When it comes to intelligence topics, a subject that people often hear about is attack vectors. Yet, attack vector is such a broad cybersecurity industry term. Most people may not really know what it means, and more importantly, what it means to them and why they need to be aware of the different types of attack methodologies.
In short, an attack vector is any avenue of access that a hacker can use to carry out a cyber attack, whether that’s accessing a database through a technical vulnerability or obtaining your credentials to log into your company’s network and steal or corrupt data and systems.
Phishing is an excellent example of this. We hear so much about it, that it fades into the background and we often fail to draw the immediate connection it has to us, but we are all at risk.
Phishing typically occurs over email, a channel that is such a large part of our daily lives, it provides hackers with an easy avenue of accessibility. You’ve probably gotten emails you don’t want and emails that you’d rather not see. Those can be easy for us to ignore as we move through the important tasks in our day.
Amongst those unwanted emails, you’ll often receive phishing emails, but these are typically not as easy to ignore because phishing emails are carefully crafted to mimic the things that you expect. They look like something that legitimately requires your attention and focus. Hackers do a great job of capitalizing on the element of surprise by masquerading in something so ordinary that we drop our guard. That’s what constitutes a strong attack vector for your adversary.
Email is so much a part of our life that hackers know we check it daily. In fact, some people can’t go an hour without pulling out their phone or their laptop and checking their email. Adversaries know that email is a functional way to get into a company, into a person’s life and get their identity and anything else of value they want. That’s what makes email a primary attack vector and phishing such a common attack methodology.
A secondary attack vector, the watering hole, is something similar because it capitalizes on our predictable behaviors. Where hackers use phishing to come to you, hackers use the watering hole to draw you to them. Watering holes set an attractive trap at a place that cyber criminals know you’re going to visit. Instead of delivering a carefully crafted email that you might fall for, adversaries craft a site that mimics a site, or type of site, you typically visit. The site is designed to capture information or encourage you to open a channel that enables hackers to obtain the access they want. Sadly, there are numerous versions of this secondary attack vector.
One of the main functions of threat intelligence is to determine all the different attack vectors that can put you at risk and help you understand which ones are the mostly likely. In this way, we can help you develop and practice ways to defend against the most common attack scenarios.
Thanks to the Carnegie Museum of Natural History in Pittsburgh, PA for hosting CyberDefenses and allowing us to film this video on their site.