How are attack vectors and attack surfaces related?

Compliance with threat intelligence isn’t sufficient to stay abreast of phishing, MITM, DDoS, and other cyber attacks. Security experts need reports of continuous asset discovery over a specific attack surface to mitigate cyber risks. Cybercriminals exploit vulnerable assets using attack vectors. This blog discusses the connection between these two terms that are mistakenly used interchangeably.

What is an attack surface?

An attack surface is the sum total of all the points in a technical architecture that a cybercriminal can break into to get unauthorized access. It encompasses all vulnerability sets or security loopholes at endpoints alongside all permutations and combinations of methods in which they can fool your system to bypass security protocols. An attack surface also includes users because cybercriminals manipulate them using social engineering tactics. 

Attack surface analytics is a risk assessment solution that gives insights into the size and nature of a company’s technical attack surface and vulnerability pouches.

Attack surface monitoring is another risk assessment solution that continuously gauges the size and composition of a surface and appraises the threat involved.

Types of attack surfaces

As per the vulnerability definition, these attack surfaces are broadly categorized under three types.

1. Physical attack surface

These include all physical digital entry points to your system, like secured and unsecured ports, wi-fi networks, computers, laptops, mobile devices, IoT devices, USBs, etc. Such points have vulnerabilities that are exploited to attempt phishing or malware-injection attacks to steal or intercept confidential data or source codes. 

You can guard your company’s physical attack surface by deploying robust measures, especially where sensitive data is stored. Also, establish policies to get rid of unused hardware and confidential paper files.

2. Digital attack surface

This encompasses all the internet-facing assets like dangling DNS, databases, HTTPS websites, cloud instances, remote machines, third-party vendors accessing sensitive files, etc. It’s complicated to minimize the vulnerability pouches of a digital attack surface due to remote locations and the involvement of cloud storage.

Understand the scope of an attack and devise a strategy for continuous asset discovery of known assets, unknown assets, third-party assets, and subsidiary assets. 

3. Human attack surface

Your human resource is the weakest link and the most vulnerable attack surface. The weaponization of human attack surfaces uses social engineering techniques like phishing, smishing, vishing, etc. 

Known and unknown risks can be managed proactively if your employees are well-aware and educated about these threats and the risks involved in dealing with them.  

What are attack vectors?

Attack vectors are particular methods used by cybercriminals to exploit vulnerabilities to break or infiltrate your network or devices. They use different forms of techniques like malware injection, ransomware, DDoS attacks, SQL injection attacks, compromised credentials, man-in-the-middle attacks, etc. Some attack vectors target loopholes in your security and overall technical structure, whereas others aim at exploiting human links to access a system.

For a mid or large-sized company, an attack surface can be widespread and include thousands of assets which should be monitored regularly. Read more about 5 email security basics for every type of business here. This also includes the use of email authentication protocols- SPF, DKIM, and DMARC. 

Common types of attack vectors

Some of the commonly used attack vectors are:

Compromised access credentials

Cybercriminals steal your passwords or take advantage of stolen passwords available on the dark web. People also tend to use the same passwords across accounts and devices which increases the risk of losing all at once. 

It’s suggested to train yourself and your employees about password hygiene practices which are about selecting, managing, and maintaining strong passwords. The use of two-factor authentication is also encouraged to stay abreast of cyber attacks.

Software vulnerabilities

Software vulnerabilities involve unpatched devices and systems with a zero-day vulnerability, uninstalled application updates, and hardcoded backdoor access. Cybercriminals are also capable of exploiting SQL codes to gain unauthorized access to confidential information.

Insider threats

You never know if your employees have malicious intentions and they expose sensitive details. You need to impose strict policies against such acts to avoid being a victim.

Phishing, Smishing, and Vishing

Phishing uses emails, smishing involves text messages or common messaging applications, and vishing uses voice calls or voice mails to manipulate targets into sharing sensitive details or making online transactions. 


Malware is short for malicious software and it includes computer viruses, spyware, adware, ransomware, Trojan horses, etc. Malware can compromise devices and networks to corrupt, leak, intercept, or surveil data. Using antivirus and antispyware software, installing a firewall, intrusion detection system (ISD) and intrusion prevention system (IPS) shield your company against all types of malware attacks. 

Denial of Service (DoS)

Denial of service is a cyber attack designed to flood a network with malicious traffic which causes websites or other online services to shut down temporarily or permanently. It’s attempted by sending inputs that take advantage of bugs in the target that ultimately crashes or severely disable the system so that no one can access it.

Man-in-the-Middle (MITM) Attack

It’s an eavesdropping attack where cybercriminals position themselves between two legitimate participants to intercept, modify, and manipulate their conversation, transaction, or data transfer. An MITM attack is attempted between people, servers, and devices by exploiting vulnerabilities in public wifi, SSL/TLS connections, routers, and default security settings.

Poor system configuration or encryption

Improper or mediocre configuration of software, applications, protocols, cloud services and other resources causes data breaches, data leaks, malware injections, and system loopholes. Methods like SSL certificates and DNSSEC (Domain Name System Security Extensions) reduce the risk of man-in-the-middle attacks and prevent phishing.

Relationship between attack vectors and attack surfaces

There won’t be an attack surface if there isn’t an attack vector that encompasses all your company’s devices, networks, non-SSL websites, etc. Lesser attack vectors mean a smaller attack surface and vice-versa. A comprehensive and well-devised cybersecurity strategy mitigates the attack vectors a threat actor can use to manage the risk to their company’s attack surface. By having proper insight and reports of asset discovery drills and knowing what’s out there on your network, you can get an expanded overview of the entire threat landscape. 

Stay ahead of cybercriminals

Companies should adopt the ‘three-legged stool’ approach by investing in security, legal, and finance to ensure robust threat intelligence and management across systems and offices. Red SIft’s Hardenize continuously performs asset discovery round-ups and helps with certificate inventory with support for Certificate Transparency Log analysis. 

Our phishing takedown service reduces brand damage by being at the forefront of detecting and acting spontaneously if your business is under cyber risk. Talk to our experts to get a free analysis of your attack surface today.

*Subject to availability


Red Sift

13 Jun. 2023


Recent Posts


Preventing certificate related violations in cybersecurity frameworks:  A guide to certificate monitoring…

Rebecca Warren

TLS is one of the most widely adopted security protocols in the world allowing for unprecedented levels of commerce across the internet.  At the core of the TLS protocol is TLS certificates. Organizations must deploy TLS certificates and corresponding private keys to their systems to provide them with unique identities that can be reliably…

Read more

Red Sift ASM & Red Sift Certificates: the missing link in your…

Billy McDiarmid

According to Gartner, Attack Surface Management (ASM) refers to the “processes, technology and managed services deployed to discover internet-facing enterprise assets and systems and associated exposures which include misconfigured public cloud services and servers.” This broad category of tooling is used within Continuous Threat Exposure Management (CTEM) programs, with many vendors within it having…

Read more

The best tools to protect yourself from SubdoMailing

Francesca Rünger-Field

In late February 2024, ‘SubdoMailing’ became a trending search term overnight. Research by Guardio Labs uncovered a massive-scale phishing campaign that had been going on since at least 2022. At the time of reporting, the campaign had sent 5 million emails a day from more than 8,000 compromised domains and 13,000 subdomains with several…

Read more
Product Release

Red Sift’s Spring 2024 Quarterly Product Release

Francesca Rünger-Field

This early into 2024, the cybersecurity space is already buzzing with activity. Emerging standards, such as Google and Yahoo’s bulk sender requirements, mark a new era of compliance for businesses reliant on email communication. At the same time, the prevalence of sophisticated cyber threats, such as the SubdoMailing campaign, emphasizes the continual hurdles posed…

Read more