Top Information Security Attack Vectors
Following are the list of top information security attack vectors through which an attacker can gain access to a computer or network server to deliver a payload or malicious outcome.
- Cloud Computing Threats
- Advanced Persistent Threats (APT)
- Viruses and Worms
- Ransomware
- Mobile Threats
- Botnet
- Insider Attack
- Phishing
- Web Application Threats
- IoT Threats
Cloud computing is an “on-demand delivery of IT capabilities” in which IT infrastructure and applications are provided to subscribers as a metered service over a network. Clients can store sensitive information on the cloud. Flaw in one client’s application could potentially allow attackers to access another client’s data.
Advanced Persistent Threat (APT) is an attack that is focused on “stealing information from the victim machine” without its user being aware of it. These attacks are generally targeted at large companies and government networks. APT attacks are slow in nature, so the computer performance and internet connections is negligible. APTs exploit vulnerabilities in the applications running on a computer, operating system, and embedded systems.
Viruses and Worms are the most prevalent networking threats, “capable of infecting a network within seconds.” A Virus is a “self-replicating” program that produces a copy of itself by attaching to another program, computer boot sector or document. A worm is a “malicious program that replicates, executes and spreads across network connections.”
Viruses make their way into the computer when the attacker shares a malicious file containing it with the victim through the internet, or any other removable media.
Worms enter a network when the victim downloads a malicious file, executes and spreads across network connections.
Ransomware is a type of a malware, which “restrict access” to the computer system’s files and folders and “demands an online ransom payment” to the malware creator(s) in order to remove restrictions. It is generally spread via malicious attachments to email messages, infected software applications, infected disks or compromised websites.
Attackers are increasingly focusing on “mobile devices”, due to the increased adaption of smart phones for business and personal use and their comparatively “fewer security controls.”
Users may download “Applications (APKs)” which contain malware onto their smartphones, which can damage other applications and data and convey sensitive information to attackers. Attackers can remotely access a smartphone’s camera and recording app to view user activities and track voice communications, which can aid them in an attack.
Botnet is a huge “network of compromised systems” used by attackers to perform denial-of-service attacks. Bots, in a botnet, perform tasks such as uploading viruses, sending mails with botnets attached to them, stealing data, etc. Anti-Virus programs might fail to find — or even scan for — spyware or botnets. Hence, it is essential to deploy programs specifically designed to find and eliminate such threats.
Insider Attack is an attack by “someone from within an organization who has authorized access to its network” and is aware of the network architecture.
Phishing is a practice of “sending an illegitimate” email falsely claiming to be from a “legitimate site” in an attempt to acquire “a user’s personal or account information”. Attackers perform phishing attacks by distributing malicious links via some communication channel or mails to obtain private information like account numbers, credit card numbers, mobile numbers, etc. from the victim. Attackers design emails to lure victims such a way that they appear to be from some legitimate source or at times they send malicious links that resemble a legitimate website.
Web Application attacks like SQL injection, cross-site scripting has made web applications a favorable target for the attackers to steal credentials, set up phishing sites, or “acquire private information”. Majority of such attacks are the result of flawed coding and improper sanitization of input and output data from the web application. Web application attacks can threaten the performance of the website and hamper its security.
IoT devices connected to the internet have little or no security that makes them vulnerable to various types of attacks. These devices include many software applications that are used to “access the device remotely”. Due to the hardware constraints such as memory, battery, etc. these IoT applications do not include complex security mechanisms to protect the devices from attacks. These drawbacks make the IoT devices more vulnerable and allow attackers to “access the device remotely” and perform various attacks.
