An attack vector is a path, method or means by which cybercriminals penetrate a target system. Attack vectors can include cybercriminal tools and actions, as well as the human factor or vulnerable technologies on the side of the potential victim and their contractors. The set of all possible attack vectors in a system or organization is called the attack surface.
There can be multiple attack vectors for one device or application. And different vectors can be used in the same attack.
Most common attack vectors
Possible attack vectors on the side of the attacker include:
- Social engineering methods, such as phishing.
- Malware already present in the target system. There are many varieties of malware that specialize in delivering other malicious programs.
- Password brute-forcing to gain access to a remote interface (for example, RDP).
- Exploits for vulnerabilities.
Possible attack vectors on the side of the potential victim include:
- Email, messengers, and other communication tools.
- PowerShell and other shells for running scripts.
- USB drives and other HIDs (such as keyboards, mice) connected to a workstation or server.
- Internet of Things (IoT) devices (such as routers, IP cameras and smart thermometers).
- ATM or payment terminal interfaces.
- Internet-facing services or devices with vulnerabilities.
- Weak or compromised passwords.
Attack vector analysis for security
To protect a system or organization from intrusions, experts analyze the attack surface. They study possible attack vectors and evaluate the likelihood of its exploitation by attackers. For instance, a feedback form on a company website can, in theory, be considered an attack vector against customers if it allows to enter as a name any sequence of characters, including links. However, if data sent through the form is correctly processed and links are not accepted as names, the probability of such an attack is low. Likewise, RDP access with admin rights can be considered an attack vector against an organization, but is more likely to be used if the RDP password is weak.
Knowing which attack vectors pose a threat to a particular system allows you to enhance its security by eliminating these vectors. For example, if on a computer there are vulnerable programs that attackers could exploit, this attack vector can be eliminated by installing a patch or disabling the vulnerable components in these programs.