Scribd
Upload
10 views

Project4 Acmegrade Internship

The document outlines various cyber attack vectors, including phishing, email attachments, account takeover, and vulnerability exploits, emphasizing the importance of closing these entry points to secure networks. It also discusses insider threats and browser-based attacks as significant risks. To mitigate these threats, the document suggests implementing good security practices, encryption, browser isolation, patching vulnerabilities, and adopting Secure Access Service Edge (SASE) solutions.

Uploaded by

xadof62138
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
10 views

Project4 Acmegrade Internship

The document outlines various cyber attack vectors, including phishing, email attachments, account takeover, and vulnerability exploits, emphasizing the importance of closing these entry points to secure networks. It also discusses insider threats and browser-based attacks as significant risks. To mitigate these threats, the document suggests implementing good security practices, encryption, browser isolation, patching vulnerabilities, and adopting Secure Access Service Edge (SASE) solutions.

Uploaded by

xadof62138
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

CYBER SECURITY PROJECT

Attack vector : An attack vector, or threat vector, is a way for attackers to


enter a network or system. Common attack vectors include social engineering
attacks, credential theft, vulnerability exploits, and insufficient protection
against insider threats. A major part of information security is closing off
attack vectors whenever possible.

• Most common attack vectors:


Phishing: Phishing involves stealing data, such as a user's password, that an attacker can use
to break into a network. Attackers gain access to this data by tricking the victim into
revealing it. Phishing remains one of the most commonly used attack vectors —
many ransomware attacks, for instance, start with a phishing campaign against the victim
organization.

Email attachments: One of the most common attack vectors, email attachments can
contain malicious code that executes after a user opens the file. In recent years,
multiple major ransomware attacks have used this threat vector,
including Ryuk attacks (A type of encryption attack that targets big organisations for
ransom amount in the form of bitcoin).

Account takeover: Attackers can use a number of different methods to take over a
legitimate user's account. They can steal a user's credentials (username and
password) via phishing attack, brute force attack or purchasing them on the
underground market. Attackers can also try to intercept and use a session cookie to
impersonate the user to a web application.

Lack of encryption: Unencrypted data can be viewed by anyone who has access to
it. It can be intercepted in transit between networks, as in an on-path attack or simply
viewed inadvertently by an intermediary along the network path.

: An insider threat is when a known and trusted user accesses and distributes
confidential data, or enables an attacker to do the same. Such occurrences can be
either intentional or accidental on the part of the user. External attackers can try to
create insider threats by contacting insiders directly and asking, bribing, tricking, or
threatening them into providing access. Sometimes malicious insiders act of their
own accord, out of dissatisfaction with their organization or for some other reason.
Vulnerability exploits: A vulnerability is a flaw in software or hardware — think of it
as being like a lock that does not work properly, enabling a thief who knows where
the faulty lock is to enter a secured building. When an attacker successfully uses a
vulnerability to enter a system, this is called a vulnerability "exploit." Applying the
software or hardware vendor's updates can fix most vulnerabilities. But some
vulnerabilities are "zero-day" vulnerabilities — unknown vulnerabilities for which
there is no known fix.

Browser-based attacks: To display webpages, Internet browsers load and execute


code they receive from remote servers. Attackers can inject malicious code into a
website or direct users to a fake website, tricking the browser into executing code
that downloads malware or otherwise compromises user devices. With cloud
computing, employees often access data and applications solely through their
Internet browser, making this threat vector of particular concern.

Application compromise: Instead of going after user accounts directly, an attacker


may aim to infect a trusted third-party application with malware. Or they could
create a fake, malicious application that users unknowingly download and install (a
common attack vector for mobile devices).

Open ports: A port is a virtual entryway into a device. Ports help computers and
servers associate network traffic with a given application or process. Ports that are
not in use should be closed. Attackers can send specially crafted messages to open
ports to try to compromise the system, just as a car thief might try opening doors to
see if any are unlocked.

• Securing techniques to eliminate attack vectors:

There is no way to eliminate attack vectors altogether. But these approaches can help
stop both internal and external attacks.

Good security practices: Many attacks succeed due to user error: users
fall for phishing attacks, open malicious email attachments, or provide
access to an unauthorized person. Training users to avoid these errors can
go a long way toward eliminating several major attack vectors.

Encryption: Encrypting data in transit prevents it from being exposed to


any intermediary parties.
Browser isolation: This technology moves the process of loading and
executing untrusted code to a location outside of an organization's
secured network. Browser isolation can even help eliminate the threat of
zero-day attacks, at least in the browser.

Patching vulnerabilities: A large number of attacks occur because an


organization has not patched a vulnerability. Patching vulnerabilities and
regularly updating software and hardware vastly reduces the chances of a
successful vulnerability exploit.

Secure access service edge (SASE): As reliance on the cloud has changed
corporate computing models, many organizations find their networking
and security models need to change as well. Secure access service edge
(SASE) is one method of integrating networking and security. SASE
includes a number of security safeguards that close off the attack vectors
described above.

You might also like