On those rare occasions an individual’s hardware is targeted, the main engineering components of an attack vector are (1) deception and (2) ignorance. Users are duped into weakening their system or network’s defenses—giving way to an onslaught of malicious code. And while most are aware that security is hardened through the enabling of firewall and anti-virus (AV) protection, there is no such thing as a complete, attack-proof technique. Just like security vendors are constantly updating their heuristics and virus definitions, a hacker is constantly updating his attack vector. The results are solutions that are rendered useless in a matter of days.
Almost every attack vector involves some sort of breach of confidentiality of information—a major concern for every user of technology. If an attacker is able to bring down a service for any amount of time, people are not able to access the information they need and immediately begin to worry about the safety and privacy of their data. That said, an attack vector usually results in one of (3) three exploits:
A phishing attack vector involves the impersonation of legitimate people and/or organizations. The attacker sends an email prompting the user to take an action that will result in the forfeiture of their sensitive data. The process of impersonation is achieved by spoofing the name, logo or website of a well-known individual or entity. This, of course, is to give the correspondence a false sense of authenticity.
SQL, or Structured Query Language, is programming language used to make calls to relational databases. An SQL injection, therefore, is the practice of exploiting an application that facilitates interaction between users and a central database. If proper security measures are not taken by the software developer, the attacker can gain access to the database through default usernames, passwords and database table prefixes. This may result in the corrupting or impairing of data, and redirecting of web pages.
The last type of attack vector impacts the availability of information. DDOS, or Distributed Denial of Service, occurs when a slew of traffic requests hits a single website or service at once. These attacks are designed to crash networks, or severely cripple them for a period of time. And because the majority of websites are not set up to handle the kind of traffic an attacker can harness by way of botnets, many webmasters , at some point during their online existence, find themselves victim to this type of compromise.
Although unique, each of these attacks share the commonality of infiltrating services or networks in which personally-identifiable information and other sensitive data can be sought out and stolen. Proper vigilance and attention is required to deal with a cybercriminal’s attack vector, regardless of the type of exploit being implemented.