Skip to content

Cybersecurity: Types of Threat Vectors

cyber-threat

What is a Threat Vector?

A threat vector is the mean a threat actor uses to compromise a computer system. It is also called attack vector. A threat actor is someone or organization trying to gain an unauthorized access to a user's computer system.

Common Types of Threat Vectors

Social Engineering

In social engineering attacks, the threat actor manipulates the user to gain unauthorized access to information and assets. In this case, the user is the vulnerability rather than the system. The attacker exploits the user's trust or fear to accomplish their forfeiture. Their are many types of social engineering:

Phishing

Phishing attacks involve sending the user a malicious link or attachment in order to infect their device. The link/file can be sent via Email, SMS, or IM and requires the participation of the user to compromise their computer system.

Spear Phishing

Spear phishing is a phishing attack designed for a specific target.

Pretexting

Pretexting is when the threat actor invents a story and convinces a user to provide access or information they shouldn't have gotten in normal circumstances. In this type of attack, threat actor often use credible tone or story to convince the user.

Piggybacking or Tailgating

Tailgating or piggybacking is when a threat actor follows an authorized person into a restricted area. An area they don't have the permission to be.

Quid pro quo

In a quid pro quo attack, the threat actor offers the user a service in exchange for access, credentials, or information. For example, Hey Sam, this is John from the IT department. I notice your internet connection is getting supper slow. Could you quickly read me the information on the router. I will stay on the line.

Malicious Websites

Threat actors can host malicious content on legitimate but compromised websites in order to infect user systems. Users who access or download the content infect their system in process.

Snooping

Snooping is the unauthorized observation or capture of data by a threat actor for a eventual use. For example, observing a user type their password, reading user screen without their knowledge, illegally intercepting network traffic, and more.

Shoulder surfing a type of snooping. It only involves watching user type private information such as passwords.

SPAM

Spamming is the sending of unsolicited junk emails in bulk.

Conclusion

There are certainly other types of threat vectors, but for now that is what we can retain. I will keep updating this post as I progress in my cybersecurity journey.

Thank you for stopping by