Programmers Tools | UUID Generator, MD5 Hash Encoders and Decoders, Text Generators, Encryption and Decryption, THM and HTB Writeup | Information Hub

Information Hub > Threat Vectors / Attack Vectors

Information Hub

Cyber Security

Threat Vectors / Attack Vectors

Created 14 February, 2024

Threat vectors or attack vectors in cybersecurity context are the mechanisms that cyber criminals use to gain unauthorized access to computer systems and networks. There are many types of attack vectors available, and It's crucial to have an understanding about these threat vectors (attack vectors) as an internet user to protect your computer and networks from cyberattacks.

There are six (5) main vectors cybercriminals use to hack into computers systems and networks or disrupt computer systems.

Malware
Denial of Service (DoS) attacks and Distributed Denial of Service (DDos) attacks
Domain Name System (DNS) Attacks
Zero-day vulnerabilities
Phishing

Malware

Malware is usually known as a malicious software that have the potential to get installed or executed in a computer system. Malware can take many forms such as trojan horses, worms, viruses, spyware, ransomware, etc. Malware usually infects a computer system through an unsafe website or link, file download, an infected external device or network, cracked software install.

Malware can have one or more malicious intents once it has infected a computer system. Obtain private and confidential information, deny access to networks and computers, delete or encrypt computer data rendering computer system disabled or crippled. Malware can cause serious and disastrous impacts on businesses.

There are four (4) main types of malware.

Viruses: Black hat hackers hack into a computer system illegally for monetary gain or to cause harm. They may distribute malware to destroy files, steal passwords, credit card numbers or other sensitive information or takeover or use the computers to perform a malicious act.
Trojan Horse Software: Grey hat hackers walk between Black and White hat hackers. Grey hat hackers hack into computer systems and search for vulnerabilities and flaws and report them to the computer system owner. But they do this without owners knowledge or consent. They might request a fee for finding and reporting vulnerabilities.
Ransomware: White hat hackers are often called as ethical hackers. White hat hackers try to hack into a computer system to find the vulnerabilities and exports with owners prior knowledge and authorization. White hat hackers are cyber security professionals who are working for an organization.
Worms: White hat hackers are often called as ethical hackers. White hat hackers try to hack into a computer system to find the vulnerabilities and exports with owners prior knowledge and authorization. White hat hackers are cyber security professionals who are working for an organization.

Denial of Service (DoS) attacks and Distributed Denial of Service (DDos) attacks

A denial-of-service (DoS) attack is a cyber-attack in which a single device floods a target system, service or network with traffic or requests, rendering it unavailable to users.

On the other hand, a distributed-denial-of-service (DDoS) attack is a more complex type of DoS assault in which many usually previously compromised devices are used to overwhelm the target system, making defence even more difficult. DDoS attack devices are typically performed by devices infected with malware and operated by a central entity known as the Command and Control (C&C) server.

Methods to mitigate DoS and DDoS attacks.

Using Load Balancers: A load balancer is a network device that distributes incoming traffic between several servers, so that no one server is overwhelmed. During an attack, a load balancer can split incoming traffic among many servers to reduce impact if the target is behind it.
Filter IP Addresses: The most basic defence against a DoS attack is to allow only legitimate IP addresses or to block those from known attackers. Suppose, for example, that the application is only intended for employees of a particular undertaking. In this case, all other traffic could be blocked by a hardware or software rule creating an "Allow List".
Practice Rate Limiting: Limit traffic to a specific IP or Network Interface Controller (NIC) source. It can be done at the hardware or software level to reduce the likelihood of being the victim of a DoS attack. At the hardware level, switches and routers typically have some rate-limiting capability. This involves rate-limiting the destination IP or interface (website/host service) so that they can promote the likelihood of a network-based DOS attack.
Filter Request Upstream: One of the best mitigation measures is filtering requests upstream, long before they get to their intended network. Incoming network traffic will be filtered by a large number of mitigation centre suppliers. This traffic is never seen by your API when you do this right. Therefore, any rate limitation policies are bypassed.

Domain Name System (DNS) Attacks

The Domain Name System (DNS) converts human-readable domain names (www.programerstools.tech) to machine-readable IP addresses. This system is similar to a massive phone book that lists many IP addresses with their associated domain names.

Types of DNS attacks can include:-

Cache Poisoning Attacks: An attacker can compromise DNS servers by replacing the valid IP address in a server's cache with a rouge one. This can be to redirect traffic to a malicious website, collect information or initiate another attack. DNS poisoning is also called cache poisoning.
Dos and DDoS Attacks: The attacker creates more traffic to a specific address that the DNS server buffer can not handle. This can be done using one device or a collection of devices. Which defines the attack DoD or DDoS.
DNS Amplification Attacks: By exploiting the DNS server that allows recursive searches, the attacker uses recursion to extend his attack to other DNS servers.
DNS Spoofing Attacks: The process of poisoning DNS server records to redirect the targeted user to a malicious website controlled by the attacker.

DNS attacks can be mitigated by using the techniques such as disabling any unnecessary DNS resolvers, put valid DNS resolvers behind a firewall and make sure they cannot be accessed from outside your enterprise, keep your authoritative name server separate from the DNS resolver, using an encrypted VPN connection for your business, DNSSEC should always be enabled, patches for known vulnerabilities should be applied as soon as they are made available by their respective developers.

Zero-day vulnerabilities

A software weakness known as the “zero-day vulnerability” is a vulnerability that is not yet known to the manufacturer/programmer or industry. Because of the unknown nature of the weakness, there is no way to fix it. Vulnerability was detected by a person not directly involved in the project. It is called the "zero-day" when vulnerability has been discovered and its first attempt at exploiting it was made. A zero-day vulnerability is known as a n-day vulnerability when published.

Phishing

Phishing is a type of cybercrime where a target (or targets) is (are) contacted by email, telephone or text message by an individual masquerading as a legitimate institution in order to trick the victim into revealing sensitive data such as personally identifiable information, banking and credit card details, and/or passwords.

The information can then be used to log into financial accounts, and possibly lead to identity theft and financial loss. Phishing can take many forms.

Spear Phishing: The term "spear phishing" is used to describe the type of phish targeting specific individuals or companies. An attacker can create a custom scam through gathering details or purchasing information about the specific target. This type of phishing currently has the highest effectiveness rate, with over 90% of attacks originating in it.
Whaling: For attacks that are directed specifically at senior executives or other privileged users within businesses, the term whaling is commonly used. This type of attack is usually targeted at content which is likely to require the victim's attention, e.g. legal subpoenas or other executive issues.

The whaling scam email, which appears to be from an executive, is also a frequent vector of such attacks. Sometimes, employees at low levels are fooled by the importance of a request and who it comes from over any need for double-checking their authenticity, which in turn leads them to transfer large amounts of money to an attacker.
Smishing: Smishing is a type of attack that uses text messages or SMS services to carry out the attack. A common smishing technique is to deliver a message to a cell phone through SMS that contains a clickable link or a return phone number. The SMS message that appears to have come from your bank is a common example of smishing attacks. It's telling you your account's been compromised, and you have to respond immediately.