Common Attack Vectors
Attack vectors are the methods that adversaries use to breach or infiltrate your networks and applications. Attack vectors take many different forms, ranging from malware and ransomware to man-in-the-middle attacks, compromised credentials, and phishing. Some attack vectors target weaknesses in your IT and systems infrastructure; others target weaknesses in the humans that have access to your network and applications.
Common attack vectors identified by SecApps Scout include:
- Compromised credentials
- Unauthorized access due to insecure software defaults or inadequate configuration
- Software exploitation due to outdated software eversions
- Unauthorized access due to secrets disclosure
- 2FA bypass
- Disclosure of sensitive information such as the public listing of buckets and other resources
Compromised credentials are one of the most common sources of security incidents. Due to the rise in automated attacks, brute force and dictionary-based attacks are on the rise, particularly against cloud services (IaS and SaaS).
Credential compromise often results in the compromise of multiple accounts, allowing unauthorized access to multiple services and resources.
Insecure software defaults
Security incidents often stem from insecure software defaults or inadequate configuration. This may be due to software not being patched or updated or not configured according to best security practice.
Exploitation of software vulnerabilities is an area of growing concern for organizations. Often, software is not patched in a timely manner, increasing the likelihood of being compromised. Software vulnerabilities also present an attacker with an opportunity to escalate their privileges and increase their access to sensitive data.
Inadequate control of secrets such as API tokens, keys and passwords can compromise access to cloud applications and resources, as well as to the underlying infrastructure itself.
SecApps Scout can help identify whether your cloud applications are vulnerable to 2FA bypass. This is a common misconfiguration that is often left undetected.
Disclosure of sensitive information
Some cloud applications have a public-facing listing of resources. These resources may contain customer data, trade secrets, personally identifiable information (PII), or intellectual property that can be used to perform social engineering attacks on your organization.