In cybersecurity, an attack vector is a method of gaining unauthorized access to a private network.
These pathways are either unintentional, such as vulnerabilities in third-party software, or intentionally designed by hackers, such as malicious software (malware).
Cybercriminals primarily exploit attack vectors to advance extorsion tactics, the most popular being the deployment of ransomware.
All digital solutions are potential attack vectors because of their direct or indirect pathways to sensitive data, but not all attack vectors occur on digital surfaces.
For example, in a social engineering attack, a victim is tricked into relinquishing sensitive information that could be used to facilitate a cyber attack. This information exchange could occur over the phone or even face-to-face.
Cyberattacks cannot be stopped, but by applying security controls that are proportional to the criticality of each attack vector, a successful cybersecurity program can be established.
Difference between an Attack Vector and an Attack Surface
Though sometimes used synonymously, attack vectors and attack surfaces refer to different entities. An attack surface is a single pathway into private resources, and an attack surface is the sum of all possible attack vectors on a digital surface.
22 Most Common Attack Vectors
It's important to understand the motivations behind a potential attack vector exploit to determine the best defense measures for each type of threat.
There are 5 primary categories of hackers:
- Displeased current or former employees - Such attackers are difficult to intercept because they have access to internal credentials and potential influence over the transfer of sensitive resource credentials. Because they already have internal access to a private network, employees are classified as attack vectors.
- Competitors - Business competitors could direct a cyberattack at a competitor's webserver to disrupt their online business activity (DDoS attacks).
- Cybercriminals - Cybercriminals exploit vulnerabilities either in operating systems or third-party software for extortion purposes.
- Ethical Hackers - Ethical hackers exploit vulnerabilities to advance political agendas. The primary objective of these attacks is to punish an adversary and not monetary gain.
Each of the above categories of hackers could attack their victims through any of the following 22 common attack vectors.
As a reminder, an attack vector is any action or vulnerability that could facilitate unauthorized access to a private network. Because this covers a wide range of possible cyber attack vectors, the below list includes multiple cyber threat types.
- Compromised Credentials.
- Lack of two-factor authentication.
- Weak Passwords.
- Malicious insiders.
- Missing or Poor Encryption.
- Misconfiguration, including Cloud Misconfiguration.
- Phishing attacks.
- Third-Party Software Vulnerabilities.
- Brute Force Attacks.
- Distributed Denial of Service (DDoS) Attacks.
- SQL injections.
- Cross-Site Scripting (XSS).
- Email attachments.
- Instant Messages.
- Internet Pop-ups.
- Web and mobile apps.
- Session Hijacking.
- Unpatched Vulnerabilities.
- Man-in-the-Middle Attacks.
- Third and Fourth Party service providers.
How Do Cyberattacks Occur via Attack Vectors?
To understand how cyberattacks approach attack vector exploitation, this process needs to be considered in the context of the entire cyber attack lifecycle.
Most cyber-attacks occur in 5 stages.
Stage 1 - Initial reconnaissance
Cyberattackers analyze targets to discover potential attack vectors and predictable behaviors. This research encompasses both internet-facing surfaces (such as third-party software) and internal staff to shortlist possible social engineering victims.
Stage 2 - Initial Compromise
This is the stage where attack vectors are exploited. This could occur through either passive or active methods.
Passive attack vectors exploits - This type of exploit does not interfere with system recourses. They occur outside of the ecosystem perimeter.
Examples of passive attack vector exploits include:
Active attack vector exploits - This type of exploit involves interactive with internal systems to facilitate malicious code injections.
Examples of active attack vector exploits include:
Multiple types of attack vectors are often required to enter a private network.
For example, phishing emails are usually sent first. These are seemingly innocuous emails that steal credentials when their infected links or attachments are interacted with. These are sent to multiple employees to maximize success.
If the internal credentials garnished from a phishing attack don't penetrate deep enough, a man-in-the-middle attack could follow to intercept private communications between privileged access staff members.
Stage 3 - Establish Foothold
After penetrating an ecosystem, cyberattacks almost immediately establish a foothold so that can gain access without having to restart the cyberattack sequence every time. This is typically achieved through a persistent backdoor.
Stage 4 - Escalate Privileges
Hackers usually compromised generic employee credentials when exciting the first 3 stages of a cyberattack because they are the easiest to obtain.
Higher privilege permissions that allow deeper access to sensitive resources are not easily obtained through passive attack vector exploits.
These golden keys are obtained from within an ecosystem through any of the following methods:
- Exploiting software vulnerabilities.
- Obtaining and abusing PKI certificates.
- Password hash attacks
- Keystroke / credential logging.
Stage 5 - Move Laterally
At this stage, an attacker leverages their privileged access to move throughout the internal network.
During this process, firewalls and antivirus software are manipulated to evade detection, an internal reconnaissance is completed to discover deeper internal security vulnerabilities.
Stage 6 - Maintain Pressence
The foothold strategies implemented in stage 2 are further strengthened to facilitate unimpeded access to the target environment at any time.
This is usually achieved through malware backdoors linking to a Command and Control Infrastructure, also known as C2 or C&C.
Stage 7 - Complete Mission
At this stage, a cyberattacker has achieved their malicious objective. This could include:
- Exfiltrating Personal Identifiable Information (PII).
- Accessing a credit card number database.
- Deploying ransomware.
- Encrypting sensitive data to disrupt business operations.
- Achieving a data breach.
- Recruiting the target system into a botnet.
- Injecting spyware.
After the attack is complete, cyberattacks rarely remove their access to a target computer system. If a security incident alert is avoided, hackers will maintain a clandestine presence to continue monitoring and mining private data.
The typical cyber attack process is rarely a linear trajectory. After establishing a foothold, hackers keep burrowing deeper towards sensitive resources. This involves multiple cycles of internal reconnaissance, lateral movements, and solidifying a deeper pressence until the attack objective is reached.
How to Defend Against Common Attack Vectors
To address common attack vectors, security controls must spread across the majority of the attack surface. The process begins by identifying all possible entry points into your private network - a delineation that will differ across all businesses.
The following cyber defense strategies will help you block frequently abused entry points and also highlight possible regions in your ecosystem that might be housing attack vectors.
- Create secure IoT credentials - Most IoT devices still use their predictable factory login credentials, making them prime targets for DDoS attacks.
- Use a password manager - Password managers ensure login credentials are strong and resilient to brute force attacks.
- Educate employees - To prevent staff from falling common for social engineering and phishing tactics, they need to be trained on how to identify and report potential cybercriminal activity. Humans will always be the weakest points in every security program.
- Identify and shut down data leaks - Most businesses are unknowingly leaking sensitive data that could facilitate data breaches. A data leak detection solution will solve this critical security issue.
- Detect and remediate all system vulnerabilities - This should be done for both the internal and external vendor networks. An attack surface monitoring solution can help you do this.
- Keep antivirus software updated - Updates keep antivirus software informed of the latest cyber threats roaming the internet.
- Keep third-party software regularly updated - Software updates contain critical patches for newly discovered attack vectors. Many cyber attackers have achieved success by abusing known vulnerabilities in out-of-date software.
Secure your Attack Vectors with UpGuard
UpGuard monitors both the internal and third-party attack surfaces for attack vectors and data leaks.
By helping security teams rapidly identify and shut down vulnerabilities before they're discovered by cybercriminals, UpGuard offers unprecedented protection against data breaches and supply chain attacks.