In cybersecurity, an attack vector is a path or means by which an attacker can gain unauthorized access to a computer or network to deliver a payload or malicious outcome. Attack vectors allow attackers to exploit system vulnerabilities, install different types of malware and launch cyber attacks.
Attack vectors can also be exploited to gain access to sensitive data, personally identifiable information (PII) and other sensitive information that would result in a data breach. And with the average cost of a data breach at $3.92 million, it pays to think through how to minimize potential attack vectors and prevent data breaches.
Common attack vectors include malware, viruses, email attachments, web pages, pop-ups, instant messages, text messages and social engineering.
The number of cyber threats is on the rise as cyber criminals look for exploit unpatched vulnerabilities listed on CVE and the dark web, and no one solution can prevent every attack vector. Cyber criminals are increasingly sophisticated and it is no longer enough to rely on an antivirus as your sole security system.
What is the difference between an attack vector, attack surface and data breach?
- Attack vector: A method or way an attacker can gain unauthorized access to a network or computer system.
- Attack surface: The total number of attack vectors an attacker can use to manipulate a network or computer system or extract data.
- Data breach: Any security incident where sensitive, protected, or confidential data is accessed or stolen by an unauthorized party.
Why are attack vectors exploited by attackers?
Cyber criminals can make money from attacking your organization's software systems, such as stealing credit card numbers or online banking credentials. However, there are other more sophisticated ways to monetize their actions that aren't as obvious as stealing money.
Attackers may infect your system with malware that grants remote access to a command and control server. Once they have infected hundreds or even thousands of computers they can establish a botnet, which can be used to send phishing emails, launch other cyber attacks, steal sensitive data or mine cryptocurrency.
Another common motivation is to gain access to personally identifiable information (PII), healthcare information and biometrics to commit insurance fraud, credit card fraud or to illegally obtain prescription drugs.
Competitors may employ attackers to perform corporate espionage or overload your data centers with a Distributed Denial of Service (DDoS) attack to cause downtime, harm sales and cause customers to leave your business.
Money is not the only motivator. Attackers may want to leak information to the public, embarrass your organization, be motivated by political ideologies, or be performing cyber warfare on behalf of a nation state like the United States or China.
How do attackers exploit attack vectors?
There are many ways to expose, alter, disable, destroy, steal or gain unauthorized access to computer systems, infrastructure, networks, operating systems and IoT devices.
In general, attack vectors can be split into passive or active attacks:
- Passive: attempts to gain access or make use of information from the system but does not affect system resources, such as typosquatting, phishing and other social engineering based attacks.
- Active: attempts to alter a system or affect its operation such as malware, exploiting unpatched vulnerabilities, email spoofing, man-in-the-middle attacks, domain hijacking and ransomware.
That said, most attack vectors share similarities:
- Attacker identifies a potential target.
- Attacker gathers information about the target using social engineering, malware, phishing, OPSEC and automated vulnerability scanning.
- Attackers use the information to identify possible attack vectors and create or use tools to exploit them.
- Attackers gain unauthorized access to the system and steal sensitive data or install malicious code.
- Attackers monitor the computer or network, steal information or use computing resources.
One often overlooked attack vector are your third and fourth-party vendors and service providers. It doesn't matter how sophisticated your internal network security and information security is, if vendors have access to sensitive data they are as much a risk to your organization.
Consider investing in threat intelligence tools that help automate vendor risk management and automatically monitor your vendor's security posture and notify you if it worsens.
Before considering a new vendor perform a cybersecurity risk assessment to understand what attack vectors you could be introducing to your organization by using them and ask about their SOC 2 compliance.
What are the common types of attack vectors?
- Compromised credentials: Usernames and passwords are still the most common type of access credential and continue to be exposed in data leaks, phishing scams and by malware. When lost, stolen or exposed, credentials give attackers unfettered access. This is why organizations are now investing in tools to continuously monitor for data exposures and leaked credentials. Password managers, two-factor authentication and biometrics can reduce the risk of leak credentials resulting in a security incident too.
- Weak credentials: Weak passwords and reused passwords mean one data breach can result in many more. Teach your organization how to create a secure password, invest in a password manager or a single sign-on tool, and educate staff on their benefits.
- Malicious insiders: Disgruntled employees can expose private information or provide information about company specific vulnerabilities.
- Missing or poor encryption: Common encryption methods like SSL certificates and DNSSEC can prevent man-in-the-middle attacks and protect the confidentiality of data being transmitted. Missing or poor encryption for data at rest can mean that sensitive data or credentials are exposed in the event of a data breach or data leak.
- Misconfiguration: Misconfiguration of cloud services, like Google Cloud Platform, Microsoft Azure or AWS, or using default credentials can lead to data breaches and data leaks, check your S3 permissions or someone else will. Automate configuration management where possible to prevent configuration drift.
- Ransomware: Ransomware is a form of extortion where data is deleted or encrypted unless a ransom is paid, such as WannaCry. Minimize the impact of ransomware attacks by keeping your systems patched and backing up important data.
- Phishing: Phishing is a social engineering technique where the target is contacted by email, telephone or text message by someone who is posing to be a legitimate colleague or institution to trick them into providing sensitive data, credentials or personally identifiable information (PII). To minimize phishing, educate your staff on the importance of cybersecurity and prevent email spoofing and typosquatting.
- Vulnerabilities: New vulnerabilities are added to CVE every day and zero-day vulnerabilities are found just as often. If a developer has not released a patch for a zero-day vulnerability before an attack can exploit it, it can be hard to prevent.
- Brute force: Brute force attacks are based on trial and error. Attackers may continuously try to gain access to your organization until one attack works. This could be by attacking weak passwords or encryption, phishing emails or sending infected email attachments containing a type of malware. Read our full post on brute force attacks.
- Distributed Denial of Service (DDoS): DDoS are cyber attacks against networked resources like data centers, servers or websites and can limit the availability of a computer system. The attacker floods the network resource with messages which cause it to slow down or even crash, making it inaccessible to users. Potential mitigations include CDNs and proxies.
- SQL injections: SQL stands for structured query language, a programming language used to communicate with databases. Many of the servers that store sensitive data use SQL to manage the data in their database. An SQL injection uses malicious SQL to get the server to expose information it otherwise wouldn't. This is a huge cyber risk if the database stores customer information, credit card numbers, credentials or other personally identifiable information (PII).
- Trojans: Trojan horses are malware that misleads users by pretending to be a legitimate program and are often spread via infected email attachments or fake software.
- Session hijacking: When you log into a service, it generally provides your computer with a session key or cookie so you don't need to log in again. This cookie can be hijacked by an attacker who uses it to gain access to sensitive information.
- Man-in-the-middle attacks: Public Wi-Fi networks can be exploited to perform man-in-the-middle attacks and intercept traffic that was supposed to go elsewhere, such as when you log into a secure system.
- Third and fourth-party vendors: The rise in outsourcing means that your vendors pose a huge cybersecurity risk to your customers data and your proprietary data. Some of the biggest data breaches were caused by third-parties.
How UpGuard can help you understand your organization's attack surface
CLICK HERE to get your FREE security rating now!