Cyber101: Attack Vectors

For the complete White Paper (“Angel Investing in Cybersecurity: Understanding the Technology”), please check out Mach37.com

In the first installment of Cyber101, attackers were characterized as having two goals, steal your information or disrupt your business. Four main attack targets were identified, the externally-facing resources accessible from the open internet, your internal network, devices on your network, and the people  who use those devices. But how do attackers go after these targets to get access to your internal information or resources?

Regardless of the attack vector, the approach is generally to deploy a piece of malicious software, hidden somewhere in the external or internal infrastructure, that can help the attacker steal information or disrupt business operations.

The first vector, attacking the network, can be accomplished by:

  • Tricking your firewall into believing that bad traffic is really OK
  • Modifying your routers to mis-direct traffic
  • Listening in on traffic inside your wired or wireless corporate network, and many more.

Devices can have malware loaded onto them:

  • Through e-mail
  • Embedded in downloaded apps
  • Through the browser
  • From corrupted thumb drives
  • In the originally shipped operating system, and many additional methods.

Most security professionals consider people to be the weakest link, either through intentional malice (think disgruntled employees on the way out) or unwittingly through phishing attacks, poor practices, inadequate attention to policies or system maintenance requirements, and of course many, many more.  A third type of “people” attack involves stealing online credentials or identity such as passwords, and impersonating the victim. Put it all together and you get a picture like the following:

Attack Vectors 1

There are many more specific attacks available in the arsenal, but most of them can be understood within these categories. Next week, Cyber101 will address why defending against this range of attacks is even harder than it seems at first glance.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s