The cybersecurity puzzle involves many parts: hacking, cracking, exploit db, malware, PoC, phishing campaigns, indicators of compromise, among others. And a critical variable is the aptly named “attack vector”.
Many infosec beginners don’t have a clear concept of what an attack vector is, or the main differences between that concept and the “attack surface”. That’s why this article will explore the real definition of an attack vector, the main types of attack vectors, examples of such, and more.
Definition of attack vector
In plain English, an attack vector is a way or method used by an attacker to obtain illegal access to a local or remote network or computer. It’s the term used by the infosec industry to describe the path taken by an attacker (or malware application) to compromise an operating system or data.
Exemplifying this concept are “compromised credentials”. These affect many companies due to reasons that include social engineering attacks, malicious email campaigns and malware.
Now let’s explore some of the most popular types of attack vectors.
Types of attack vectors
- Compromised credentials: As mentioned, this is by far the most popular way to break into a system. Methods of getting hacked by compromised credentials include phishing scams, data leaks, malware infections or simply the classic habit of using weak passwords, or re-using the same passwords in multiple accounts.
- Phishing: This is one of the most traditional forms of social engineering, where the main targets are humans—and their predictable acts while opening an email. When a phishing campaign is sent, you’ll probably receive a fake email that looks like a real one. Its goal is to trick you into sharing your sensitive data, credentials or other private information.
- Unpatched vulnerabilities: this attack vector is used by cyber criminals to break into systems and software. Exploiting these vulnerabilities is somewhat easy after finding the right CVE or PoC. For you, the real challenge resides in having all your critical assets updated, something most system and software administrators seek.
- Missing or poor encryption: Even in 2020, there are still people who use unencrypted FTP sessions to transfer data, or who pass data over a plain HTTP protocol without any TLS encryption. There are also those who use SSL/TLS encryption, but allow old protocol versions and vulnerable cyphers to encrypt their data. Using a strong encryption method and keeping cypher chains updated is critical for avoiding man-in-the-middle attacks, among others types of network threats.
- Misconfiguration: Using the default configuration on hardware devices and software applications, or misconfiguring any setting could lead to your services being exploited due to known and unknown vulnerabilities. Even worse, it can result in having all your data publicly exposed. Following the best configuration and hardening practices (such as Best SSH Security Practices for example) is the most effective way to prevent these kinds of issues. A good monitoring system also helps to easily detect misconfigured servers and apps.
- Malicious insiders: This attack vector involves employees with bad intentions, that may be also working for rival companies. They share private and sensitive information about software, servers or hardware-related devices with a third party, who can later use this information to cause damage to the company or its clients. Malicious insiders are generally angry and unhappy employees, who can cause real damage if they have access to privileged areas within the company.
- Ransomware: Ever-popular ransomware attacks are on the rise. It’s a form of cyber-blackmail, essentially the practice of obtaining something, especially money, through threats over the Internet. The most commonly used ransomware method is to gain access to the system, block and encrypt the data from the hard drive, then ask for payment to release the decryption key.
- Third-party vendors: Outsourcing is one of the best ways to gain strategic advantages, reduce costs, and bring technical and business value into your company. The downside of this, however, is that you are leaving your organization exposed to a new cybersecurity risk. Third-party vendors can also be the main cause of data loss, security breaches and data leaks.
Stay in the loop with the best infosec news, tips and tools
Follow us on Twitter to receive updates!Follow @SecurityTrails
Difference between attack vector and attack surface
As previously stated, an attack vector is a way used by attackers to exploit systems and access the target system or network.
On the other hand, an attack surface is the total amount of attack vectors that could potentially be used to exploit any part of your network, operating systems or the data hosted within.
That’s why it is so important to know your attack surface. From there, you can literally group all your attack vector points and see the big picture, instead of isolated threats.
How can you protect your network against popular attack vectors?
Educate your staff
Social engineering attacks play a major role in the modern cybersecurity incidents that befall any organization. Instilling efficient cybersecurity culture and educating employees against the most common types of human-based attacks is critical for the prevention of phishing, ransomware and compromised credential issues.
Follow industry best practices
Misconfigured devices, software apps and servers are among top attack vectors exploited by malicious actors. All IT departments, and especially those involving system administration, network engineering and security teams, need to follow the best recommended practices.
All companies must ensure the IT staff is following the right procedures for new app, server and hardware deployments, ensuring the best security policies are met.
Explore your attack surface
More good advice we can give you is to begin auditing your attack surface. This lets you stay one step ahead of any bad actors, by giving you a clear view of all your weak points that occur over exposed known and unknown IT infrastructure assets.
When it comes to attack surface management, our enterprise-grade product Attack Surface Reduction - ASR is an essential tool to assess all your valuable devices within a single web-based interface.
What are the main ASR features to keep your attack surface under control?
Get a full summary of all your assets, including total domains, total IPs and vulnerabilities found. You can also pivot between a summary by hosting company, tag cloud, and summary by open ports. You can also access the Export option to download all your subdomain, apex domains and IP lists in seconds.
Find out how and when all your assets were added over time, including DNS records, IP blocks, SSL certificates, WHOIS records, and much more.
This is the main command center for all your exploration and discovery tasks. Take a deep dive into the network and system details of all your assets, from one single place.
View domains and IPs, order results by hosting company or open ports, get the ability to exclude certain ports such as 80 or 443, and filter popular CDN hosted-domains such as Incapsula or Cloudflare.
Our IP tool is one of the most complete IP intelligence utilities on the infosec market, enabling you to quickly explore open ports, port history, hosted domains, devices that have had interaction with the IP, geolocation, IP neighbors, P2P activity, general IP behavior and usage, DNS records, web hosting provider, and much more.
As we’ve explored, unpatched vulnerabilities are among the main causes of system breaches and data leaks. Therefore, using a vulnerability scanner to look for vulnerabilities and exposures over all your assets provides a major opportunity for you to stop any risks before they become real threats.
When you want to find out how many active CVEs you have on your current assets, our built-in vulnerability scanner will give you instant results, including details such as:
- CVE Name
- Exploits (if available)
- Risk Score
- Affected domains and IPs
Find details regarding everything that’s been added, including hostnames, DNS records, open ports, record values, timestamp, organization name, URL scheme, and more.
Attack vectors are somehow inevitable, and will always be a part of your attack surface. There are, fortunately, many ways to protect yourself and your company from being exploited by the popular attack vectors we mentioned today.
Educating employees and training your IT staff are definitely good ways to start the process—but the quickest thing you can do right now is to begin auditing your attack surface, discovering all your attack vectors in one place.
Discover Attack Surface Reduction - ASR, the ultimate attack surface analyzer. Get in touch with our sales team today!