When the attacker has direct access it can be trivial to infect devices and systems. The attack vectors that the comp teaya 20 22 security + exam wants you to be familiar with include direct access, wireless, e mail, removable media, social media, cloud systems, and supply chains.ĭirect access encomposes attack methods where the hacker gains physical access to facilities, hardware, and infrastructure. Phishing: sending deceptive messages to end users to entice them to reveal confidential information, such as passwords. Some real world examples of common attack vectors include:Įxploiting buffer overflows this is how the Blaster worm was able to propagate.Įxploiting webpages and email to support loading and subsequent execution of JavaScript, or other types of scripts without properly limiting their powers.Įxploiting networking protocol flaws to perform unauthorized actions at the other end of a network connection.
In order to limit the chance of discovery once installed, the code in question is often obfuscated by layers of seemingly harmless code. These tasks may include things such as spreading itself further, opening up unauthorized access to the IT system, stealing or encrypting the user's documents, and more. When the unsuspecting end user opens the document, the malicious code in question, known as the payload, is executed and performs the abusive tasks it was programmed to execute.
For instance, malicious code, I E code that the user did not consent to being run and that performs actions the user would not consent to, often operates by being added to a harmless seeming document made available to an end user. An attack vector may be exploited manually, automatically, or through a combination of manual and automatic activity. In computer security, an attack vector is a specific path, method, or scenario that can be exploited to break into an IT system, thus compromising its security. Some sections compiled with voice to text software - So there are one or two funny spelling errors