The 9 Top Cyber Attack Techniques & Vulnerabilities

Understanding the main attack methods and areas of vulnerability help organisations to improve levels of protection and business continuity. The nine main attack techniques are …

In one form or another, phishing is used in over 80% of successful cyber-attacks. Users are tricked into revealing sensitive information or unwittingly downloading malicious software which then permeates the corporate infrastructure. Tempting emails (and texts) encourage the clicking on weblinks or the downloading of attachments that contain the harmful malware. Phishing attacks are often speculative and involve the sending of mass emails and messages to large numbers of users. More focused attacks, known as spearphishing, target specific individuals, organisations, and industries. Phishing thrives on the vulnerabilities of human nature, taking advantage of our curiosity, greed, complacency and lack of awareness.

Spoofing / Identity Theft
Attackers will try to gain access to systems by using valid but stolen usernames and passwords. This often leads to password spraying, where the information is used across a variety of platforms and applications in the hope that the same login credentials are valid. If robust password and authentication policies are not in place, attackers gain easy access to corporate systems and information. 

Supply Chain Compromise
This attack method relies on targeting less secure elements in partner companies and the supply chain - by manipulating hardware, software, and delivery mechanisms. Compromise can happen at various points in the eco system, including development tools, source codes, and software distribution. Malware, delivered through software updates attacks numerous accounts.

Hardware Additions
This happens when an attacker introduces additional hardware, computers, accessories, or networking equipment into a system or environment through physical access to the organisation. A ‘back door’ with remote, unauthorised access to the infrastructure is created. Various commercial and open-source products and tactics can then further compromise an organisation, including passive network tapping and man-in-the-middle encryption breaking where an attacker intercepts communications between two parties.

Removable USBs & plug-in devices
Removable storage devices like USB memory sticks, when inserted into networked devices, are simple methods by which malware can be downloaded and introduced to systems through auto-run features. In common with downloaded dangerous attachments and weblinks - criminals load disguised malware onto the devices to manipulate data and modify systems. A tactic is to randomly place these USB devices around the perimeter of an organisation in the hope that curious employees plug them in and unknowingly facilitate the attack. 

Drive-By Compromise
This attack changes and manipulates a user’s browser to unknowingly force them to visit a website or location where malicious content is waiting to be downloaded to their device for onward infection across the enterprise. It’s hidden from the user and happens behind the scenes so they have no idea it’s happening. Typically, attackers compromise a website with malicious code, using attractive ads and other techniques to redirect users to a compromised part of a site.

External Remote Services
Exploitation of remote services such as VPNs, Citrix, and other access services that manage connections and user authentication credentials are targeted. Users connecting remotely to internal network services are rapidly increasing as our workstyle changes. Remote service gateways manage connection and authentication processes, and are targets for access hacking. There’s a direct overlap between this attack method and spoofing style identity theft techniques.

Exploiting Public-Facing Applications
In this example cyber criminals seek to maliciously exploit a bug, glitch, or design vulnerability in an internet-facing computer or application. Such platforms typically provide services to the public and allow access to internal networks. Access points are usually websites and attackers also target databases, network management systems, and web servers. In-house systems and cloud-based infrastructures with weak security are sought out by an increasing army of hackers.

Trusted Relationship
Granting third party access to internal systems is an obvious point of weakness that can be exploited by criminals. Third parties might include IT service providers, product suppliers, partner organisations and electrical contractors - including heating, ventilation and air conditioning systems. Network connectivity and security arrangements between partners and third parties are natural focus area for criminals seeking to exploit vulnerabilities.

Security experts like Sure, with an end to end portfolio of logical security services protect organisations of all sizes from malicious attacks.  Cybersecurity is complex, multi-layered, and continuously evolving - and a company’s very existence can be threatened by an attack.

Related articles

Ai Image Websire v2

Innovation or a vulnerability: Is AI a threat to Cybersecurity?

We spoke to two of our professional services consultants, Grant Mossman and Malcolm Mason, and asked what their opinion on the rapid evolution of AI was and if this poses a threat to cybersecurity.

Mike Q Article banner v2

Co-Managed IT: Why partnering with an IT service provider makes perfect sense

Our Professional Services Consultant Michael Quittenden shares why co-managing your IT services could be the perfect solution for you and your business.

358X420 People on mobile 1

Best Practice Technology Guide for small, medium and start-up businesses

A best practise guide to the core technology areas that small, medium and start up businesses should consider.

Contact us to find out how we can help you
and your business today

Contact us

Further Insights

Paula Thomas Web v2

New Head of Enterprise Sales in Jersey

Paula Thomas has been appointed as the new Head of Enterprise Sales in Jersey.

Ai Image Websire v2

Innovation or a vulnerability: Is AI a threat to Cybersecurity?

We spoke to two of our professional services consultants, Grant Mossman and Malcolm Mason, and asked what their opinion on the rapid evolution of AI was and if this poses a threat to cybersecurity.

Chertesey house main image v2

Getting to the root of good connectivity with Chertsey House

With Sure Business's expert help, Chertsey House can concentrate on delivering first-class healthcare with efficiency, confident in the knowledge that their IT is taken care of. Read more to learn how we supported Chertsey with their technology needs.