The 10 most commonly used attack vectors by cybercriminals
Viruses have been with us since computers began to be found on or under desks. A few decades ago, even before the Internet exist. In the beginning, they were clever demonstrations of program errors and spread via diskettes. Soon they began to be exploit for malicious purposes, causing data deletion, intrusion, system inoperability or service failure.
Computer systems and networks are now more complex, and the attack paths have become more diverse. Attacks arrive as email attachments, through human intermiaries, removable devices, via wireless connections, via WhatsApp. On websites, and also via our IT service providers, such as Kaseya software or SolarWinds .
Cybercriminals are constantly looking
For new ways to deliver their “malicious payload” or gain access. To our computers by taking advantage of human errors, configuration errors or system defects. These ways of reaching our systems are known in jargon as attack vectors . Let’s see which are the most common and what we can do to prevent cybercriminals from using them for their benefit and, almost always, to our detriment.
How do cybercriminals operate?
As you might expect, systems and networks ( hardware and software ) are not perfect. They may have security flaws or vulnerabilities about us that are well known in the circles frequent by cybercriminals, such as forums on the dark web . There, too, they can acquire specific developments to exploit them and launch their attacks.
They are also constantly and automatically scanning networks
For vulnerable (unpatch bugs) or misconfigur systems and unaware users who can serve as entry points. This, what can be attack, is known in the jargon as the attack surface , made up of the points on the perimeter of the device, network snbd host component, service, system or environment that can be us to gain entry, cause damage or extract data. And this includes users with their valuable access crentials.
As with any economy of scale, the greater the scope and chances of success of the attack, the greater the potential profits, so they will try to exploit widespread vulnerabilities. They will even try to physically break into our facilities or take advantage of internal employees, either by bribing them or simply tricking them into obtaining their access crentials – the key that opens the ‘doors’.
What are the most common attack vectors?
Considering that attack vectors are subject to change with technological advances and that cybercriminals could use several in each attack, these are currently the most common:
Email and instant messaging, for example phishing emails and SMS that impersonate organizations known to the recipient, such as banks, courier adb directory companies, the Tax Agency, our suppliers and customers, or our technical support, to trick you with various lures, into following links to fake websites where you will be ask to enter your crentials or download malicious attachments that install malware . Very often these are ransomware , that is, malware that blocks data in exchange for a ransom. In other cases, malware turns our devices into zombies at its service to launch attacks on third parties or for other unethical purposes.