What is an Attack Vector?
In the context of information security, an attack vector is a specific path, method, or scenario that can be exploited by attackers to break into an IT system, thus compromising its security. The term was derived from the corresponding notion of 'vector' in biology.
Hackers would use a number of vectors to launch their attacks on your IT systems so that they can take advantage of weaknesses of any given IT system. You are very much familiar with so many of attack vectors, e.g., malwares, viruses, malicious email attachments, malicious weblinks, pop-up windows, instant messages, social engineering, unpatched vulnerabilities, etc.
-
Types of Attack VectorsMost attack vectors can be classified in 2-categories:
1. PASSIVE ATTACK VECTORS
Passive attack vectors are used by attackers when they use them to 'monitor' your systems for finding open-ports, or other vulnerabilities, to collect more information about you or your systems. These are a little difficult to detect, because these do NOT usually involve any alteration to your data or system resources. They don't cause damage to your company's data or systems, as attackers intend to steal or breach the confidentiality of your data.
Passive attack vectors include passive reconnaissance, which sees the attacker monitor your company's systems for vulnerabilities WITHOUT interacting with them, through tools like session capture, and active reconnaissance, where the attacker uses methods like port-scans to engage with target systems.
2. ACTIVE ATTACK Vectors
These attack vectors are used by attackers with a clear intention of disrupting or damaging to your company's systems, or to affect the regular operations of these systems. These vectors may be in operation if your systems are forced to shut-down maliciously. Using these attack vectors, they are launching full-fledged ATTACKS exploiting the vulnerabilities found on your IT system(s), e.g., DoS/DDoS attacks, using your users' weak passwords, or malwares or phishing methods, MiTM attacks, email spoofing, etc.
A common example of an active attack is a masquerade attack, in which an intruder pretends to be a trusted user and steals login credentials to gain access privileges to your system resources. Active attack methods are often used by cyber criminals to gain the information they need to launch a wider cyberattack against your organization.
Ransomware attacks also fall in this category, as they are intended to elicit money from your company or organisation.
-
Methodology of Attack Vectors
In most cases, the general methodology of exploiting attack vectors is the same:
-
Hackers identify a target system that they wish to penetrate or exploit.
-
Hackers use data collection and observation tools such as sniffing, emails, malware or social engineering to obtain more information about the target.
-
Hackers use this information to identify the 'best' attack vector, then they create tools to exploit it.
-
Hackers break the security system using the tools they've created, then install malicious software applications.
-
Hackers begin to monitor the network, stealing your personal and financial data or infecting your computers and other endpoint devices with malware bots, etc.
-
What is the difference between attack vector and attack surface?
They are not same.
An attack vector differs from an attack surface, as the vector is the means by which an intruder gains access and the attack surface is what is being attacked.
The Attack Surface is the total number of attack-vectors an attacker can use to launch an attack against your organisation to extract data or exploit in any other possible ways. All your devices and people are part of your organization’s attack surface because their vulnerabilities, such as weak passwords or unpatched software, can also be exploited by attackers.
In short, attack surface is the 'entire external-facing area' of your organization that is vulnerable to hacking and other cyberattacks.
-
Monitoring Attack Vectors is Crucial
Attack vectors are linked to security vulnerabilities in your network, so you can use an attack surface monitoring solution. If you do that, you should be able to locate attack vectors throughout your threat landscape.
You should forever monitor your IT systems for attack vectors using up-to-date IOCs databases. For that you need to subscribe to advanced THREAT INTELLIGENCE channels, such as CrowdStrike, etc, so that you have consistent access to the latest information on known threats and attack vectors.
One often overlooked attack vector are your third and fourth-party vendors and service providers. It doesn't matter how sophisticated your internal network security and information security are, if vendors have access to sensitive data they are as much a risk to your organization.
This is why it is important to measure and mitigate third-party risk and fourth-party risk. This means it should be part of your information security policy and information risk management program.
Overall, you need to implement right POLICIES and PROCEDURES to secure potential attack vectors against exploitation by hackers.
-
Why is it important to think in terms of threat vectors?
Therefore, it is highly imperative for you to change the way you approach Information Security. You are advised to learn how to focus on specific threat vectors.
Here is an example..
Healthcare industry, is one of the most vulnerable industries with a lucrative payoff and a large set of threat vectors.
These threat vectors include legacy and medical devices with patch vulnerabilities, an increased reliance on internet-of-things (IoT) devices, business associates with flimsy security and access to protected health information (PHI), and overworked employees reached through social engineering.
By learning about and focusing on threat vectors, healthcare organizations (and ALL industries) can proactively strengthen security for all MAJOR entry routes.
Even without knowing the WHO or WHEN of a cyberattack, identifying threat vectors as early as possible provides your organization with the WHAT, WHERE, and HOW in order to create a solid information security program.
-
Kindly write 
your comments on the posts or topics, because when you do that you help me greatly in 
designing new quality article/post on cybersecurity.
your comments on the posts or topics, because when you do that you help me greatly in designing new quality article/post on cybersecurity.You can also share with all of us if the information shared here helps you in some manner.
Life is small and make the most of it!
Also take care of yourself and your beloved ones…
With thanks,
Meena R.
____
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM