ORSYS le mag 2025 logo

The training and skills medium

Home > Cybersecurity glossary > Attack vector

Attack vector

A attack vector is the specific method or path that a cyber attacker uses to exploit a vulnerability within the attack surface of a system, network, application or organisation. It represents the actual access route used by the attacker to carry out an intrusion and compromise security.

In other words, if the attack surface is all the potential weak points (unlocked doors, open windows in a building, etc.), the attack vector is the precise way in which the attacker will exploit these weaknesses to gain entry and cause damage (force the lock, go through an open window).

 

πŸ‘‰ Types of attack vector

Attack vectors take a variety of forms, often directly related to the types of attack surface:

Physics :

  • Attack vector: physical intrusion. The attacker gains physical access to a location to directly manipulate the equipment.
  • Example : Forcing access to a server room to steal data or damage equipment.

Software :

  • Attack vector: exploitation of software vulnerabilities. Use of vulnerabilities in applications, operating systems or APIs.
  • Examples:
    • SQL injection Introducing malicious SQL code via a web form to access the database.
    • Cross-Site Scripting (XSS): Inject malicious scripts into web pages to steal information or compromise users.
    • Exploiting buffer overflow : Overflowing a program's buffer memory to execute arbitrary code.

Network :

  • Attack vector: network attacks. Exploitation of weaknesses in network configuration or protocols.
  • Examples:
    • Attack by brute force SSH: Test numerous password combinations to access a server via SSH.
    • Attack Man-in-the-Middle (MITM): Intercept and potentially modify network communications (e.g. on an unsecured Wi-Fi network).
    • Denial of Service Distributed (DDoS) : Overwhelm a server with requests to make it unavailable.

Human :

  • Attack vector : social engineering. Psychological manipulation of users to encourage them to make mistakes or divulge information.
  • Examples:
    • Phishing sending fraudulent emails imitating trusted entities to steal identifiers or entice people to click on malicious links.
    • Pretexting: impersonating a legitimate person (technician, line manager) to obtain sensitive information.
    • Baiting: leaving infected devices (USB keys) in strategic locations to encourage users to use them.

Cloud :

  • Attack vector: misconfiguration or exploitation of cloud services. Abuse of configuration errors or vulnerabilities specific to the cloud.
  • Examples:
    • Data theft via public S3 bucket: access and download data stored in a misconfigured AWS bucket.
    • Climbing privileges in the cloud: exploiting vulnerabilities to obtain unauthorised administrative rights in a cloud environment

 

πŸ”‘ Key elements

 

  • Operating point : is the specific vulnerability targeted by the attack vector. This could be an open port, a software flaw, a configuration error or a lack of human vigilance.
  • Method of operation : is the technique or tool used to exploit the vulnerability. This could be an SQL injection script, a phishing email, a operation public, etc.
  • Intrusion path : the attack vector describes the path followed by the attacker, from the initial point of entry (external or internal) to the targeted asset (sensitive datacritical system...)

 

⚠️ Issues

 

  • Diversity and complexity : the multitude of vulnerabilities and attack methods creates a wide variety of vectors, making them complex to anticipate and defend against.
  • Constant development : Attack vectors are constantly evolving as new technologies are developed, vulnerabilities are discovered and attackers adapt.
  • Potential impact : a successful attack vector can lead to disastrous consequences: data theft, financial losses, damage to reputation, disruption of service, etc.

 

πŸ‘‰ Examples

  • Web application vulnerable to SQL injection :
    • Attack vector: SQL injection. The attacker uses the login form (entry point) to inject malicious SQL code into the database query (exploitation of the vulnerability) in order to access user accounts (compromise).
  • Teleworking employee using unsecured public Wi-Fi:
    • Attack vector: Man-in-the-Middle (MITM) attack on public Wi-Fi. An attacker on the same Wi-Fi network intercepts the employee's unencrypted communications (exploiting the vulnerability of public Wi-Fi) to steal identifiers or sensitive data (compromise).
  • Connected object (IoT) with vulnerable firmware :
    • Attack vector: exploitation of firmware vulnerability. The attacker uses a public exploit targeting the security flaw in the firmware (vulnerability exploitation) to take control of the IoT device and integrate it into a botnet (compromise).
  • Employee clicking on a phishing link:
    • Attack vector: phishing. The attacker sends a fraudulent e-mail (initial vector), the employee clicks on the link and discloses his credentials on a fake website (exploitation of human vulnerability), enabling the attacker to access his account and potentially the company network (compromise).

 

β™ŸοΈ Strategies for reducing attack vectors

 

  • Minimising the attack surface : reducing the number of entry points and unnecessary services reduces the potential attack vectors.
  • Continuous monitoring and detection of vulnerabilities : proactively identify and correct vulnerabilities (scanners, pentests) prevents them from being exploited as attack vectors.
  • Regular updates and patch management : correct known software security flaws eliminate common attack vectors (public exploits).
  • Network segmentation : limit the spread of an attack if a vector is exploited in one part of the network, minimising the overall impact.
  • User training and awareness : reduce the effectiveness of attack vectors based on social engineering (phishing).
  • Application of principle of least privilege : Limiting user and application access and rights reduces the potential damage if an attack vector is successful.

 

πŸ”§ Attack vector management tools

  • Risk mapping and threat modelling : identifies potential attack vectors based on vulnerabilities and critical assets.
  • Pentesting and penetration testing : simulate real attacks using various vectors to test the resistance of the system and identify exploitable weaknesses.
  • Vulnerability management : helps prioritise and correct vulnerabilities that represent points of exploitation for the most critical attack vectors.
  • SIEM (Security Information and Event Management) : analyses security logs and events to detect suspicious activity that may indicate the use of an attack vector in real time

 

Historical case

Target piracy - 2013

  • Initial attack vector : Exploitation of a vulnerability in the HVAC system connected to Target's internal network. The attackers used this HVAC system as an initial attack vector to penetrate the network.
  • Secondary attack vectors (lateral movement) : Once inside the network, the attackers used other secondary attack vectors to move laterally through the internal network, reaching point-of-sale systems and extracting credit card data.
Back to Glossary

field of training

ο€­

Cybersecurity

associated training



Systems and network security, level 1



Hacking and security, level 1



Information systems security, summary

BEST

Towards the ORSYS Cyber Academy: a free space dedicated to cybersecurity