In cyber security, an attack vector is a method or pathway used by a hacker to access or penetrate the target system. Vectors such as email & web-URLs are used to deliver malicious programmed attachments & scripts to make an entry into the user system as well as the network. Thereafter other vectors are used to gain access to your system, make lateral movement & exploit vulnerabilities to accomplish desired goals.
Given below are most common attack vectors used by hackers –
- Email to deliver phishing messages with links & malicious file attachment.
- Crafted Web-URL page for example look alike your bank to gather information or execute malicious URL without your knowledge
- Mobile device (smartphone, tablet etc) with malicious APP.
- Website hosting exploit kit.
- Internet of Things – Device with internet connectivity compromised to inject BOT.
- USB Storage to inject malware via host connected to LAN /WAN.
- Shared Folders on the network are used for lateral movement.
- Vulnerable endpoints & their native services such as WMI & SMB.