2

Attack Vectors

Before tackling attack vectors, we must first understand the term attack surface. Attack surface and attack vectors are easily mistaken to mean the same. On the contrary, they mean different. An attack surface is the number of feasible ways an attacker can exploit to get into a device or network. What is an attack vector? An attack vector is simply the method an a tacker uses to compromise a device or network and gain unauthorized access.

Common types of attack vectors

  1.  Compromised credentials
  2. Weak and stolen credentials
  3. Malicious insiders
  4. Misconfiguration
  5. Vulnerabilities
  6. Malware

An attack vector can be classified as either:

  1. Active attack vector
  2. Passive attack vector

Active attack vector

Active attack vectors affect the integrity and availability of information. An attacker tries to alter or modify a system through malware, exploiting vulnerabilities, maninthemiddle attacks and ransomware.

In the figure below, an attacker captures the message from the sender and changes its contents before sending the misleading message to the receiver.

Image from: geeksforgeeks.org


Active attacks are in the form of:

  1. Interruption An attacker tries to deny users access to the system
  2. Modification An attacker captures a message and alters its contents
  3. Fabrication An attacker inserts fake information, resources or services into the network

Types of Active Attacks

Masquerade

A threat actor or attacker impersonates a legitimate user to gain unauthorized access to network resources. The main goal is identity and data theft.

In the image below, Darth is sending a message to Alice that appears to be from Bob. Darth, who is an illegitimate user, is masquerading as Bob.

 

Image from: techblogmu.blogspot.com

Repudiation

A user can deny having executed a certain action or initiated a malicious transaction that caused a loss. Repudiation can be by the sender or receiver.

For example, a student can use the school computer to access a malicious website causing a cyberattack. The student then denies accessing the websites as he or she knows it is against school guidelines.

Replay

A threat actor eavesdrops on secure network communication, intercepts it then fraudulently delays or resends it to misdirect the receiver into doing what the hacker wants. In the image below, Darth (attacker) intercepts the message from Bob (sender) to Alice and changes its contents before redirecting it to the intended receiver Alice.

 

Image from: techblogmu.blogspot.com

Denial of Service

An attacker prevents a legitimate user from accessing network resources such as a school management system or student portal. An attacker floods the server with traffic or sends an action through code to cause a crash.

In the image below, Darth (attacker) interrupts Bob, who is a legitimate user from accessing services provided by the server.

 

Passive attack vector

Passive attacks are a threat to data confidentiality. An attacker strives to gain access or gather information about the target without altering the system resources.

The figure below explains how a passive attack occurs. An attacker reads the message from a sender to a receiver without modifying its contents.

 

 

Image from: geeksforgeeks.org

Types of Passive Attacks

Message Release

An attacker monitors the contents of data in transmission. The information could be in the form of a telephonic conversation, an email message or a transferred file.

Traffic Analysis

An attacker analyses traffic coming and leaving the network without making any changes. From the information, the attacker can guess the nature of the activities and communications happening in the network. The attacker can further determine the location and identity of the host in the network.

Passive attacks can be conducted through various social engineering attacks

Dumpster diving

An attacker goes through abandoned computers, devices or trash bins to try and acquire information from them. To prevent this, always shred documents and format devices that are no longer in use.

Image from: sciencedirect.com
Phishing

An attacker can use SMS, emails or web advert to try and trick a user into giving sensitive information or visit a malicious website.

 

mage from: onlineowls.com


Baiting

This involves luring a user with an offer such as branded corporate branded flash disks in exchange for private information.

Image from: osu.edu
Piggybacking / Tailgating

This is when an unauthorized person physically follows an authorized person into a restricted corporate area, for example, a building or server room.

Image from: trustaira.com
Pretexting

An attacker tries to persuade a user into giving sensitive information by providing a fictional backstory. The image below shows examples of pretext social engineering.

Image from: cmu.edu

 

Similarities between active and passive attack vectors

  1. An attacker identifies a potential target
  2. An attacker collects information about a target using social engineering, malware or phishing
  3. Information acquired is used to identify possible attack vectors and create or use tools to exploit them
  4. Attackers gain unauthorized access to the system and steal sensitive data or install malicious code
  5. Attackers monitor the computer or network, steal information or use computing resources

Difference between Active and Passive attack vector

Active Attack Vector Passive Attack Vector
A threat to the integrity and availability of the data A threat to data confidentiality
Accomplished by gaining the physical control over the communication link to capture and insert transmission The attacker requires to observe the transmission
Involves a modification of data Involves the monitoring of data
The victim is aware of the attack The victim is unaware of the attack
Affects the system and is easily detected It does not affect the system and is not easily detected
Difficult to prevent the network from active attack It can be prevented

 

Protection against attack vectors
  1. Training of staff and students
  2. Apply the Principle of Least Privilege where a user is given minimal access rights to perform the needed task. A student can be granted permission to access the internet using kid friendly search engines only.
  3. Use cybersecurity tools such as firewalls, password managers and VPNs for secure communications
  4. Patch operating system and update device software to the latest version
  5. Encrypt sensitive information and data at rest, intransit and in processing
  6. Monitor data and network access for all users and devices to unmask insider risk
  7. Use twofactor authentication via a trusted second factor to minimize the number of breaches

Licence

Icon for the Creative Commons Attribution-ShareAlike 4.0 International License

Advanced Cybersecurity Training for Teachers Copyright © 2023 by Commonwealth of Learning (COL) is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License, except where otherwise noted.

Share This Book