Attack Vector

By definition, an Attack Vector is a method or technique that a hacker uses to

gain access to another computing device or network in order to inject a “bad code”
often called payload. This vector helps hackers to exploit system vulnerabilities.
Many of these attack vectors take advantage of the human element as it is the
weakest point of this system. Following is the schematic representation of the
attack vectors process which can be many at the same time used by a hacker.

Some of the mobile attack vectors are −

 Malware
o Virus and Rootkit
o Application modification
o OS modification
 Data Exfiltration
o Data leaves the organization
o Print screen
o Copy to USB and backup loss
 Data Tampering
o Modification by another application
o Undetected tamper attempts
o Jail-broken devices
 Data Loss
o Device loss
o Unauthorized device access
o Application vulnerabilities

Consequences of Attack Vectors

Attack vectors is the hacking process as explained and it is successful, following is
the impact on your mobile devices.
 Losing your data − If your mobile device has been hacked, or a virus
introduced, then all your stored data is lost and taken by the attacker.
 Bad use of your mobile resources − which means that your network or
mobile device can go in overload so you are unable to access your genuine
services. In worse scenarios, to be used by the hacker to attach another
machine or network.
 Reputation loss − In case your Face book account or business email account
is hacked, the hacker can send fake messages to your friends, business
partners and other contacts. This might damage your reputation.
 Identity theft − There can be a case of identity theft such as photo, name,
address, credit card, etc. and the same can be used for a crime.

The increased use of mobile technology in business, combined with the Bring Your
Own Device (BYOD) trend, means that businesses can’t neglect mobile device
security. There are many sources of risk to information security that come with the
use of cell phones, tablets, and other mobile devices.

Top Mobile Device Information Security Risks

1. Unsafe apps. Although the mobile phone vendors try to ensure app security
through requiring apps to be signed to be downloaded from the official app
stores, misuse of certificates means that even apps downloaded from vendor
stores or enterprise sites aren’t guaranteed to be free from malware. Even
legitimate apps often request more permission than needed to perform their
function, which can expose more data than necessary.

2. Unsafe operating systems. Large numbers of mobile devices are not kept up

to date with operating system releases. Out of date operating systems mean
devices are vulnerable to security threats that are patched in the later
versions.

3. Unsafe devices. When users jailbreak or root devices, they work around the
built-in restrictions of the device. While users feel that jail breaking gives
them freedom and more access to the device’s capabilities, jail breaking also
eliminates many controls that provide security.
 4. Unsafe connections. Users often rely on public Wi-Fi to stay connected
when they work outside the office. These unsecured Wi-Fi networks can
allow malware to be installed on devices or eavesdroppers to intercept data.

5. Lost devices. Portable devices are easily lost or stolen. When an employee

loses physical control of their mobile device, they also lose control of the
data on that device. If the device isn’t appropriately protected with
passwords and encryption, any data on that device may be exposed.

6. Uncontrollable users. No matter how well you publicize your safe mobile
computing policies, there will be employees who find them too inconvenient
to follow. Organizations need tools to enforce policies rather than relying on
employees’ good will.

7. Lack of monitoring. The large number of mobile devices used in an

organization makes monitoring and managing them difficult. It isn’t easy to
understand the status of all mobile devices, users, and applications at a
glance.

8. Variety of devices. There’s no single standard for mobile devices, especially

when you allow BYOD rather than supplying the devices. Because of the
variety of devices and operating systems, it’s difficult to apply controls
consistently to ensure the safety of all of them.

Types of Wireless and Mobile Device Attacks

SMiShing

With the widespread usage of cellphones, smishing has grown more prevalent.
Short Message Service (SMS) is used by SMiShing to transmit fraudulent text
messages or links. By calling, the crooks deceive the user. Victims may provide
sensitive information like credit card numbers, account numbers, and so on. When
a user visits a website, he or she may unwittingly download malware that infects
the device.
War Driving

War driving is a method employed by attackers to locate entrance points wherever

they are. They may drive about and acquire a massive quantity of information in a
short period of time because of the availability of free Wi-Fi.

WEP attack

WEP is a security standard that attempts to offer the same level of protection for a
wireless local area network as it does for a wired LAN. WEP aims to offer
comparable protection for data transferred through WLAN using encryption, as
physical security measures assist to secure a wired LAN.

WEP encrypts data with a key. With Wired Equivalent Privacy, there is no
provision for key management, therefore the number of persons sharing the key
will continue to rise. The criminal has access to a big volume of traffic for analytic
assaults because everyone is using the same key.

WPA attack

Wi-Fi Protected Access (WPA) and subsequently WPA2 were developed to

replace WEP as better technologies. Because an attacker cannot recover the key by
observing traffic, WPA2 does not have the same encryption issues. Because cyber
thieves may examine the packets sent between the access point and an authorized
user, WPA2 is vulnerable to attack.

Bluejacking

Bluetooth is a high-speed, short-range wireless technology that allows data to be

exchanged between desktop and mobile computers and other devices.

Replay attack

An attacker spies on information being transmitted between a sender and a

recipient in a replay attack. Once the attacker has spied on the data, he or she can
intercept it and retransmit it, causing data transmission to be delayed. Playback
assault is another name for it.
Bluesnarfing

When an attacker steals the victim's information from his device, this is known as
bluesnarfing. An attacker can gain access to a user's calendar, contact list, e-mail,
and SMS messages without leaving any trace of the intrusion.

RF Jamming

Electromagnetic and radio-frequency interference can interfere with wireless

transmissions. Radio Frequency (RF) jamming distorts a satellite station's
broadcast, preventing the signal from reaching the receiving station.

A network attack is an attempt to gain unauthorized access to an

organization’s network, with the objective of stealing data or perform other
malicious activity. There are two main types of network attacks:

 Passive: Attackers gain access to a network and can monitor or steal sensitive

information, but without making any change to the data, leaving it intact.
 Active: Attackers not only gain unauthorized access but also modify data,
either deleting, encrypting or otherwise harming it.

We distinguish network attacks from several other types of attacks:

 Endpoint attacks—gaining unauthorized access to user devices, servers or

other endpoints, typically compromising them by infecting them with
malware.
 Malware attacks—infecting IT resources with malware, allowing attackers to
compromise systems, steal data and do damage. These also include
ransomware attacks.
 Vulnerabilities, exploits and attacks—exploiting vulnerabilities in software
used in the organization, to gain unauthorized access, compromise or
sabotage systems.
 Advanced persistent threats—these are complex multilayered threats, which
include network attacks but also other attack types.
In a network attack, attackers are focused on penetrating the corporate
network perimeter and gaining access to internal systems. Very often, once
inside attackers will combine other types of attacks, for example
compromising an endpoint, spreading malware or exploiting a vulnerability
in a system within the network.

Common Types of Network Attacks

Following are common threat vectors attackers can use to penetrate your network.

1. Unauthorized access
Unauthorized access refers to attackers accessing a network without receiving
permission. Among the causes of unauthorized access attacks are weak passwords,
lacking protection against social engineering, previously compromised accounts,
and insider threats.

2. Distributed Denial of Service (DDoS) attacks

Attackers build botnets, large fleets of compromised devices, and use them to
direct false traffic at your network or servers. DDoS can occur at the network level,
for example by sending huge volumes of SYN/ACC packets which can overwhelm
a server, or at the application level, for example by performing complex SQL
queries that bring a database to its knees.

3. Man in the middle attacks

A man in the middle attack involves attackers intercepting traffic, either between
your network and external sites or within your network. If communication
protocols are not secured or attackers find a way to circumvent that security, they
can steal data that is being transmitted, obtain user credentials and hijack their
sessions.

4. Code and SQL injection attacks

Many websites accept user inputs and fail to validate and sanitize those inputs.
Attackers can then fill out a form or make an API call, passing malicious code
instead of the expected data values. The code is executed on the server and allows
attackers to compromise it.

5. Privilege escalation
Once attackers penetrate your network, they can use privilege escalation to expand
their reach. Horizontal privilege escalation involves attackers gaining access to
additional, adjacent systems, and vertical escalation means attackers gain a higher
level of privileges for the same systems.

6. Insider threats
A network is especially vulnerable to malicious insiders, who already have
privileged access to organizational systems. Insider threats can be difficult to
detect and protect against, because insiders do not need to penetrate the network in
order to do harm. New technologies like User and Even Behavioral Analytics
(UEBA) can help identify suspicious or anomalous behavior by internal users,
which can help identify insider attacks.