-in-the-middle attacks and intercept traffic that was supposed to go elsewhere, such as when you log into a secure system.
16. Third and Fourth-Party Vendors
Address All of Your Attack Vectors With UpGuard
UpGuard also supports compliance across a myriad of security frameworks, including the new requirements set by Biden's Cybersecurity Executive Order.
CLICK HERE to get your FREE security rating now!