Attack Vector

An attack vector is a method by which a cybercriminal attacks a computer or network. While an attack surface is the location within the network that is vulnerable to an attack, the attack vector is the way a hacker carries it out. In current computer networking, attack vectors are numerous and creative. Attackers have found many detailed ways to steal information and access private networks. Some common attack vectors are listed below.

DDoS (distributed denial of service) attack: flooding a network, often a website, with an absurd number of IP address requests in order to shut it down temporarily and cause the web server to lose money
Email fraud: one of the many methods of social engineering, in which an attacker impersonates someone legitimate (like a company’s CEO) and asks for money or sends links with malicious software attached
Man-in-the-middle attack: often involves eavesdropping on a handshake that two parties use to establish an encryption key
IoT device hack: gaining access to a smart device that connects to the company network and being able to move to other parts of the network from there
Phishing: a general term that falls into the realm of social engineering; for example, fraudulent phone calls that ask someone to update their information (such as a banking login) with the intention of stealing personal data
Stealing employee credentials: gaining access to company logins and passwords to then move through the network
Third-party applications: any external applications that have access to your company’s networks but may not necessarily be trustworthy. Often third-party integration apps that connect two of your company software solutions fall into this category
Ransomware: downloading malware onto a computer, causing it to stop functioning, and demanding money before unlocking the computer or programs
Manipulating an unsecured Wi-Fi connection: eavesdropping on an Internet session, especially one that is not encrypted

This is by no means an exhaustive list. Organizations find themselves fighting to detect and prevent cyberattacks; as technology has advanced, so have attack methods. Adequately responding to threats requires a comprehensive approach to network security and automated data analysis. Businesses can no longer sufficiently sort through their own log and application data without help from machines.






Jenna Phipps
Jenna Phipps
Jenna Phipps is a writer for Webopedia.com, Enterprise Storage Forum, and CIO Insight. She covers data storage systems and data management, information technology security, and enterprise software solutions.

Related Articles

@ Sign

Pronounced at sign or simply as at, this symbol is used in e-mail addressing to separate the user' name from the user's domain name,...

Munging

(MUHN-jing) Munging (address munging), is the act of altering an email address posted on a Web page to make it unreadable to bots and...

How to Create an RSS Feed

In the second installment of RSS how-to, we look at some of the nonrequired (optional) channel and item tags, discuss RSS specifications in-depth and...

Dictionary Attack

(n.) (1) A method used to break security systems, specifically password-based security systems, in which the attacker systematically tests all possible passwords beginning with...

ScalaHosting

ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...

HRIS

Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...