Over the last few years, we have grown accustomed to hearing about cybersecurity incidents affecting companies of all scales and sizes. In 2021, a data breach cost an average of $4.24 million, up 10% from $3.86 million in 2020 — the highest percentage increase year-over-year in the past 17 years. Despite a robust cybersecurity perimeter in response to growing threats, cybercriminals always seem to find a way around it. How do they do it? They use increasingly complex attack vectors.
In this article, we’ll look at how cybercriminals use attack vectors as tools to exploit IT security vulnerabilities and execute their nefarious schemes. We’ll also list some simple security measures your company can put in place to counter threats from these attack vectors.
What Is Meant by Attack Vector?
An attack vector refers to any method or pathway a hacker may use to penetrate, infiltrate or compromise the IT infrastructure of the target entity.
In addition to exploiting vulnerabilities in the system, hackers also use attack vectors to trick humans into compromising security setups. Clue: phishing emails. Phishing ranks as the second most frequently used attack vector in 2021. The top spot goes to compromised credentials while the third goes to cloud misconfiguration.
A cybercriminal can deploy a multitude of attack vectors to deliver malicious payloads, such as viruses, worms and ransomware code, into a victim’s system and sabotage their operations. Compromised credentials, phishing emails and inadequate or missing encryption are some other examples of attack vectors.
Attack Vector vs. Attack Surface
There are times when you will see these two terms used interchangeably, but that isn’t correct.
An attack vector is a tool that cybercriminals use to launch a cyberattack while an attack surface is any point or points on the network area of a company that is broken through to launch the attack. The surface area increases as more endpoints, servers, switches, software applications or any other IT assets get configured to a network.
IBM’s Cost of Data Breach report 2021 found that costs of breaches were significantly lower for some companies with a more mature security posture and higher for companies lagging in areas such as security AI and automation, zero-trust and cloud security.
Attack Vector vs. Threat Vector
The terms attack vector and threat vector are interchangeable. As with an attack vector, a threat vector is a way to gain access to an unsecured attack surface such as an open port or an unpatched software vulnerability.
What Are the Different Types of Attack Vectors?
Cybercriminals are quick to invent new attack methods, which easily outsmart old defense mechanisms. In this section, we’ll discuss nine nasty attack vectors that can undermine your business.
1. Compromised Credentials
Compromised credentials are the most used attack vector, responsible for 20% of breaches in 2021. Usernames and passwords stolen from victims are the most common credentials used by threats actors. Cybercriminals can purchase these on the dark web or can trick unsuspecting individuals into giving them up. Hackers may also collect sensitive information from unwitting users by sending a link to a bogus website and requesting their login details.
2. Weak Passwords and Credentials
According to a security consultant, a single compromised password caused the downfall of Colonial Pipeline, a major oil pipeline company in the U.S., leading to a fuel shortage across the East Coast of the United States.
The best way to make passwords hard to guess is to change default passwords promptly and to create new passwords keeping best practices in mind. A strong, complex password should include uppercase, lowercase and special characters as well as numbers and symbols. According to research conducted by NordPass, Fortune 500 companies use passwords that can be hacked in less than a second. It’s also advisable to change passwords frequently since hackers can install keylogging software on a user’s system to obtain personally identifiable information (PII).
Hackers don’t just focus on system credentials used by employees. They also try to intercept passwords used by servers, network devices and security tools, gaining unfettered access to a company’s Active Directory credentials and other valuable databases.
3. Poor and Absent Encryption
Data encryption enables users to transform data into ciphertext before transferring it over a known or unknown network or storing it on a system, enabling only those with the password to decrypt and read it. Weak encryption is easy to break using brute force, whereas in the absence of encryption, data transfer occurs in plaintext, which can be easily intercepted or stolen by threat actors.
4. Cloud and Device Misconfiguration
According to The State of Cloud Security 2021 report, many data breaches that make headlines are caused by cloud misconfiguration errors. About 36% of cloud professionals surveyed for the report said their organization experienced a serious breach or leak of cloud data in the past year.
Cloud misconfigurations result from user-created settings that do not provide adequate security to cloud data. This can disable the privilege access settings, giving everyone on the network unfettered access to valuable data.
Device misconfiguration is another trouble spot for companies. As companies rely increasingly on robotics and internet-of-things (IoT) devices to carry out their tasks, a hardware hack can pave the way for cybercriminals.
About 80% of IT professionals say they are facing a significant increase in phishing attacks in 2021.
Phishing emails continue to be one of the most effective attack vectors. Phishing is a form of social engineering attack that involves using legitimate-looking emails to trick people into giving up their personal information or account credentials. About 90% of incidents resulting in data breaches begin with phishing emails.
While a phishing attack targets employees en masse, a spear-phishing attack targets top-level executives of a company with the aim to steal highly confidential and business-critical information to which only the highest-ranking executives have access.
6. Third-Party Vendors
Suppliers and vendors are also considered attack vectors since hackers can find weaknesses in their software to access the client’s network and launch a supply chain attack. In the event of a cyberattack on a third party that has access to sensitive client data, the consequences are unimaginable.
7. Software Vulnerabilities
There is no such thing as perfect software. Hence, even after a piece of software is released, companies continue to test for bugs and send patches to fix vulnerabilities.
A zero-day vulnerability is a flaw in a network or software that hasn’t been patched or for which a patch isn’t available. Hackers can exploit a zero-day vulnerability to install malicious software, like ransomware, that enables them to manipulate IT infrastructure remotely to spy on an organization’s activities or to disrupt operations.
There were a record-breaking 66 zero-day attacks found to be active in 2021 according to databases like the 0-day tracking project. This is almost double the total reported for 2020, and more than any other year on record.
8. Malicious Insiders
It takes about 231 days for breaches caused by malicious insiders to be identified, behind only compromised credentials at 250 days and business email compromise at 238 days.
As it stands, disgruntled employees already have access to their company’s system details, which they can use to launch cyberattacks or to sell credential information on the dark web. In some cases, insider attacks are not malicious in nature and can be due to a lack of care on the part of employees.
9. Trust Relationships
In order for a communication channel between two or more domains to be secure, there must be an established trust relationship. It allows users to access information from multiple domains with just one login. A trusted domain is one that authenticates the user while the others are called trusting domains. Lax security practices can result in users caching credentials on trusted domains, which can then be stolen and used to launch a cyberattack.
What Are the Different Attacks Launched With Attack Vectors?
Cybercriminals have access to a wide range of attack vectors for conducting business-breaking cyberattacks. Here are some of the most common and debilitating attacks launched using attack vectors.
1. Malware and Ransomware
Malware is an intrusive piece of software that enables cybercriminals to access and damage computing systems and networks severely. The infection can take the form of a virus, trojan horse, worm, spyware, adware, rootkit or the infamous ransomware.
The number of ransomware cases has been steadily increasing since 2016 and now accounts for 10% of all breaches. Ransomware is a type of malware that can be installed covertly on a computer system, preventing the victim from accessing it. As soon as authorized users lose access, cybercriminals either threaten to release data publicly or block usage unless a ransom is paid. Colonial Pipeline suffered a ransomware cyberattack earlier this year and had to pay a whopping $4.4 million to regain access to their network.
2. Distributed Denial-of-Service (DDoS) Attack
The purpose of a DDoS attack is to overload a victim’s system or network by sending bogus emails by the truckload. As a result of unusually high data traffic volumes, the network becomes paralyzed, rendering it unable to cope with new data requests. DDoS attacks typically exploit a vulnerability in one computer system, making it the DDoS master. The master system then infects other vulnerable systems with malware.
In critical industries, a server overload can result in the business going offline for hours, which can cause a dip in revenue and customer departure. Yandex, a Russian tech giant, recently said that its servers were the victims of the biggest DDoS attack ever recorded.
3. Brute Force
A brute force attack is a cryptographic hack in which cybercriminals use the computing power of their systems to crack usernames, passwords, encryption keys or any other authentication credentials for unauthorized use. Generally, the longer the password, the more combinations that will need to be tested.
4. Man-in-the-Middle Attacks
A man-in-the-middle attack occurs when an attacker inserts himself in the “middle” of an ongoing conversation or data transfer and pretends to be a legitimate participant. By eavesdropping on the communication, hackers can access crucial data, like login information, which they can modify for personal benefit.
Hackers can even use their position to send malicious links to legitimate parties to damage their systems and databases and to launch advanced persistent threats (APTs).
5. SQL Injections (SQLi)
SQL injection is an attack vector that exploits a security vulnerability in a program’s code. It allows hackers to inject malicious code into web queries, data-driven applications and, in some cases, servers and other backend infrastructure. Once the attacker has administrative rights over the database, it can spoof identity, reveal or destroy data, remove access from it or cause repudiation issues.
6. Cross-Site Scripting (XSS)
Cross-site scripting attacks, or XSS, exploit web security flaws by injecting malicious scripts into otherwise trustworthy websites to infect them with malware. An XSS attack occurs when malicious code is sent from a web application to an unknown user as a browser script. Not realizing that the script shouldn’t be trusted, users execute it, allowing hackers to access cookies and other sensitive information stored in the browser.
How to Reduce Risk From Attack Vectors?
Cyberattacks can be stopped in their tracks if companies follow strict security protocols. This is especially important given the remote and hybrid work environments we are working in today. Here are some core security practices that will help you stay one step ahead of cybercriminals while making your IT technicians’ jobs easier.
1. Utilize Strong Password and Credential Security
It’s tedious to remember multiple passwords. A simple combination of your name and date of birth may seem convenient but it certainly isn’t best practice. Creating a difficult password is a lot easier than figuring out how to recover from a cyberattack.
Here are some tips on how to create strong passwords:
• Usernames and passwords should be complex and should be reset frequently
• Do not use the same credentials across multiple applications and systems
• Two-factor authentication (2FA) is a must
2. Maintain Strong Data Encryption
Employees use multiple mobile devices and networks to exchange business information. This is inevitable. A strong encryption tool that uses 192- and 256-bit keys for data encryption is a great way to combat threats from cybercriminals.
3. Update Systems and Install Patches Regularly
Cybercriminals love exploiting unpatched software vulnerabilities for zero-day attacks. Moreover, they continue exploiting the vulnerability for months, resulting in irreversible damage. When you use Kaseya VSA, you can automate patch management and provide your business with an extra layer of security. Organizations can reduce the likelihood of breaches by 41% if they deploy patches promptly.
Did you know that coordination problems between teams cause many organizations to lose about 12 days when implementing a patch? VSA enables the creation of policy profiles for the approval, review or rejection of patch updates.
4. Phishing and Cyber Awareness Training
Cybercriminals can take advantage of human vulnerabilities to launch large-scale cyberattacks and cripple business operations. Train your employees regularly to look out for attack vectors like phishing emails or fake websites so that they’ll be sharper when it comes to spotting them.
5. Audit Security Configurations
Creating a robust cybersecurity infrastructure is the first step in the fight against rampant cybercrime. Nevertheless, maintaining the availability of the infrastructure and regularly fixing all vulnerabilities is a never-ending undertaking. Security audits should be performed at least quarterly and having an external auditor to conduct the audit will ensure nothing slips through the cracks.
6. Watertight BYOD Policies
We are entering an era of remote and hybrid work. As a result, companies are embracing the bring your own device (BYOD) culture because it has been shown to boost productivity and employee happiness. However, if BYOD policies are not secure, it could open the doors for cybercriminals to penetrate a company’s infrastructure. It is possible to protect your information from cybercriminals by storing it in a secure cloud environment or on a server and allowing only VPN-connected devices to access it.
Minimize Danger From Attack Vectors With Kaseya
To protect your employees and business from complex cyberattacks, you need the latest security tools in your arsenal.
Even though antivirus (AV), antimalware (AM) and firewall solutions are essential, they are only your first line of defense against cybercrime. This is where Kaseya VSA comes in — a top-of-the-line unified remote monitoring and management solution (uRMM) that lets you manage core IT security functions from a single pane of glass.
VSA helps you ensure security patches are deployed on time, reducing the attack surface. In addition, it provides complete insight into IT assets while enabling backup management and also keeps endpoints secure through the use of the most current AV/AM solutions. You also benefit from Kaseya VSA’s built-in security features, such as two-factor authentication, which allows you to improve IT efficiency.
Having the right tool by your side allows you to monitor IT assets 24/7 as well as identify and address any suspicious activity in real time. To learn more, request a free demo today.
*** This is a Security Bloggers Network syndicated blog from Blog – Kaseya authored by Kaseya. Read the original post at: https://www.kaseya.com/blog/2021/10/28/attack-vectors/