An attack vector is the means by which a hacker gains access to your computer or network server, in order to engineer a malicious outcome. Through various attack methods, hackers can exploit system vulnerabilities of all sorts (including the human element, i.e. your staff).
In this post, we will explore 5 common attack vectors and the ultimate solution you can use to combat them:
1. Social Engineering Attacks
Social engineering is a broad term that is used to describe malicious activities that are accomplished by exploiting human interactions. These attacks use psychological manipulation to trick users into making security mistakes or giving away sensitive information. Just some common attack tactics include phishing, baiting, scareware and pretexting. Social engineering attacks are particularly dangerous because they rely on human error – mistakes made by users are less predictable and harder to identify than malware-based intrusions.
The general model for a high-value social engineering attack is as follows:
- The attacker prepares for the attack by identifying the victim, gathering background information (like potential points of entry and weak security protocols) and selecting the attack method.
- The attack engages the victim to gain a foothold – they engage the target, create a believable story that builds trust or takes advantage of an existing trust relationship, and take control of the interaction by providing stimuli for subsequent actions that will break security practices, like accepting a remote control prompt or allowing an executable to run. You can see an example of a successful attack that played out like this here.
- The attacker either executes a whaling attack or gains information over a period of time and installs some kind of malicious payload. They then proceed to expand the foothold and disrupt business and/or syphon data.
- In the event where a malicious payload is designed to remain unseen, the attacker closes the interaction without arousing suspicion and bring their charade to a natural/believable end. Meanwhile the payload continues to operate, giving the attacker anything from keystroke information to network configuration, a backdoor into the operation and more.
2. Worm Attack
A worm is a form of malware (along with viruses and trojans) that spreads copies of itself from computer to computer via networks. A worm can make copies of itself without any human interaction, and it can cause damage without attaching itself to a software program.
Typically, a person installs a worm by inadvertently opening an email attachment or message that contains executable scripts (files that run programs when they’re opened). Once opened, these files will provide a link to a malicious website or automatically download the worm. Once the worm is installed, it silently begins to infect the computer without the user’s knowledge.
Worms can modify or delete files, or inject additional malicious software onto a computer. Sometimes, the purpose of the worm will be to make copies of itself over and over, which will deplete system resources by overloading a shared network. Worms wreak havoc on computer resources, and they can also steal data, install a backdoor and allow hackers to gain control over a computer and its systems.
3. Direct-Access Attack
In a direct-access attack, a person gains physical access to a computer and performs malicious actions including installing different types of devices to compromise security, like operating system modifications, software worms, keyloggers or covert listening devices. The attacker can also download large quantities of information onto backup media or portable devices.
You might think that your company is immune from this kind of attack, but is there a functioning USB port on the computer at your office reception? Chances are that computer is part of your network, and a device installed here that looks like a regular USB device or some kind of inline filter for the internet connection, can contain a malware payload. Here’s a store where you can purchase exactly this kind of attack asset for less than $65.
4. Man in the Middle Attack
In a man in the middle attack (MITM), communication between two systems is intercepted by a third party. This can happen with any form of online communication, including email, social media and web browsing. The goal of a MITM attack is to steal personal information like login credentials, account details and credit card numbers or redirect users to false or compromised websites.
Stolen information can be used for various purposes, including identity theft, unapproved funds transfers, password changes or gaining a foothold during the infiltration stage of an APT (advanced persistent threat) assault.
A MITM attack has two distinct phases – interception and decryption.
The first step intercepts user traffic through the attacker’s network before it reaches its intended destination. The most common method of doing this is a passive attack where an attacker makes free, malicious Wi-Fi hotspots available to the public. Once a victim connects to the hotspot, the attacker gains full visibility to any online data exchange and can redirect the victim to fake online services like banks, email exchanges and other services.
After the attacker has intercepted your communications, they need to decrypt the information without alerting the user or the application. This is possible through a number of methods, including HTTPS spoofing, SSL hijacking, SSL stripping and various other techniques.
5. Inside Job
Human error is a huge factor in security breaches. In fact, IBM’s 2018 IBM X-Force Threat Intelligence Index found that human error caused a 424% increase (year-over-year) in cloud-related cyberattacks.
Common ‘insider’ risks include:
- Well-meaning IT staff who have complete access to secure company information and systems – small mistakes can have major consequences
- Disgruntled employees – they may steal information, sell data/intelligence or damage systems due to a vendetta
- Cybercriminals who hijack identities – they might compromise employee systems through malware or phishing attacks, or leverage stolen credentials (often by using data taken from social networks)
The Ultimate Solution – Implement the Essential 8!
A baseline defence strategy against these attack vectors and others is to implement the Essential 8, which is a list of prioritised mitigation strategies.
These strategies are the result of the Australian Government’s security agencies’ involvement in numerous cyber attack mitigations and investigations, and they have been developed to protect networks, users, applications and data from cyber threats.
When these 8 strategies are implemented together, an estimated 85% of cyber attacks can be thwarted.
Need a hand protecting your business? At Computer One, we have a network security team that are experts when it comes to finding security holes, taking remedial action and protecting your data from damaging breaches. You can find out more about our Network Security Services here.