3. Security Threats and Attack Vectors

“In this article, we will see some Threats and Attack Vectors which are affecting low to high-level security levels.”

There are various categories of Information security threats, such as network threats, host threats, and application threats, and various attack vectors, such as viruses, worms, botnets, that might affect an organization’s information security.

This section Introduces you to the motives, goals, and objectives of Information security attacks, top Information security attack vectors, Information security threat categories, and the types of attacks on a system.

Also Read: Information Security Overview

Motives, Goals, and Objectives of Information Security Attacks

Attackers generally have motives (goals), and objectives behind information security attacks. A motive originates out of the notion that a target system stores or processes something valuable, which leads to the threat of an attack on the system.

The purpose of the attack may be to disrupt the target organization’s business operations, to steal valuable information for the sake of curiosity, or even to exact revenge.

Therefore, these motives or goals depend on the attacker’s state of mind, his/her reason for carrying out such an activity, as well as his/her resources and capabilities.

Once the attacker determines his/her goal, he/she can employ various tools, attack techniques, and methods to exploit vulnerabilities in a computer system or security policy and controls.

Attacks = Motive (Goal) + Method + Vulnerability

Also Read: The Security Triangle (Security Model)

Top Information Security Attack Vectors

• Cloud Computing Threats
• Advanced Persistent Threats (APT)
• Viruses and Worms
• Ransomware
• Mobile Threats
• Botnet
• Insider Attack
• Phishing
• Web Application Threats
• IoT Threats

Information Security Threats are categories in mainly in three types of information security threats

• Network Threats
• Host Threats
• Application Threats

Network Threats: A network is the collection of computers and other hardware connected by communication channels to share resources and information.

• Information gathering
• Sniffing and eavesdropping
• Spoofing
• Session hijacking
• Man-in-the-Middle attack
• DNS and ARP poisoning
• Password-based attacks
• Denial-of-Service attack
• Compromised-key attack
• Firewall and IDS attack

Also Read: What Is Honeypot? Trap For Hackers !!

Host Threats: Host threats target a particular system on which valuable information resides. Attackers try to breach the security of the information system resource.

• Malware attacks
• Profiling
• Footprinting
• Password attacks
• Dental-Of-Service attacks
• Arbitrary code execution
• Backdoor attacks
• Unauthorized access
• Physical security threats

Application Threats: Applications can be vulnerable if proper security measures are not taken while developing, deploying, and maintaining them. Attackers exploit the vulnerabilities present in an application to steal or destroy data.

• Improper data/Input validation
• Hidden-field manipulation
• Authentication and authorization
• Broken session management attacks
• Buffer overflow issues
• Security misconfiguration
• Improper error handling and exception disclosure
• Cryptography attacks
• SQL Injection
• Phishing

Also Read: Hack Phone Calls, Whatsapp to read messages without touching the user phone(SS7)2019

Note: If you need more information in dept about any term you can comment below we will help you soon.