¿Qué es Technical Concepts?

Technical Concepts - Comfidentia

An attack vector (also “attack route” or “compromise method”) is the method or route that an attacker uses to access a system or network, representing entry points and specific techniques used to compromise security. Attack vectors can include software vulnerabilities, incorrect configurations, compromised credentials, social engineering, phishing attacks, or exploitation of exposed services, being fundamental for organizations to identify and reduce their attack surface through the implementation of appropriate security controls, vulnerability management, and continuous monitoring.

What is an Attack Vector?

An attack vector is the specific route or method that an attacker uses to compromise a system, network, or application.

Types of Vectors

Network Vectors

Open ports: Exposed network ports
Services: Vulnerable services
Protocols: Insecure protocols
Firewalls: Incorrect configurations

Application Vectors

Web: Vulnerable web applications
APIs: Misconfigured APIs
Databases: Exposed databases
Services: Application services

User Vectors

Phishing: Malicious emails
Social engineering: User manipulation
Credentials: Compromised credentials
Devices: Infected devices

Physical Vectors

Physical access: Direct access to hardware
Devices: Malicious USB devices
Media: Storage media
Facilities: Facility access

Common Vectors

Email

Phishing: Phishing emails
Malware: Malicious attachments
Links: Malicious links
Spam: Unsolicited email

Web

SQL Injection: SQL injection
XSS: Cross-site scripting
CSRF: Cross-site request forgery
LFI/RFI: Local/Remote file inclusion

Network

Port scanning: Port scanning
Vulnerabilities: Vulnerability exploitation
Sniffing: Traffic interception
Spoofing: Identity spoofing

Pretexting: Creating false scenarios
Baiting: Using incentives
Quid pro quo: Exchange of favors
Tailgating: Following authorized persons

Mitigation

Technical Controls

Firewalls: Implement firewalls
IDS/IPS: Detection systems
Antivirus: Antivirus software
Patches: Patch management

Administrative Controls

Policies: Security policies
Training: Staff training
Procedures: Security procedures
Audits: Regular audits

Physical Controls

Access: Physical access control
Devices: Device security
Media: Media protection
Facilities: Facility security

Detection

Monitoring

Logs: Log analysis
Events: Event monitoring
Anomalies: Anomaly detection
Alerts: Alert systems

Analysis

Correlation: Event correlation
Forensics: Forensic analysis
Timeline: Event reconstruction
Impact: Impact assessment

Security Breaches - Result of successful attack vectors
Patient 0 - First system compromised by attack vectors
IOC - Indicators of attack vectors
APT - Threats that use multiple vectors
Forensic Analysis - Methodology that identifies attack vectors
Penetration Testing - Technique that evaluates attack vectors
Social Engineering - Human attack vector
SIEM - System that detects attack vectors
EDR - Tool that detects attack vectors
Firewall - Device that blocks attack vectors
Antivirus - Tool that detects attack vectors
CISO - Role that manages attack vectors