NovaMDR leverages leading-edge security technology and world-class security experts
We are committed to supporting our customers in their journey towards regulatory compliance.
ForeNova represents a new way for companies to put an end to relentless, and often undetected, cyber threats coming from every direction. With ForeNova’s unified command center, businesses can detect threats that are already inside their network, and previously unknown.
11 Nov, 2024
5 Nov, 2024
1 Nov, 2024
Table of content
A threat vector, also known as attack vector, is a method cyber criminals use to gain unauthorized access to computer systems and networks. Hackers exploit threat vectors to gain access to user accounts or load malicious software (malware) onto systems to launch cyber-attacks, with the aim of stealing sensitive information and causing system failures. The total number of all possible entry points (threat vectors) for unauthorized access into a system is known as its attack surface.
Common threat vectors include malicious emails in phishing attacks, weak or stolen passwords, drive-by download attacks, web applications, and trusted relationships. These will be discussed in greater depth below.
It is well-established that cyber-attacks are frequent and cause significant losses and disruption. Statista reports that the average total cost per data breach worldwide is $4.35M USD in 2022, the highest on record. Given that threat vectors are the entry points into computer systems and networks, closing them will go a long way in preventing devastating cyber-attacks. In fact, keeping the attack surface as small as possible is a basic security measure.
However, you first have to know your risks in order to mitigate them. So let’s take a look at the most common threat vectors and understand how they are exploited and how they can be mitigated.
Phishing emails are fraudulent emails sent by attackers posing as trusted senders. This is a form of social engineering where email recipients are manipulated into aiding attackers to gain access. Victims are often lured into clicking on a link that downloads malware or takes them to a fake login page where their passwords are stolen once entered. Attackers may also lure victims into opening email attachments that are themselves malware or legitimate files embedded with malicious code. In other cases, victims are tricked into disclosing their usernames and passwords, which are then used to gain direct access to their accounts.
Ways to mitigate this threat vector:
An effective way hackers launch cyber-attacks is by gaining access to valid accounts. This provides attackers with the user privileges and trust to evade security detection and operate with less scrutiny. Hackers have a myriad of ways at their disposal to gain access to valid accounts. For example, they can use password dictionaries and brute-force attack tools to crack weak passwords. Attackers enjoy great success with these methods due to the prevalent use of simple and default passwords. Alternatively, attackers can use compromised passwords, either obtained on the dark web or stolen by themselves through other attacks, to access accounts.
Ways to mitigate this threat vector:
Web applications are programs and services that organizations make available for access on the internet. These include email, office suites, search bars, photo editors, and comments modules. However, vulnerabilities are often found in web applications, including the application servers hosting apps and databases that store their data. Because web applications are accessible on the internet, attackers can freely exploit their vulnerabilities to steal data or gain unauthorized access. For example, using the popular SQL injection attack, in which malicious queries are made to an SQL database, attackers can extract data such as passwords (in encrypted form) and credit card details.
Ways to mitigate this threat vector:
A drive-by download occurs when malware is downloaded onto a device over the normal course of internet browsing, including legitimate and trusted websites. This happens because attackers have compromised the website with malicious code. In some cases, malware is downloaded after a user clicks on a link, a pop-up window, or advertisement. Attackers often masquerade their ads as attractive offers, warning messages, and browser update alerts to trick people into clicking. In other cases, malware is downloaded without any user interaction. This is made possible by vulnerabilities in the user’s internet browser that allows the attacker’s code to exploit it.
Ways to mitigate this threat vector:
Remote access services allow users to connect to remote systems and networks. Commonly used remote access services include virtual private networks (VPN) and Windows remote desktop services, which provide remote workers with complete access to their workstation using another device. However, threat actors can scan for instances of these remote connections on the internet. Once these are discovered, they can hack the connection by breaking into the user’s account using a brute-force attack or exploiting misconfigurations and vulnerabilities in the service. A successful breach of a remote connection gives hackers access to workstations and network resources just like normal users.
Ways to mitigate this threat vector:
A trusted relationship in this context is an arrangement where a third-party organization is given access to the computer systems and network of another organization. This kind of trusted relationship is often found with managed service providers (MSP), third parties that remotely manage a customer's IT infrastructure and systems, and software suppliers. MSPs and software suppliers are often given elevated levels of privileges to render their services. Attackers can take advantage of these trusted relationships by launching attack against third-party service providers to gain unrestricted access to their customers’ systems and networks in what are known as supply chain attacks.
Ways to mitigate this threat vector:
Malware distribution using removable media has been around for a long time. The world’s first ransomware virus was spread using floppy disks back in 1989. However, this form of malware distribution to gain access to computer systems still exists today and is growing. Research from Honeywell indicates that 52% of threats are specifically designed to use USB drives, up from 32% the previous year, with 81% of industrial control systems at risk. In other cases, malware already on a system can copy itself onto any connected USB drives. This gives attackers access to remote systems, especially those on air-gapped networks.
Ways to mitigate this threat vector:
Insider threats are threats that come from within an organization in the form of negligent and malicious employees. Negligent insiders are those who are generally aware of the organization’s security policies but choose to ignore them. For example, revealing their passwords and connecting to the intranet using public wi-fi or personal VPNs. These actions inadvertently give attackers an easy route into organization’s systems and networks. Malicious insiders are those who carry out malicious activities on purpose. They may have been bribed by threat actors to steal data like trade secrets and customer information or help them load malware onto systems.
Ways to mitigate this threat vector:
At ForeNova, we understand that staying on top of all the risks in your network environment can be a tall order. That’s why we provide a risk assessment service, NovaTA, to help customers uncover all the risks, vulnerabilities, and existing threats inside their network.
NovaTA uses our state-of-the-art Network Detection and Response solution, NovaCommand, to scan your entire network. This helps us gather information about all the assets connected to your network, including PCs, servers, mobile devices, and IoT devices. This ensures that no device is left unaccounted for and unprotected. NovaCommand and our experts combine to identify all security risks and weaknesses, such as operating system vulnerabilities and weak passwords.
NovaCommand also uses machine learning to teach itself the normal behavior of your network. This enables it to detect irregular behavior on the network that likely indicate an existing threat. After a complete security risk assessment, our experts report their findings and provide you with recommendations on mitigating the identified risks. We also help you eradicate any threats and find out the root cause of the attack to plug the weakness and prevent future compromise.
With NovaTA, you enjoy a professional risk assessment and remediation service that effectively minimizes your attack surface to safeguard your business. You can find more information on the NovaTA and NovaCommand pages and do not hesitate to contact us for any inquiries.