Attack vector

In computer security, an attack vector is a specific path, method, or scenario that can be exploited to break into an IT system, thus compromising its security. The term was derived from the corresponding notion of vector in biology. An attack vector may be exploited manually, automatically, or through a combination of manual and automatic activity.

Often, this is a multi-step process. For instance, malicious code (code that the user did not consent to being run and that performs actions the user would not consent to) often operates by being added to a harmless seeming document made available to an end user. When the unsuspecting end user opens the document, the malicious code in question (known as the payload) is executed and performs the abusive tasks it was programmed to execute, which may include things such as spreading itself further, opening up unauthorized access to the IT system, stealing or encrypting the user's documents, etc.

In order to limit the chance of discovery once installed, the code in question is often obfuscated by layers of seemingly harmless code.[1]

Some common attack vectors:

  • exploiting buffer overflows; this is how the Blaster worm was able to propagate.
  • exploiting webpages and email supporting the loading and subsequent execution of JavaScript or other types of scripts without properly limiting their powers.
  • exploiting networking protocol flaws to perform unauthorized actions at the other end of a network connection.
  • phishing: sending deceptive messages to end users to entice them to reveal confidential information, such as passwords.

See also

References

  1. ^ Provos, Niels; McNamee, Dean. "The Ghost In The Browser Analysis of Web-based Malware" (PDF) – via UseNix. {{cite journal}}: Cite journal requires |journal= (help)