In this video you will learn about attack vectors such as: direct access, wireless, email, supply chain, social media, removable media, and cloud attack vectors.
Attack Vectors
An attack vector is a pathway or method used by a hacker to illegally access a network or computer in an attempt to exploit system vulnerabilities. Hackers use numerous attack vectors to launch attacks that take advantage of system weaknesses, cause a data breach, or steal login credentials. Such methods include sharing malware and viruses, malicious email attachments and web links, pop-up windows, and instant messages that involve the attacker duping an employee or individual user.[1] There are 7 types of attack vectors that you need to be concerned with in regards to the CompTIA Security+ SY0-601 certification exam:[2]
Direct Access: direct access or physical access to a device.
Wireless: includes hijacking wireless connections, rogue wireless devices, evil twins, & other attack vectors that was learned in objectives 1.4.
Email: include phishing & spear phishing emails with malicious attachments or malicious links.
Supply Chain: tampering with hardware and/or software of supply chain vendors. The tampering might occur in-house or earlier, while in transit through the manufacturing supply chain.
Social Media: includes leveraging social media platforms for reconnaissance or to launch social engineering attacks.
Removable Media: includes leaving USB drives unattended or placing them in strategic locations where unsuspecting users think the devices are lost & insert them into their systems to figure out who to return the devices to. This often leads to malware being introduced into the computer or network.
Cloud: includes misconfigured and insecure cloud deployments in addition to unpatched applications, operating systems, & storage buckets.