The path taken or method used by a security breach into an IT system
This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Attack vector" – news · newspapers · books · scholar · JSTOR(March 2017) (Learn how and when to remove this message)
In computer security, an attack vector is a specific path, method, or scenario that can be exploited to break into an IT system, thus compromising its security. The term was derived from the corresponding notion of vector in biology. An attack vector may be exploited manually, automatically, or through a combination of manual and automatic activity.
Often, this is a multi-step process. For instance, malicious code (code that the user did not consent to being run and that performs actions the user would not consent to) often operates by being added to a harmless seeming document made available to an end user. When the unsuspecting end user opens the document, the malicious code in question (known as the payload) is executed and performs the abusive tasks it was programmed to execute, which may include things such as spreading itself further, opening up unauthorized access to the IT system, stealing or encrypting the user's documents, etc.
In order to limit the chance of discovery once installed, the code in question is often obfuscated by layers of seemingly harmless code.[1]
Some common attack vectors:
exploiting buffer overflows; this is how the Blaster worm was able to propagate.
exploiting webpages and email supporting the loading and subsequent execution of JavaScript or other types of scripts without properly limiting their powers.
exploiting networking protocol flaws to perform unauthorized actions at the other end of a network connection.
phishing: sending deceptive messages to end users to entice them to reveal confidential information, such as passwords.
^Provos, Niels; McNamee, Dean. "The Ghost In The Browser Analysis of Web-based Malware" (PDF) – via UseNix. {{cite journal}}: Cite journal requires |journal= (help)
In computer security, an attackvector is a specific path, method, or scenario that can be exploited to break into an IT system, thus compromising its...
mostly known as an attackvector for websites but can be used to attack any type of SQL database. SQL injection attacks allow attackers to spoof identity...
launch DDoS attacks in large scale. The memcached protocol over UDP has a huge amplification factor, of more than 51000. Victims of the DDoS attacks include...
Look up vector or vectorial in Wiktionary, the free dictionary. Vector most often refers to: Euclidean vector, a quantity with a magnitude and a direction...
is a man-in-the-middle attack and how can I protect my organization?". verizon.com. "Multi-VectorAttacks Demand Multi-Vector Protection". MSSP Alert...
may be exploited and then used to attack other parts of a system or network. These new metrics allow the Base vector to more clearly express the type of...
originated in Ukraine, compromised a Ukrainian government website. The attackvector was from users of the site downloading it. The malware erases the contents...
"it may (in theory) cause a denial of service" for attacked systems, but that this attackvector "is not especially plausible". Common Weakness Enumeration...
MTU, the SDU must be fragmented. IP fragmentation attacks exploit this process as an attackvector. Part of the TCP/IP suite is the Internet Protocol...
The attack surface of a software environment is the sum of the different points (for "attackvectors") where an unauthorized user (the "attacker") can...
vendors, including those running DD-WRT or OpenWrt firmware. The primary attackvector is SSH or telnet access. Using brute-forcing, it tries to gain access...
the kiosk as an information tool to bring awareness of the potential attackvector and they have discussed, but not publicly released, tools to perform...
harbored the malicious code. It was thought to be the "first large-scale attack on Apple's App Store", according to the BBC. The problems were first identified...
piece attackvectors, one for file attackvectors of rooks, and one each for the diagonal and anti-diagonal attackvectors of bishops (rank attacks of rooks...
difficulty diminishing the number of malvertising attacks, which "suggests that this attackvector isn’t likely to disappear soon." AIDS Trojan or PC...
of state used when necessary. File descriptor leaks are another common vector. Most general-purpose programming languages require the programmer to explicitly...
regard to the results of unaligned execution. If the input providing the attackvector into which the NOP slide and payload are to be introduced are filtered...
clear this was a supply chain attack, but the attackvector used is not specified. NotPetya is classified as a ransomware attack because it encrypted the hard-drives...
containing the XARA exploit from their iOS App Store. In XARA each attackvector violates the principles of a computer security sandbox. Untrusted partners...
Protocol (IIOP). Because HTTP requests are frequently logged, a common attackvector is placing the malicious string in the HTTP request URL or a commonly...
thus incorporating anti-submarine warfare (ASW) systems and Tomahawk Land Attack Cruise Missiles (TLAM). Shipboard torpedo and naval gunnery systems are...
AMD Secure Processor has been criticized by some as another possible attackvector... Werling, Christian; Buhren, Robert (24 August 2019), Dissecting the...
used for printers' though 'it also offers no security and is often an attackvector with printers'. AppSocket printing normally happens over port 9100....