4 Attack Vectors You Should Be Watching Now
Share with Your Network
Attack vectors are the channels or means by which threat actors attempt to infiltrate or attack a network or infrastructure. Cybercriminals employ attack vectors to gain access to sensitive data, spread malicious code, and exploit system vulnerabilities. The bigger the attack surface, the more opportunities for them to strike. And unfortunately for today’s organizations, attack surfaces are expanding quickly.
This blog explains what are attack vectors, why you should care about them, the four types, and how to close them off.
- What is an attack vector?
- Why care about attack vectors?
- 4 attack vectors to watch
- Access control, passwords, and lack of two-factor authentication (2FA)
- Social engineering, phishing, and inadequate training
- Cloud and SaaS data storage, and leaky S3 buckets
- IT systems, OS vulnerabilities, servers, IoT in the workplace
- How can you close off attack vectors?
What is an attack vector?
The term attack vector refers to the means or avenue an attacker takes to gain access to your infrastructure, assets, applications, and networks.
This bad actor is looking to mount a threat to your organization by exploiting a vulnerability within your infrastructure, which in turn increases your risk of a damaging outcome, such as a data breach, or denial of service (DOS) attack. (Learn more about the difference between risk, threat, and vulnerability.)
Why care about attack vectors?
As if defending against cyberattacks wasn’t already difficult enough, 2020 added several layers of complexity to an already complex cybersecurity landscape. Attack vectors only add to the complexity. This is why it’s so important to understand the types of attack vectors and how they’re used.
By understanding attack vectors, you as a defender can do a better job staying a step ahead of attackers.
And by this point, you’re likely wondering what avenues attackers are using to gain access to your infrastructure. Below are four types of attack vectors you should pay attention to now.
4 attack vectors to watch
- Access control, passwords, and lack of two-factor authentication (2FA). When ludicrously weak passwords like “123456” (the world’s most common password, exposed 23.6 million times in 2020) continue to threaten the integrity of an organization’s security, password hygiene is a major concern for many cybersecurity leaders. This is why it’s one of the most frequently used attack vectors. Look no further than the recent SolarWinds or Passwordstate hacks for prime examples of successful exploits to use this specific attack vector. But it’s not just weak or predictable passwords that pose a threat; apps and protocols that send login credentials create attack vector opportunities. These credentials can be further leveraged across an organization’s network and its data-sensitive applications. Shoring up this attack vector involves more than imposing password best practices. Implementing 2FA protocols via proven single sign-on platforms like Okta helps ensure only authorized personnel are accessing systems and data. And to prevent or contain the damage from attacks taking advantage of weak access controls, it’s vital to identify and patch the vulnerabilities within your infrastructure (such as Privilege Escalation vulnerabilities) that can amplify the impact of a successful exploit.
- Social engineering, phishing, and inadequate training. People are fallible (see attack vector No. 1). This hard truth means your workforce can often be a vexing presence when it comes to cybersecurity, acting as both the front line of defense and as a mercurial, hard-to-manage liability. Distracted, mistake-prone workers are susceptible to another rapidly expanding attack vector: social engineering. Encompassing tactics such as phishing emails, QR codes, browser notifications, and deepfake recordings, the social engineering attack vector gets plenty of use, even as social engineering attacks have grown more difficult to spot. And the repercussions can be devastating, with financial losses reaching millions of dollars, shutdowns impacting operations, and more. One way to combat this is through training, but cybersecurity training remains largely underfunded despite the painfully obvious need for improvement. A recent TalentLMS survey of 1,200 US employees revealed that while 69% of respondents completed some kind of cybersecurity training in their workplace, a whopping 61% failed a simple 7-question quiz about basic cybersecurity best practices. As long as people are present within your environment, they provide a viable attack vector for hackers. The most common social engineering attack is ransomware. This year, global ransomware damage is expected to reach $20 billion. In Q1 of 2021 alone, the average ransom payment rose a staggering 43% thanks to one single ransomware group, CloP. Because social engineering attack vectors are evolving rapidly, the best defense is to empower employees as well as you can with the knowledge they need to detect when they’re being used—while patching the vulnerabilities that present the biggest risk to your business. So even when these attack vectors are successfully exploited, you’ll give attackers fewer opportunities to do damage.
- Cloud and SaaS data storage, and leaky S3 buckets. The popularity of cloud services received an extra boost in the last year as more companies needed to support their remote or global workforce. And while this provides a reliable and affordable way to operate, it also introduces new challenges, including password security (See No. 1) and the rise of shadow IT.). The more applications and databases within a network and the more users that rely on easy access to the tools and data in that network, the more potential for hostile actors to find loopholes. One of the more disconcerting examples of these attack vectors comes in the form of leaky S3 buckets. An S3 bucket is an Amazon Web Services storage offering called a Simple Storage Service. S3 buckets act like file folders for data and descriptive metadata … and prone to leakage. Misconfigured S3 buckets are becoming more and more prevalent, exposing sensitive data to the internet. But it doesn’t stop with Amazon Web Services; the recent Microsoft Cloud breach stemmed from a leaky Azure storage blob (Microsoft’s S3 bucket equivalent).
- IT systems, OS vulnerabilities, servers, IoT in the workplace. The growing complexity of IT environments and operating systems are making it harder than ever to create error-free code or logic. Common high-risk vulnerabilities targeting IT environments and OS weaknesses include remote code executions, denial-of-service, elevation of privilege, buffer overflow, and directory traversal. Servers offer an especially appealing attack vector for cybercriminals looking to take advantage of SQL injection attacks, cross-site scripting (XSS), misconfigurations, expired trust relationships, and more. Successful exploitations of these vulnerabilities can lead to cyber espionage, data exposure, and complete server takeovers. Prior to the pandemic, companies were grappling with how to handle IoT in the workplace as employees and teams would use their own devices for productivity and project management. Aside from the workforce, physical offices were being outfitted with modern enhancements like smart lighting, cameras, and access management solutions. Now, many organizations find the boundaries of the workforce have expanded, and with it the attack surface. Getting a comprehensive understanding of what’s truly on your network, and then developing a strategy to fix the vulnerabilities that present a real risk to you, will help you minimize the threat posed by the IoT attack vector.
How can you close off attack vectors?
No single tool or set of tools exists to manage all attack vectors. Doing what it takes to shut down attack vectors targeting your workforce—such as strengthening employee passwords, providing more effective training to spot phishing attempts, and improving awareness of social engineering campaigns—is a vital first step.
But not every breach can be traced to distracted or uninformed employees. To address attack vectors targeting weaknesses in the IT environment, Security professionals should explore establishing a foundation of security that centers around risk.
The idea of a risk-based vulnerability management approach is straightforward: It uses actionable threat, exploit, and vulnerability intelligence, which is turned into actionable insight through the use of data science techniques like machine learning and predictive algorithms, to allow Security and IT teams to focus on the vulnerabilities that matter most. This is a profound improvement from traditional CVSS or scanner-based vulnerability management (VM). In fact, if your VM program is like most, chances are 80% of the vulnerabilities you’re patching today don’t actually pose a risk to your organization. (Imagine what your colleagues in IT and AppDev could do with extra time; consider how giving them time back will improve your working relationship.)
Securing your attack surface by shutting down attack vectors may sound daunting. But once you strengthen those employee passwords (seriously, you should work on this), data science, advanced threat intel, artificial intelligence, and predictive analytics can quickly be your most potent weapons in securing your infrastructure.
Find out how a risk-based approach to vulnerability management makes a hard thing easier.