An attack vector is defined as the method or way by an adversary can breach or infiltrate an entire network/system. There are numerous ways that adversaries can exploit system vulnerabilities, and attack vectors enable that exploitation.
Here are the top 8 most common attack vectors:
- Compromised and Weak Credentials – The perennial top attack vector, compromised credentials account for more than 80% of breaches globally. With password reuse rampant (passwords are reused an average of 2.7 times), one breached credential offers attackers access to multiple services. Multi-factor authentication, password managers, and user education on proper identity best practices can help thwart this common attack vector.
- Misconfiguration – Misconfiguration has resulted in many high profile breach events, with disastrous consequences. There have been dozens of breaches related to misconfiguration of AWS S3 buckets alone. These oversights are often the result of well-intentioned developers either rushing to get products to market, or simply unfamiliar with secure configuration of the services that they are using. Avoiding misconfigurations is easier said than done, but procedures and systems that audit and automate secure configuration are a great starting point, in addition to ongoing training for developers.
- Malware – Malware comes in many different forms – viruses, ransomware, etc. Basically, any type of harmful software. Ensuring that all systems have the latest anti-malware software installed is important, as is limiting user privileges, and educating users on what to look out for when clicking links or installing software.
- Missing or Poor Encryption – Missing or weak encryption can result in sensitive data, such as customer information or credentials, being stolen. Weak encryption can be just as bad as no encryption at all, as many legacy encryption algorithms can be cracked trivially using modern compute power. Whenever possible, use strong encryption for data-at-rest, data-in-transit, and data being processed.
- Phishing – the human element always has, and likely always will be, a key contributing factor in information security failure. Attackers know they can lure users into clicking malicious links or divulging sensitive data, so they continue to (successfully) rely on this attack vector.
- Denial of Service Attacks – DoS, and their distributed big brother, DDoS attacks, are meant to flood the resources of a system or site, rendering it unusable. There are a number of subscription services that can help identify and mitigate the effects of even very large scale DDoS attacks.
- Malicious Insiders – the “double agent” of the modern corporate world, a malicious insider is an employee who abuses their privileges as an authorized user to conduct and attack against company information systems. Since these users are legitimate, it can be more difficult to detect these types of attacks than most others.
- Trust Relationships and Third Party Risk – There are many interconnected systems, both within and across organizations. This complex set of relationships has the potential to be exploited by attackers, as most famously happened in the Target breach where the initial infiltration was via a third party HVAC vendor. Minimizing privileges, leveraging zero-trust and privileged access management, can help thwart such attacks.
Taking steps to ensure a strong cyber security posture can help ensure that no adversary is able to easily leverage any of these attack vectors to infiltrate your organization.
Uncertain how strong your security posture is? Balbix can help.