🔒

Understanding Cybersecurity Threat Vectors

May 25, 2025

Threat Vectors in Cybersecurity

Definition

  • Threat Vector (Attack Vector): The method attackers use to gain unauthorized access to systems.
  • Attackers continuously discover or create new threat vectors to exploit vulnerabilities.

Common Threat Vectors

Messaging Systems

  • Emails: Can contain malicious links leading to phishing sites or malware downloads.
  • SMS (Short Message Service): Used to send malicious links via text message.
  • Instant Messaging/Direct Messaging: Direct communication channels used for phishing attacks.

Social Engineering

  • Phishing: Manipulates users to click on malicious links or provide sensitive information.
    • Example: Fake package delivery notifications prompting to click on a link.

Images

  • SVG (Scalable Vector Graphics): Can contain embedded malicious scripts.
  • Attackers can use SVG files to run JavaScript within a browser, potentially bypassing security if the browser is vulnerable.

Files and Documents

  • Executables: Software that runs within a system's memory can be a direct threat.
  • PDFs: Can hold malicious scripts within the document.
  • Compressed Files: Can hide malware within zip or rar files.
  • Office Documents: Macros within documents can collect and send personal data.

Mobile and VoIP Systems

  • Vishing (Voice Phishing): Attackers call victims to extract personal information.
  • Spam Over IP (VoIP): Automated spam messages sent via VoIP.
  • War Dialing: Attempting to access unpublished phone numbers.

Physical Devices

  • USB Drives: Used to transfer malicious software into air-gapped networks.
    • Example: Dropped in a parking lot to trick employees into using them.

Software Updates

  • Patch Management: Critical for closing known vulnerabilities.
  • Agentless Systems: Web-based applications that can infect clients if central servers are compromised.
  • Unsupported Systems: Systems without security patches pose significant risks.

Network Infrastructure

  • Wireless Security: Use of outdated protocols (e.g., WPA2) can be exploited.
  • 802.1x Authentication: Prevents unauthorized network access.
  • Open Ports: Providing entry points to systems via TCP ports (e.g., 80, 443).
    • Misconfigurations can lead to unauthorized access.

Default Credentials

  • Devices with default credentials (e.g., admin/admin) are vulnerable.
  • Many modern devices require password changes on initial setup.

Supply Chain Attacks

  • Third-Party Access: Attackers exploit third-party managed services (e.g., MSPs) to access client systems.
  • Counterfeit Hardware: Fake devices with potential backdoors.
  • Notable Example: 2013 Target breach via HVAC contractor systems.

Conclusion

  • Regularly update and patch systems to mitigate known vulnerabilities.
  • Conduct network scans and monitor for unauthorized access points.
  • Verify and change default credentials on all network devices.
  • Be aware of the entire supply chain to prevent indirect access.

Full transcript