In cybersecurity, an attack vector is a method of achieving unauthorized network access to launch a cyberattack. Attack vectors allow cybercriminals to exploit system vulnerabilities to access sensitive data, protected health information (PHI), and other valuable information accessible after a data breach.
Phishing Attacks
Phishing is a malicious attempt to trick people into giving up personal and online account information to access and exploit more valuable and sensitive systems.
- Email phishing: Deceptive emails to trick recipients into revealing sensitive information
- Spear phishing: Targeted phishing attacks aimed at specific individuals or organizations
- Vishing: Phishing attacks conducted via voice or phone calls
Malware
Malware, or malicious software, is the general term to describe any intrusive software that aims to gain access to a computer network to exploit sensitive information.
- Viruses: Malicious software that attaches itself to legitimate programs
- Trojans: Programs that appear harmless but contain hidden malicious functionality
- Ransomware: Encrypts files or systems and demands payment for their release
- Spyware: Collects sensitive information without the user's knowledge
Man-in-the-Middle (MitM) attacks
A MITM attack is an interception of communication between two parties for duplicitous reasons. It requires three players: the victim, the person/entity the victim is trying to communicate with, and the imposter (the man-in-the-middle or the hacker).
- Interception: Attackers intercept and manipulate communication between two parties.
- Session hijacking: Unauthorized takeover of an established session between a user and a system
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks:
A denial of service (DoS) attack is when a cybercriminal blocks access to a network, device, or website so that users cannot access it.
A distributed denial of service (DDoS) attack is a modified DoS attack from multiple locations. This makes it harder for organizations to track the source. They are used in larger-scale attacks.
- Overwhelming a system: Flooding a network or service to make it unavailable
SQL injection
SQL injection is a common attack vector that uses malicious SQL code for backend database manipulation to access information not intended to be displayed. This information may include any number of items, including sensitive company data, user lists, or private customer details.
Cross-Site Scripting (XSS)
XSS is a client-side code injection attack. The attacker aims to execute malicious scripts in the victim's web browser by including malicious code in a legitimate web page or web application. The attack occurs when the victim visits the web page or application that executes the malicious code. The web page or application becomes a vehicle to deliver the malicious script to the user’s browser.
Zero-Day Exploits
A zero-day attack occurs when threat actors discover a software security flaw unknown to software developers or users and then use that flaw to gain access to computer systems and the data they contain.
Password attacks
A password attack is any attempt to exploit a vulnerability in user authorization within a digital system. Here are two ways cybercriminals attempt to
- Brute force attacks: Repeatedly trying different password combinations
- Credential stuffing: Using previously stolen credentials to access other accounts
Social engineering
Social engineering attacks manipulate people into sharing information they shouldn't share, downloading software they shouldn't download, visiting websites they shouldn't visit, sending money to criminals, or making other mistakes that compromise their personal or organizational security.
Drive-by downloads
Drive by download attacks refer to malicious programs installed on your devices without your consent. This also includes unintentional downloads of files or bundled software onto a computer device.
IoT (Internet of Things) exploitation
An IoT attack is a malicious attempt to exploit vulnerabilities in internet-connected devices, such as smart home devices, industrial control systems, and medical devices. Attackers may gain control of the device, steal sensitive data, or use the device as a part of a botnet for other malicious purposes.
Watering hole attacks
A watering hole attack is a targeted attack designed to compromise users within a specific industry or group of users by infecting websites they typically visit and luring them to a malicious site. The goal is to infect the user's computer with malware and gain access to the organization's network.
Physical attacks
Physical attacks typically target an organization's tangible assets, such as buildings, equipment, or infrastructure. In contrast, cyber attacks exploit vulnerabilities in digital systems, such as networks, software, or databases.
DNS spoofing and cache poisoning
Cache poisoning is a cyberattack in which attackers insert fake information into a domain name system (DNS) cache or web cache to harm users. In DNS cache poisoning or DNS spoofing, an attacker diverts traffic from a legitimate server to a malicious/dangerous server.
Supply chain attacks
A supply chain attack is a cyberattack carried out against an organization's suppliers to gain unauthorized access to that organization's systems or data.
In the news:
Why identify and prevent cyberthreat vectors?
Identifying and preventing cyberthreat vectors in healthcare can ensure the:
- safeguarding of patient data
- integrity of medical devices
- maintenance of operational continuity
- compliance with HIPAA and other regulations
- mitigates financial risks
- addresses public health concerns, and
- foster a secure and interconnected healthcare environment
Prioritizing cybersecurity is a matter of compliance and commitment to the well-being and safety of individuals and the healthcare ecosystem.
Go deeper:
Tshedimoso Makhene
