Module_1

MODULE 1



Understanding Attack Vectors



What is an Attack vector?

An attack vector is a route or means by which a hacker can gain access to a computer or
network server in order to deliver a payload or malicious outcome.

How Hackers exploit the attack vectors in cybersecurity?

Their methodology goes like this:

Analysis and inspection of the potential target

To achieve this, hackers employ sniffing, emails, malware or social engineering.

Encoding

Next, they select the best choice to invade networks. They proceed to encode and align
the best tools to exploit the vulnerability.

Installation

Third, they break through security and plant the malicious software.

Exploiting

Once they have breached our systems; they proceed to exploit the collected
information (sensitive data) to obtain the intended benefits.

Now, let’s give a look on the different attack vectors in cybersecurity attacks that expose
us to potential vulnerabilities.

What does an Attack Vector Include?

Attack Vectors include viruses, e-mail attachments, Web pages, pop-up windows, instant
messages, chat rooms, and deception.

All these methods involve at least a little bit of programming, except deception, in which a
human operator is fooled into removing or weakening system defenses.

Attack Vectors:

These are attacks that go straight to our devices or hosts in general. We’ll mention only some of
the best known.

1. Malware: Includes all programs that introduce malicious code (viruses, worms, Trojans)
on our computers, causing multiple and invaluable damage.

2. Keyloggers: Employs programs to collect everything that the user types via keyboard.
They can even take screenshots.

3. Social engineering: Acquiring confidential information from a person or organization to
use it for malicious purposes. The most famous examples are phishing and spam.

4. Phishing: Consist in deceiving the users to obtain their confidential information by
spoofing the identity of a body or Internet website.

5. Spam: Unsolicited messages, commonly in the form of ads, sent in a massive and
repetitive manner. Email is the most used means for such attacks. However, instant
messaging programs and even unsolicited phone calls are popular.

Cybersecurity attack vectors: Network

Computer networks are the favorite means of many hackers to steal information to sell to the
highest bidder white; or causing sabotage aimed at slowing down the network’s traffic. They
can be active and passive attacks.

Active attacks happen when an intruder manages to install malicious codes aimed to sabotage
the good performance of networks and computers. On the other hand, the passive
attack occurs when an attacker gets into a network and intercepts data exchange on the
network.

Attack Vector in cybersecurity: Active attacks

Spoofing: Addresses to the use of techniques for identity theft.
Modification: Consists in modifying the routing table so that the sender sends message
through longer paths causing major delays.
DDoS: Attack of Denial of Service (DDoS) is to keep busy consuming network bandwidth
with constant messages that disrupt normal service delivery.
Fabrication: False routing message produced to prevent information from reaching its
destination.

Attack Vector in cybersecurity: Passive attacks

Sniffing or traffic analysis: An attacker detects the communication path between sender
and receiver. Then, finds the amount of data moving between sender and receiver.
There are no changes in the data.
Eavesdropping: Occurs in the ad-hoc mobile network. The main objective of this attack
is finding out secret or confidential information by intercepting the means of
communication.

Supervision: An attack where hackers can read confidential data but cannot edit it.



What should we do to debug our networks from attack vectors?

Of course, this is the next logical question we must answer. Here is some advice to shield
networks and remove any attack vectors:

Keep your networks and servers free of obsolete software.

Update and apply every security patch you find. These solutions correct
vulnerabilities discovered over time.

Train the final users of your networks and services on good practices with regards to
digital security. Conduct campaigns and regular talks on this subject.

Use firewalls as they monitor and control traffic between private and public networks.
Make periodic backups of your sensitive data, so you can always recover the
information in zero-day events, failure or system attacks.

Keep an eye on the latest trends in digital security through specialized magazines or
technology websites.

Use constantly updated antivirus.

Types of Attack Vectors

• Ransomware
• Malicious Code Injection
• Social Engineering
• Remote Access
• Phishing
• Spoofing

• Brute Force Attack



Ransomware:

Ransomware blocks access to a victim’s data, typically threating delete it unless a ransom is
paid. There is no guarantee that paying a ransom will regain access to the data. Ransomware is
often carried out via a Trojan delivering a payload disguised as a legitimate file.



Malicious Code Injection:

Code Injection or Remote Code Execution (RCE) enables the attacker to execute malicious code
as a result of an injection attack. These attacks are different than Command Injection attacks.
An attacker’s capabilities depend on the limits of the server-side interpreter (for example, PHP,

Python, and more). In some cases, an attacker may be able to escalate from Code Injection to
Command Injection.

Social Engineering:

Social engineering is the term for a wide range of malicious activities accomplished through
human interactions. It uses psychological manipulation to trick users into making security
mistakes or giving away sensitive information.

Social engineering attacks happen in one or more steps. First, an attacker investigates the
potential victim to gather necessary background information, such as potential points of entry
and weak security protocols, needed to proceed with the attack. Then, the attacker moves to
gain the victim’s trust and provide opportunities for actions that break security practices, such
as revealing sensitive information or granting access to critical resources.



Remote Access:

A remote attack is a malicious action that targets one or a network of computers. This attack
does not affect the computer used by the attacker. Instead, the attacker will find vulnerable
points in a computer or network's security software to access the machine or system.

The main objectives for remote attacks are to view or steal data illegally, introduce viruses or
other malicious software to another computer or network or system, and cause damage to the
targeted computer or network.

Phishing:

Phishing attack is the practice of sending emails that appear to be from trusted sources with
the goal of gaining personal information or influencing users to do something. It combines
social engineering and technical trickery. It could involve an email attachment that loads
malware onto your computer or a link to an illegitimate website that can trick you into
downloading malware or handing over your personal information.

Spoofing:

Spoofing is the act of concealing a communication from an unknown source as being from a
known, trusted source. Spoofing can apply to emails, phone calls, and websites. They can be
more technical such as a computer spoofing an IP address, Address Resolution Protocol (ARP),
or Domain Name System (DNS) server.

Brute Force Attack:

A Brute Force Attack is the easiest method to gain access to a site or server or anything that is
password protected. It attempts various combinations of usernames and passwords repetitively
until it gets in. This repetitive action is like an army attacking a fort.

How to choose an attack vector?
When we talk about cybersecurity events, we often discuss “the three principles of security”
which are often abbreviated “CIA”:

Confidentiality of the information. Informational confidentiality is what comes to mind
most frequently when we consider cybersecurity breaches. When an attacker can access
personal information and use it for nefarious purposes, confidentiality has been broken.
Integrity of the information. Informational integrity refers to information in its original
format that hasn’t been manipulated by a bad actor.
Availability of the information. Informational availability can be impacted by DDOS
attacks (which we’ll discuss below). If an attacker can bring down a service for a period,
it affects whether people can access the information they want or need.



References:
Attack Vectors in Cybersecurity- Alexander Guedez

https://www.gb-advisors.com/attack-vectors-in-cybersecurity/

3 Attack Vectors that lead to Cybersecurity Breaches – Melissa Stevens

https://www.bitsight.com/blog/attack-vectors-types-of-security-breaches
Information Technology Services – Binghamton University
https://www.binghamton.edu/its/about/organization/information-security/phishing.html