Cyberattack techniques constantly evolve. And attack vectors–the paths or means by which cybercriminals attempt to gain unauthorized access to restricted resources and/or deliver malicious software–continue to expand. Accordingly, modern network defenses must be highly adaptive to ensure they identify and contain threats before they wreak havoc. While the possible attack vectors for launching successful cyberattacks are virtually endless–encompassing everything from the exploitation of outdated browser plugins to the furtive harvesting of account passwords–they ultimately fall into just a few main categories. In formulating a cybersecurity strategy, it’s important to understand these vectors and how to mitigate them at different points in the “cyber kill chain” concept pioneered by Lockheed Martin.
The cyber kill chain describes up to seven sequential stages during a targeted cyberattack:
- Command and control (C&C)
Some or all of these steps apply to each of the major attack vectors. Let’s look at them in more detail and also walk through how a managed detection and response (MDR) solution is ideal for detecting cybercriminals before they cause serious damage.
What Are the Five Biggest Attack Vectors?
The most prominent cyberattacks of recent years have run the gamut from the secretive surveillance of Superfish spyware to the upfront disruption of the WannaCry ransomware. All can be assigned to one or more of five types, each requiring specific forms of mitigation:
Malware is designed to infect target systems, to the detriment of users. It might spread through means such as malicious email attachments and hijacked network communications protocols (e.g., Server Message Block in the case of WannaCry).
Defending against malware requires a combination of user training and MDR. Teams should be trained to spot and ignore suspicious files and requests. Beyond that, endpoint protection software must be in place to spotlight critical exploits (the fourth stage in the Lockheed cyber kill chain), so that security engineers can then take appropriate action.
2. Potentially unwanted programs (PUPs)
PUPs are similar to malware, but generally more subtle in their designs. For example, instead of presenting the dramatic demands of ransomware, a PUP might simply linger in the background and log keystrokes, with the intent of capturing credentials. Alternatively, it might monitor your browser cookies and hard drive in order to serve you annoying targeted ads.
To prevent PUPs, avoid downloads from untrusted sites and app stores. If one does gain traction, MDR can flag connections to known download sites as well as C&C infrastructure.
Unlike malware or PUPs, phishing lets the target do most of the work. A phishing attempt usually happens via email, with instructions for the recipient to click a link, send money to a bank account or supply sensitive information such as a username-password combo. Nothing is installed.
Prevention can occur before, during and after a user’s engagement:
- Before: At the exploit stage of the kill chain, email security providers can check for suspicious URLs and block messages containing malware or spam.
- During: Recipients can look for cues such as typos, unusual email addresses and long URLs that might tip them off.
- After: Additional protections such as two-factor authentication can guard accounts with stolen passwords. Network sensors can also detect connections to C&C sites.
4. Brute-force attacks
Such attacks are exactly what they sound like: The use of raw computing power and automation to repeatedly guess a login until successful. Brute-force campaigns are often supported by massive botnets.
Common countermeasures include setting a low number of consecutive login attempts before lockout, requiring manual CAPTCHA input, and enforcing complex password requirements. The last step can help thwart attacker reconnaissance attempts to draw up a list of likely/commonly used passwords to feed into the botnet.
5. Outdated and unpatched software
Software that’s not up-to-date is a magnet for exploitation. Just ask Equifax. An unpatched vulnerability in its Apache Struts web framework led to the breach of 145 million social security numbers, addresses, driver’s license numbers, and credit card numbers.
Vulnerability scanning software can help identify systems in need of patches. If internal security resources are limited, prioritization of the most important platforms is essential.
MDR: The Ticket to More Reliable Protection Against All Attack Vectors
Between them, these five types cover most of the cyberattacks today’s organizations face. Unfortunately, many attack targets struggle to mitigate their risk levels: Detection can take months, while, after that, a strong response can require additional weeks of coordination. That means malware, PUPs and other threats have a lot of time to do significant damage.
The good news is that MDR provides a start-to-finish solution for identifying, detecting, responding to and recovering from cyberattacks. An economical and scalable security operations center with an included SIEM enables effective MDR 24/7/365.
About the AuthorYou might also be interested in...