Threat Vectors

The digital revolutions have changed all industries in positive ways, but on the other hand, they have also created unprecedented risks with cyberattacks. At best, an attack can be a nuisance; and at worst it can ruin a business putting people’s lives at risk, especially when talking about healthcare.

In this post we will talk about the how’s and why’s of cyberattacks, focusing on threat vectors (also known as attack vectors). Recognizing and minimizing threat vectors leads organizations to be able to block several attack methods at once, which saves time, money, and stress,

What are Threat Vectors?

Put simply, threat vectors are the routes that malicious attackers may use to get past your defenses and infect your network. We are going to be talking about six threat vectors in particular:

  • Network — This is the perimeter of your network, usually protected by something like a firewall.

  • User — Attackers commonly use social networks and social engineering to gather information and trick users into opening a pathway for an attack into their network.

  • E-mail — Malicious attachments and phishing attacks target the email threat vector.

  • Web Application — Cross-Site Scripting and SQL Injection are just two of the many attacks that take advantage of an ineffectively protected Web Application threat vector.

  • Remote Access — A corporate device using a wireless hotspot without security can be compromised and passed on to the corporate network.

  • Mobile — Smartphones, tablets, and other mobile devices can pass malware and other attacks into the corporate network. Additionally, mobile malware may be used to steal user data from the same mobile device.

A system can be attacked for passive (attempt to gain or use information but not affect the system) or active (direct attempt to alter the system or its operations) reasons.

The list of threat vectors is continuously growing as hackers look for and find new methods to exploit people and their system vulnerabilities to deliver malicious software access operation systems or access sensitive information.

Threat vectors can be categorized into two groups; social engineering or programming.

Programming Threat Vectors Social Engineering Threat Vectors

Viruses Instant Messages

Trojans Text Messages

Malware / ransomware Chat Room Messages

Macros Poor Password Protection

Pop-ups Phishing

Bogus email Attachments or web links Baiting

Drive-by-downloads Spoofing

Rootkits Cybersquatting

SQL Injection Session Hijacking

Unpatched Vulnerabilities Credential Reuse

Brute force/ cracking Malvertising

Distributed denial-of-service (DDoS) Disgruntled Employees

Both of these threat vector groups can be employed fluidly and simultaneously, which is why it’s necessary to expand how organizations approach cybersecurity.

How are threat vectors used?

One or more of six routes needs to be taken to gain access to a system, for this, the hacker has to:

  • Identify potential target and threat vectors.

  • Gather information.

  • Use the information to identify the additional tools needed.

  • Gain access to steal data, install malicious code, monitor for information worth stealing sometime in the future, or take control of the hacked system with a control server and a command for personal use.

Once the hackers identify the organization and its weakness in security, it becomes easy for them to utilize a ransomware threat vector to infiltrate, encrypt the data, and demand ransom.

Email is the foremost threat vector

Today, the easiest route into any computer system is to go through the email, and it’s what many threat vectors focus on. A big reason for this is due to human factors.

Email filtering tools can block a lot of malicious emails, but when one gets through all it takes is one single accidental click to grant unauthorized access to a hacker.

Additionally, leaks of sensitive information and breaches are not limited to external attacks; some are caused by the employees sending sensitive information in unsecured email messages. This is especially proven to be true in healthcare as the majority of breaches are caused by email according to the Health and Human Services (HHS) Breach Portal.

What is the importance of thinking in terms of threat vectors?

It’s essential to change the way we address information security, from focusing on specific events to aiming at threat vectors.

For example, the healthcare industry is one of the most vulnerable with a lucrative payoff and a large set of threat vectors. These include legacy and medical devices with patch vulnerabilities, the has been an increase in reliance on the Internet-of-Things (IoT) devices, overworked employees that are reached through social engineering, business associates with flimsy security and access to protected health information (PHI).

By learning about and focusing on threat vectors, healthcare organizations —and all industries— can proactively strengthen security for all six entry routes.

Even without knowing when a cyberattack is going to happen or who is behind it, identifying the threat vectors early provides an organization with the what, where, and how to create a solid information security program.

How can this knowledge help you?

Some organizations have gotten off luckier than others, some targeted organizations are seized to instigate public-wide attacks. And others become victims of espionage on behalf of another country.

These reasons are why the federal government has increased its assessments and fines against non-compliant organizations, and why it’s so important to understand threat vectors in combination with attacking methods rather than focusing on each individual breach.

Once the vulnerabilities and threat vectors are identified, strong cybersecurity can decrease the number of attack surfaces that can be used by a cybercriminal.

Some prevention strategies include:

  • HIPAA compliant email

  • Virtual patching

  • Isolation of old machines

  • Multi-factor authentication

  • Strong password policies

  • Offline backup

  • Strict policy enforcement

  • Continuous employee training

  • Additional smart device security

  • Web filters

  • Inbound email security

  • Threat detection programs

There is no single method that’s foolproof on its own. There should be multiple layers of security and protection just as there are multiple threat vectors,

Finally, learning about threat vectors and how cybercriminals use them is necessary to safeguard your organization and improve your posture in security.