Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two concepts and establish a more mature security posture. Most simply, an attack vector is any means by which an attacker can infiltrate your environment, whereas attack surface refers to the collective vulnerability that these vectors create. Any point that allows data to pass into your application or network represents a potential attack vector. This also means that any system update or release could create new attack vectors. Rapid technological change means that some of these attack vectors will fall out of favor with hackers and become less common. This type of email originates from an attacker using a spoofed return address to appear legitimate and trustworthy. An attack like this is an example of a social engineering attack, which takes advantage of predictable or controllable human behavior to access personal information, credentials, and so on. Wireless attacksWireless attacks are a more recent attack vector. In the case of the latter, an attacker may be able to guess the password or use a disassociation attack to interrupt the user's Wi-Fi connection and then capture their reconnection-and, as a result, their encrypted password. If the password is weak or commonplace, an attacker could crack it in a relatively short amount of time. Once the network is penetrated, more attack vectors become available and the attack surface expands considerably. The attack surface is the collection of total attack vectors to your system. The larger the system you are trying to protect, the greater your attack surface becomes. It's virtually impossible to know the precise size of your attack surface because it requires a real-time awareness of available attack vectors, many of which remain hidden from view until exploited. This undetectable segment represents the "Zero-day" exploit category, which defines attack vectors that remain unknown and unpatched. Password requirementsWhile an individual password represents an attack vector, an application or website's password requirement comprises an attack surface. As many users rely on weak or easily guessable passwords, a malicious actor has an enormous surface that offers numerous potential entry points into your system. A well-postured portal will automatically check services like Have I Been Pwned to detect compromised passwords and use rate-limiting to prevent these attacks. Always-on softwareAnother attack surface is software-specifically, the always-on software used in servers. The more always-on components you have active, the greater your attack surface. Distributed infrastructureWithin hybrid architectures, the attack surface encompasses every physical machine and every cloud resource. Access management may control access to these resources, but the aggregate of their individual entry points vastly increases the size of the attack surface. A competent attacker may have already compromised one or more resources without affecting system functionality. As a result, the collection of less-noticeable vectors creates an especially vulnerable portion of your attack surface. The following is an example of a complete cybersecurity breach highlighting attack vectors operating against an attack surface. An attacker, Eve, walks into NewCompany's office one day and blends into the bustle of workers. In the above example, you can see the large attack surface of an open office space with no checkpoint controls. The attack vectors in this example are the methods Eve used to enter the office and the network, and these vectors comprise the attack surface-the unprotected network and unencrypted data on the server. Since attack surfaces can be large and unknown, defending against attacks used to require a variety of technologies cobbled together to ensure the broadest possible coverage. For cloud-based infrastructure, Cloud Sentry has been designed from the ground up to identify and remediate cloud-based risks that could be leveraged by attackers. Organizations don't always consider the increase in attack surface prompted by cloud migration. To address the least visible parts of your attack surface, there is Trend Vision One™, a powerful solution able to detect the most commonly overlooked threats against an attack surface. Many detection and response solutions only examine endpoints, which are traditional targets for attackers. As technology has progressed, so has attack methodology. Many other attack vectors have to be considered within the scope of modern infrastructure. Although "Attack vector" and "Attack surface" overlap, it's crucial to understand that your attack surface is the totality of attack vectors across your system. Without a clear understanding of the attack vectors that leave your systems vulnerable, you may overlook weaknesses in your organization's wider attack surface. Learning to spot existing vectors and discover new vectors is critical in maintaining a proper security posture. Implementing tools such as Trend Vision One and Trend Micro™ Cloud Sentry provide a more complete picture, granting you an automated defense both against today's most popular attack vectors and those that will be leveraged tomorrow.
This Cyber News was published on www.trendmicro.com. Publication date: Wed, 01 Feb 2023 23:40:03 +0000