In this post, You will learn what is cyber-attack vector and you will know the 10 most common cyber attack vectors.
What is a cyber-attack vectors❓
A cyber-attack vectors is a pathway used by a hacker to illegally access a network or a computer in an attempt to exploit the flaws(Vulnerability).
In simple words, a cyber-attack vectors is a path by which a hacker can gain access to a host in order to deliver a payload or malicious software or deliver and exploit the vulnerability.
10 Most common attack vectors
- APT – Advanced Persistent Threats
- Cloud computing / Cloud-based technologies
- Viruses, worms, and malware
- Mobile Device threats
- Insider attacks
- Phishing attacks
- Web Application Threats
- IoT Threats
1. APT – Advanced persistent threat
An advanced persistent threat is a stealthy threat actor, typically a nation or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period; Typically uses zero-day attacks.
2. Cloud computing / Cloud-based technologies
Flaw(Vulnerability) in one client’s application cloud account allows attackers to access other clients’ data.
3. Virus Worm and Malware
Viruses and worms both fall under the malware category. These viruses and worms both replicate themselves and affect the connected computers.
Whereas the worm is more dangerous than the virus. The worm doesn’t need any host to control it auto replicates itself and spreads to other networks and systems.
To read more about Malware [Click here]
Blocks access to important documents, images, folders and demands ransom(Money)
To read more about Ransomware [Click here]
5. Mobile Device threats
Not updating for a long period of time is going to be the biggest mobile device threat.
Bots together form botnets and send multiple requests to the target IP and down the network, it is also called DoS and DDoS.
To perform a DoS or DDoS attack watch this Youtube Video [Click here]
To read more about Botnet [Click here]
7. Insider attacks
A disgruntled employee can damage assets from inside is called an insider threat. To prevent insider threat the CISO use the zero trust level.
8. Phishing attacks
A phishing attack is a passive information gathering method, Phishing attack is directly interacting with the target human and making him/her click the malicious link the hacker sent.
There are different types of phishing attacks they are;
- Spear phishing
Spear phishing’s is also a type of phishing and also vishing attack. In spear phishing’s, the hacker does a targeted attack. This means the hacker knows the target and then attacks.
Vishing is also a type of phishing’s attack. This Phishing’s attack takes place only in calling. Also, the stupid scam calls are called Phishing attacks. Mostly older people are targeted.
Smishing is also a type of phishing’s attack. The cybercriminal will send the text only is called a smishing attack.
To read more about phishing [Click here]
9. Web Application Threats
Cross-site scripting(XSS) and SQL injection are web application threats. These attacks can be done using the burpsuite tool.
To read more about SQL injection and cross-site scripting [Click here]
10 IoT threat
IoT is the biggest threat in today world, Kaspersky says DDoS attacks are mostly done using compromised IoT devices.
To Prevent IoT attacks enter a custom password set by the user and then do a regular malware scan.