Currently, the average cost of a data breach is around $3.92 million. Every company has had its issues with cybersecurity, but one common thread is attack vectors and system vulnerabilities. Cybersecurity is getting more sophisticated by the second.
The key to cybercrime and hack prevention is sharing attack data and helping to prevent vulnerabilities as new threats arise. Understanding attack vectors and how they are uncovered is key to threat hunting and hack prevention.
What is an Attack Vector
In cryptography and cybersecurity, the term attack vector refers to a path or vulnerability in which a hacker gains unauthorized access to a network, computer, or server to deliver a payload that contains malware or other another malicious result.
Basically, attack vectors are vulnerable points in your system that can be exploited by those who know-how. They gain access to critical systems, personal information, and other sensitive data that effectively lead to a data breach.
All companies should know areas particularly susceptible to attack vectors and how to prevent them.
Common Types of Attack Vectors to Know
There are a few attack vectors that we already know, and many companies now have guardian systems and cyber defenses in place to prevent a data breach.
The most common attack vectors include:
Today’s society cannot live without downloading something. Malware can attach itself to any piece of data, and with everyone carrying a mobile device with access to the internet, every network administrator should be on the look out for threats.
Malware attacks have evolved and now include a subset of their own. Here are some of the attack vectors for malware that are emerging currently:
- Drive-by-downloads: Users simply view a website that triggers a download. This isn’t a new threat, but these are still used because it is so easy to hide a download on mobile devices.
- Ad-Based Malware: Third-party networks often allow for all kinds of malware and viruses to link up to ads on their site. You have probably accidentally clicked on one and immediately gotten 50 more pop-ups or an immediate download. However, these ads have been more successful at installing small pieces of malware that mine cryptocurrency, which drains the user’s computer resources.
- Mouse Hovering: Some applications have vulnerabilities even upon mouse hover, such as PowerPoint. Links can hide malicious scripts in PowerPoint software that immediately gets downloaded to the system.
- Scamware: This is malware disguised as virus detection or network security software. Once you download it, the scamware can take over disguised as trying to protect your system. Hackers also injected malware into popular computer cleanup utilities like CCleaner, which widely distributed malware.
A virus is any type of code that replicates and spreads itself through your computer, network, server, and programs. It’s also another term used to described malware. While viruses are considered a type of malware, not all malware is considered a virus.
While malware is a broad term that can refer to spyware, adware, nagware, trojans, worms, and other attack methods, a virus only pertains to those that spread and replicate.
This list of the most infamous viruses illuminates some of the differences.
The most well-known email attachment attack was the ILOVEYOU virus that caused $10 billion in damages and infected 10 percent of all computers on the planet. The virus was sent through an email attachment, which it called a “love confession.” Curiosity killed the cat, as they say. When the email attachment was clicked, the virus immediately gained access to the user’s mailing list and then went a step further to overwrite the computer files with its own, which made the user’s computer unbootable.
All types of malware can hang out on web pages, waiting to get a visitor to latch onto. These web pages may be able to hide scripts that download a hidden file onto your system.
Most pop-ups today can be prevented through a blocker, but others are so pervasive that they secretly load behind a screen and start to look for vulnerabilities in your system to download a file.
If you have ever clicked on a link from a mysterious message, such as on Discord or Skype, then you may already know the dangers. Typically that link contains a virus that will replicate and try to take over your account, messaging other contacts as yourself with a link to a malicious webpage that includes malware.
Recently there have been a string of malware attacks on mobile through text messages. If you ever receive a text with a link from someone you don’t know, it’s probably a malware attack.
One of the most common ways that hackers gain access to a system is by pretending to be a user in need of credentials without knowing any information besides a name and address typically. Social engineering attacks were less commonly known in the early 2000s, but nowadays there are special protocols that companies put in place to recognize and stop social engineering in its track.
A typical social engineering attack is a phone call made to a company’s customer service team, in which the caller pretends to be a user unable to get into their account. They may know a few details, but when prompted for social security numbers or other specific information only known to the user, they would have an excuse for why that information isn’t usable.
The social engineer would be so convincing that eventually the hacker would get the information from the customer service rep or have the information completely changed.
There are much more complicated social engineering tactics nowadays, but this was the modus operandi for many of the early social engineers.
Brute Force attacks – This is quite a common attack vector and involves identifying a password or decryption key by trying all possible combinations.
Dictionary attacks – This is another common attack vector. While being similar to a Brute Force attack, it uses a limited set of known passwords or keys, known as a dictionary.
Man in the Middle attack – This type of attack mostly takes place in networks where data is being transmitted between client and server. The middle man will attempt to intercept this data and/or manipulate it.
Distributed-Denial-of-Service or DDoS Attacks
These crash your data centers by overloading them, thus causing your system to fail, halt your sales, and make customers anxious over doing business with you. This is typically a sign of corporate espionage. The group Anonymous is well known for DDoSing organizations when the companies do something they don’t like, such as when they brought down Twitter and Netflix.
Weak passwords and reused passwords are one of the main ways that organizations get hacked by. You should always create secure, encrypted passwords for admins that are not shared.
Missing or Bad Encryption
Encryption is important to have because it protects your system from man-in-the-middle attacks.
Differences Between Attack Vector, Attack Surface and Data Breach
These terms often go together when talking about cyber defense, vulnerabilities, and threat hunting.
Attack Vector: This is the method or channel an attacker gains unauthorized access to on a network or computer system.
Attack Surface: This is the total number of attack vectors that attackers may use to hack into a computer system or manipulate a network in order to extract data.
Data Breach: This is any cybersecurity event where confidential, protected, and sensitive data is accessed by an unauthorized party.
Reasons to Close Your Attack Vector Vulnerabilities
Cybercriminals look for ways to make money by exploiting others, particularly businesses that store credit card numbers and other online banking information. The goal is to monetize their hack through stolen, fraudulent information.
In some cases, they also want personally identifiable information (PII), medical information, and other biometrics to commit identity theft or set up accounts under your name.
In other cases, hackers may want to leak information and expose your organization for one reason or another.
How to Protect Against Attack Vector Vulnerability
There are many ways for hackers to gain access to your system. They typically try to expose your vulnerabilities, alter your security codes, disable your system, destroy it altogether, steal access, or otherwise gain unauthorized access to your networks, systems, and devices.
Attack vectors can be split into two groups:
- Social engineering
- Exploiting unpatched security holes
- Email spoofing
- Man-in-the-middle attacks
- Domain hijacking
What is Threat Hunting
According to research, hackers spend 191 days in your system before they are discovered. Threat hunting can track down these anomalies and hidden breaches before they cause more damage.
- Install an automated security system with automated blocking, monitoring, firewalls, antivirus, endpoint management, network packet capture, and SIEM access
- Access to threat intelligence resources to look up IP addresses, malware hashes, and indicators of compromise
Before you start to hunt down threats, you need to list out prioritized intelligence requirements (PIRs). These are questions that will help you discover threats.
For example, how is data being protected by my system? What areas of my system are accessed by multiple people with admin permissions? What type of encryption is used? PIRs typically are specific to the organization and what matters most.
What is a Frequency Analysis for Threat Hunting
Frequency Analysis for Threat Hunting – This is the analysis of the frequency that characters appear in passwords and keys. If encryption methods do not perform masking properly, this analysis allows determining plain text from keys statistically.