Emerging Attack Vectors in Cyber Security

In Cyber Security, knowing about attack vectors is key to keeping information safe and systems secure. An attack vector is a way that cybercriminals use to break into a network, system, or application by taking advantage of weaknesses. Attack vectors refer to the various paths or methods that attackers use to gain unauthorized access to a system, network, or application to exploit vulnerabilities, steal data, or cause damage.

As cyber threats grow more complex, it’s more important than ever to identify and protect against these attack vectors. This article will look at the different types of attack vectors, their effects on cybersecurity, and how to defend against them.

Attack vectors are the specific paths or methods that cyber attackers use to gain unauthorized access to a system, network, or application. These vectors serve as entry points for attacks, allowing malicious actors to exploit vulnerabilities. Every ethical hacker has their unique attack vector to check the security of the target application, this application may be a web application or an android application. They take advantage of weaknesses or flaws in the system to steal information, cause damage, or gain control.

• Phishing : It is a type of cyber attack in which user or victim is duped to click on harmful sites which are crafted in a way to feel authentic site.  The most common mode of phishing is by sending spam emails that appear to be authentic and thus, taking away all credentials from the victim. 
• Malware : Malware is short for malicious software and refers to any software that is designed to cause harm to computer systems, networks, or users. Malware are designed to gain access to computer systems, generally for the benefit of some third party, without the user’s permission.
• MITM : In Man-in-the-Middle (MitM) attacks there is an unwanted proxy in the network intercepting and modifying the requests/responses. This proxy is called a Man in the middle.
• Denial of Service: Denial-of-Service (DoS) is a cyber-attack on an individual Computer or Website with the intent to disrupt an organization’s network operations by denying access to its users. It is done by flooding the targeted machine or resource with surplus requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.
• Insider Attacks: Insider Threats or Insider Attack are caused by insiders like former employees, business partners, contractors, or security admins having access to the confidential information previously.  
• Ransomware: Ransomware is a form of malicious software that prevents computer users from accessing their data by encrypting it.
• SQL Injection: SQL injection is a code injection technique attackers use to gain unauthorized access to a database by injecting malicious SQL commands into web page inputs.

Infosys: Indian IT services company Infosys experienced a data breach in November 2024, affecting its US unit, Infosys McCamish Systems. The breach led to the unavailability of several applications, and the company is still investigating the impact​.

Indian Council of Medical Research: A data breach exposed health data of around 815 million Indian citizens in October 2023. The breach was caused by a threat actor named “pwn0001,” who claimed to have the data for sale​.

Hyundai Motor Europe: In February 2024, Hyundai Motor Europe was hit by a ransomware attack named Black Basta , where the attackers claim to have stolen 3TB of corporate data​.

Boeing: In November 2024 Boeing reported a cyber incident that impacted various parts of its business. It was attacked by the LockBit ransomware gang initially claimed responsibility, though Boeing confirmed that the incident did not affect flight safety.​

• Network Segmentation: Network Segmentation is defined as the process of dividing a computer network into smaller, isolated segments or subnetworks. Sometimes, network segmentation is also referred to as network isolation or network segregation. Where each segment is separated from other segments by network devices such as routers, switches, or firewalls.
• Intrusion Detection and Prevention System: Intrusion Prevention System is also known as Intrusion Detection and Prevention System. It is a network security application that monitors network or system activities for malicious activity. Major functions of intrusion prevention systems are to identify malicious activity, collect information about this activity, report it and attempt to block or stop it. 
• Antivirus : Antivirus/Anti-Malware Software is a type of software program that helps protect the computer system from viruses and malwares. It detects the viruses in the computer system and destroys them. It also protects the computer system from specific malware.
• Encryption: Data Encryption is a method of preserving data confidentiality by transforming it into ciphertext, which can only be decoded using a unique decryption key produced at the time of the encryption or before it. The conversion of plaintext into ciphertext is known as encryption.

An attack surface refers to all the locations, interfaces, or channels by which an attacker may obtain unauthorized access to a system, network, or application. It comprises the entire vulnerabilities, access points, and potential channels of attack that exist inside an organization’s cyberspace.

• Insecure Direct Object Reference is commonly known as IDOR, and it is a permission-based vulnerability that allows an attacker to modify or access resources belonging to other users of the application. 
• The Fundamental concept behind the IDOR vulnerability is that an endpoint of the application tries to give access for modifying and accessing the user data. Data may contain images, addresses, and files, and in some cases contain the username and password of a user.
• Nowadays, IDOR is a common and emerging attack vector for web applications because IDOR vulnerability gives access permission and any problem related to permissions cannot be fixed automatically or by default.

• Security researcher Gareth Heyes discovered a new attack vector, namely Relative Path Overwrite(RPO). RPO exploits the way browsers interpret relative paths while importing CSS files into DOM (document object model). Hence this attack is also known as Path Relative Style sheet Import (PRSSI).

Relative Path -
<link href="database/xyz.css" rel="stylesheet" type="text/css"/>

Absolute Path -
<link href="https://example.com /database/xyz.css" rel="stylesheet" type="text/css"/>

Example: For example, if the document is loaded at https://example.com /database, then the CSS will be loaded from the path https://example.com /database/xyz.css in the case of a relative path. If a website has URL: https://example.com/index.html and they link the <link href=”resource/rpo.css” rel=”stylesheet” type=” text/CSS”/> given path in HTML file. 

In this scenario, if we visit https://example.com/index.html, then the website can import its CSS file through the given path. Still, if the attacker changes the URL to https://example.com /index.htm/random/payload, it will also work due to the flexible nature of server-side programming languages and web frameworks, but this time CSS does not load from the path given in html file. By adding the payloads at vulnerable endpoints, an attacker can control the CSS of a web application.

Is a USB an attack vector?

Yes USB can work as an attack vector as it can transfer viruses and malwares to the connected system.

How do attackers exploit attack vectors?

Hackers employ several attack vectors to exploit vulnerabilities of the systems, devices and networks, to gain access to the system or network and steal data from users.

How do firewalls defend against attack vectors?

Firewalls act as a barrier between trusted and untrusted networks, filtering incoming and outgoing traffic based on predefined security rules. Which help prevent unauthorized access, block malicious traffic, and monitor network activity for suspicious behavior.

How to prevent SQL injection attacks?

SQL injection attacks can be prevented by Using parameterized queries and prepared statements, Validating and sanitizing all user inputs, Employing web application firewalls (WAFs).