Compliance with threat intelligence isn’t sufficient to stay abreast of phishing, MITM, DDoS, and other cyber attacks. Security experts need reports of continuous asset discovery over a specific attack surface to mitigate cyber risks. Cybercriminals exploit vulnerable assets using attack vectors. This blog discusses the connection between these two terms that are mistakenly used interchangeably.
What is an attack surface?
An attack surface is the sum total of all the points in a technical architecture that a cybercriminal can break into to get unauthorized access. It encompasses all vulnerability sets or security loopholes at endpoints alongside all permutations and combinations of methods in which they can fool your system to bypass security protocols. An attack surface also includes users because cybercriminals manipulate them using social engineering tactics.
Attack surface analytics is a risk assessment solution that gives insights into the size and nature of a company’s technical attack surface and vulnerability pouches.
Attack surface monitoring is another risk assessment solution that continuously gauges the size and composition of a surface and appraises the threat involved.
Types of attack surfaces
As per the vulnerability definition, these attack surfaces are broadly categorized under three types.
1. Physical attack surface
These include all physical digital entry points to your system, like secured and unsecured ports, wi-fi networks, computers, laptops, mobile devices, IoT devices, USBs, etc. Such points have vulnerabilities that are exploited to attempt phishing or malware-injection attacks to steal or intercept confidential data or source codes.
You can guard your company’s physical attack surface by deploying robust measures, especially where sensitive data is stored. Also, establish policies to get rid of unused hardware and confidential paper files.
2. Digital attack surface
This encompasses all the internet-facing assets like dangling DNS, databases, HTTPS websites, cloud instances, remote machines, third-party vendors accessing sensitive files, etc. It’s complicated to minimize the vulnerability pouches of a digital attack surface due to remote locations and the involvement of cloud storage.
Understand the scope of an attack and devise a strategy for continuous asset discovery of known assets, unknown assets, third-party assets, and subsidiary assets.
3. Human attack surface
Your human resource is the weakest link and the most vulnerable attack surface. The weaponization of human attack surfaces uses social engineering techniques like phishing, smishing, vishing, etc.
Known and unknown risks can be managed proactively if your employees are well-aware and educated about these threats and the risks involved in dealing with them.
What are attack vectors?
Attack vectors are particular methods used by cybercriminals to exploit vulnerabilities to break or infiltrate your network or devices. They use different forms of techniques like malware injection, ransomware, DDoS attacks, SQL injection attacks, compromised credentials, man-in-the-middle attacks, etc. Some attack vectors target loopholes in your security and overall technical structure, whereas others aim at exploiting human links to access a system.
For a mid or large-sized company, an attack surface can be widespread and include thousands of assets which should be monitored regularly. Read more about 5 email security basics for every type of business here. This also includes the use of email authentication protocols- SPF, DKIM, and DMARC.
Common types of attack vectors
Some of the commonly used attack vectors are:
Compromised access credentials
Cybercriminals steal your passwords or take advantage of stolen passwords available on the dark web. People also tend to use the same passwords across accounts and devices which increases the risk of losing all at once.
It’s suggested to train yourself and your employees about password hygiene practices which are about selecting, managing, and maintaining strong passwords. The use of two-factor authentication is also encouraged to stay abreast of cyber attacks.
Software vulnerabilities
Software vulnerabilities involve unpatched devices and systems with a zero-day vulnerability, uninstalled application updates, and hardcoded backdoor access. Cybercriminals are also capable of exploiting SQL codes to gain unauthorized access to confidential information.
Insider threats
You never know if your employees have malicious intentions and they expose sensitive details. You need to impose strict policies against such acts to avoid being a victim.
Phishing, Smishing, and Vishing
Phishing uses emails, smishing involves text messages or common messaging applications, and vishing uses voice calls or voice mails to manipulate targets into sharing sensitive details or making online transactions.
Malware
Malware is short for malicious software and it includes computer viruses, spyware, adware, ransomware, Trojan horses, etc. Malware can compromise devices and networks to corrupt, leak, intercept, or surveil data. Using antivirus and antispyware software, installing a firewall, intrusion detection system (ISD) and intrusion prevention system (IPS) shield your company against all types of malware attacks.
Denial of Service (DoS)
Denial of service is a cyber attack designed to flood a network with malicious traffic which causes websites or other online services to shut down temporarily or permanently. It’s attempted by sending inputs that take advantage of bugs in the target that ultimately crashes or severely disable the system so that no one can access it.
Man-in-the-Middle (MITM) Attack
It’s an eavesdropping attack where cybercriminals position themselves between two legitimate participants to intercept, modify, and manipulate their conversation, transaction, or data transfer. An MITM attack is attempted between people, servers, and devices by exploiting vulnerabilities in public wifi, SSL/TLS connections, routers, and default security settings.
Poor system configuration or encryption
Improper or mediocre configuration of software, applications, protocols, cloud services and other resources causes data breaches, data leaks, malware injections, and system loopholes. Methods like SSL certificates and DNSSEC (Domain Name System Security Extensions) reduce the risk of man-in-the-middle attacks and prevent phishing.
Relationship between attack vectors and attack surfaces
There won’t be an attack surface if there isn’t an attack vector that encompasses all your company’s devices, networks, non-SSL websites, etc. Lesser attack vectors mean a smaller attack surface and vice-versa. A comprehensive and well-devised cybersecurity strategy mitigates the attack vectors a threat actor can use to manage the risk to their company’s attack surface. By having proper insight and reports of asset discovery drills and knowing what’s out there on your network, you can get an expanded overview of the entire threat landscape.
Stay ahead of cybercriminals
Companies should adopt the ‘three-legged stool’ approach by investing in security, legal, and finance to ensure robust threat intelligence and management across systems and offices. Red SIft’s Hardenize continuously performs asset discovery round-ups and helps with certificate inventory with support for Certificate Transparency Log analysis.
Our phishing takedown service reduces brand damage by being at the forefront of detecting and acting spontaneously if your business is under cyber risk. Talk to our experts to get a free analysis of your attack surface today.
