Attack vector defined
An attack vector is the method or combination of methods that cybercriminals use to breach or infiltrate a victim’s network.
Adversaries typically develop an arsenal of attack vectors that they routinely use to carry out their attacks. Over time and with repeated use, these attack vectors can become virtual “calling cards” for cybercriminals or organized eCrime gangs, making it possible for threat intelligence analysts, cybersecurity service providers, law enforcement, and government agencies to assign an identity to different adversaries.
Recognizing and tracking an adversary’s attack vectors can help organizations better defend against existing or upcoming targeted attacks. In addition, knowing who is behind an attack — determined in part by their use of a signature attack vector — can help the organization understand the adversaries’ capabilities and take steps to protect the business and its assets in the future.
Attack vector vs attack surface vs threat vector vs threat actor
What is an attack surface?
An attack surface is the sum of all possible security risk exposures in an organization's environment. Put another way, it is the collective of all potential vulnerabilities (known and unknown) and controls across all hardware, software, network components, and people.
Attack surfaces can be categorized into three basic types:
- Digital attack surface: Encompasses the entire network and software environment of an organization. It can include applications, code, ports, and other entry and exit points.
- Physical attack surface: All of an organization’s infrastructure such as desktop systems, laptops, mobile devices, servers, access gates, telco infrastructure, and even electrical feeds.
- Social engineering attack surface: Attacks that exploit the human mind, used often in phishing, pretexting (smishing), vishing (voicemail), and other manipulative techniques to mislead the human
What is a threat vector?
Threat vector is a term used to describe the method a cybercriminal uses to gain initial access to a victim network or infrastructure. Threat vector is often used interchangeably with attack vector.
What is a threat actor?
A threat actor, also known as a malicious actor or digital adversary, is any person or organization that intentionally causes harm in the digital sphere. They exploit weaknesses in computers, networks, and systems to carry out disruptive attacks on individuals or organizations.
The term “threat actor” includes cybercriminals, but it is much broader. Ideologues such as hacktivists (hacker activists), terrorists, insiders, and even internet trolls are all considered threat actors.
Bart is Senior Product Marketing Manager of Threat Intelligence at CrowdStrike and holds +20 years of experience in threat monitoring, detection and intelligence. After starting his career as a network security operations analyst at a Belgian financial organization, Bart moved to the US East Coast to join multiple cybersecurity companies including 3Com/Tippingpoint, RSA Security, Symantec, McAfee, Venafi and FireEye-Mandiant, holding both product management, as well as product marketing roles.
