Last week we did a deep dive into data collection and how that data travels through the MACeBox and winds up at MACeHome. Now that it’s here, we need to begin building out our threat intelligence so that we can identify threats and respond accordingly. There are a few different ways that we can do this such as, monitoring commonly known attack vectors, continually building out Indicators of Compromise (IoC) and Indicators of Attack (IoA), running data through ML models to look for correlations, and most importantly utilizing the knowledge, experience, and passion of our human threat hunting team.
Ok, I just threw a bunch of words at you so let’s start at the top of the list by looking at attack vectors. What are they, how do hackers use them, what kind of impact can they have, and how can we use those same vectors against the threat? Wow, those are some great questions. You’re on top of it today.
What are Attack Vectors?
If you’re familiar with aviation or maritime practices, vectors are headings and paths that can help a plane or ship determine their course of travel or distinguish between moving and stationary objects to avoid collisions. In cybersecurity, attack vectors function in a similar way – paths that an attacker can choose to take to avoid being noticed. Attack vectors are different methods that the malicious actors use to force their way in and spread through your network by finding, or in some cases, creating a literal hole in your defense.
Attack vectors come in a lot of shapes and sizes. Here’s a very small fraction of the types of vectors at a hacker’s disposal:
- Software vulnerabilities (zero-day, injection, access control, xss)
- Compromised credentials
- Weak passwords
- APT (Advanced Persistent Threat)
How do hackers use Attack Vectors?
Let’s take a look at a few of the examples from above. Weak passwords are like word searches for threat actors – keep looking and eventually you come across one you know. Distributed Denial of Service (DDoS) attacks are used to disrupt the normal traffic on a server by overloading them with requests. Software vulnerabilities, like cross site scripting, access control, and unpatched zero-day exploits are common attack vectors used by malicious actors to infiltrate your network. And of course, let’s not forget about that generous Nigerian prince who is awaiting your reply in order to deposit $1m USD into your bank account – just let him know where he needs to deposit the funds.
What kind of impact can Attack Vectors have?
In the above examples, it all comes down to PPT (no, not PowerPoint files), People, Processes, and Technology.
Back in March, the California State Controller’s Office was hit by a phishing attack where an employee clicked on a malicious link, “logged in” to the imposter site, and inadvertently allowed a hacker access to their email for about 24 hours. This gave the hacker the ability to view PII from the Unclaimed Property Holder Report as well as the opportunity to fire off more phishing emails to the user’s contacts, making the other malicious emails seem even more legitimate. This is why it’s important to train your people on the attack vectors that will impact them.
Just a couple weeks ago, a security researcher found that an unsecured Experian API allowed anyone to access private credit scores of tens of million Americans just by entering in a few easy-to-find parameters. While this may not seem like a big deal, hackers now know who is worth their time. If the standard process for securing those APIs were followed by people, this would not have been the case.
When it comes to technology, just take a look at Solarwinds or the Microsoft Exchange attacks. The vulnerabilities were known, patches were pushed out, and organizations sat on this information while nation-states were quick to move in and target those who were unable to respond, costing companies Billions of dollars across ransoms, legal proceedings, PR nightmares, loss of sales revenue due to loss of trust, and repercussions due to employees and customers. People, process, and technology are the 3 pillars of attack vectors that hackers focus on when planning and executing their attack.
How do we use Attack Vectors against malicious actors?
As I mentioned before, a vector is a path or bearing between two points. If you know that path (and we know those paths), then you can trace the line until you find the breach. Or, if you have enough data (pssst, we covered that last week – to the tune of billions of data points per week) you can get there even faster by triangulating their position. This is our concept of creating haystacks and then looking for the elusive needle.
By understanding the common and emerging attack vectors, we can find clues in the data that we gather to build out our threat intelligence so that you can rest assured that we keep your data safe. After all, we’re Milton Security. Obviously, we protect your brand.
Stay tuned, because next week, we’ll dive into IoC and IoA and how the ML models we use help us quickly identify suspicious activity.