upgrade
upgrade

🔒Cybersecurity and Cryptography

Common Cyber Attack Vectors

Study smarter with Fiveable

Get study guides, practice questions, and cheatsheets for all your subjects. Join 500,000+ students with a 96% pass rate.

Get Started

Why This Matters

Cyber attack vectors represent the pathways and techniques adversaries use to breach systems, steal data, and disrupt operations. Understanding these vectors isn't just about memorizing a list of threats—you're being tested on your ability to recognize how attacks exploit specific vulnerabilities, why certain defenses work against particular threats, and how different attack types relate to core cryptographic and security principles like confidentiality, integrity, and availability.

Each attack vector in this guide demonstrates a fundamental security concept: some exploit human psychology, others target software flaws, and still others undermine network communications. When you encounter these on an exam, don't just identify the attack—connect it to the underlying vulnerability it exploits and the defensive mechanisms that counter it. That's where the real points are.

Social Manipulation Attacks

These attacks target the weakest link in any security system: humans. Rather than breaking encryption or exploiting code vulnerabilities, attackers manipulate people into voluntarily surrendering credentials or access.

Phishing

  • Impersonation of trusted entities—attackers craft emails, messages, or websites that mimic legitimate organizations to harvest credentials
  • Primary delivery mechanisms include email spoofing, clone websites, and SMS messages (smishing), all designed to create urgency or fear
  • Consequences span the CIA triad: compromised confidentiality through stolen credentials, potential integrity violations, and downstream access to protected systems

Social Engineering

  • Psychological manipulation exploits trust, authority, and urgency to bypass technical security controls entirely
  • Key techniques include pretexting (fabricated scenarios), baiting (malicious USB drops), and tailgating (physical access through following authorized personnel)
  • Defense requires human-layer security—awareness training and verification protocols, since no firewall can block a convincing phone call

Compare: Phishing vs. Social Engineering—phishing is actually a subset of social engineering, specifically using digital communications. Broader social engineering includes in-person manipulation and voice calls (vishing). If an exam asks about attacks that bypass technical controls entirely, both qualify.

Malicious Software Attacks

Malware represents code designed to compromise system confidentiality, integrity, or availability. Each malware type has distinct infection vectors and objectives, making classification essential for defense.

Malware

  • Umbrella term covering viruses (require host files), worms (self-propagating), trojans (disguised as legitimate software), and spyware (surveillance-focused)
  • Delivery vectors include infected downloads, malicious email attachments, drive-by downloads from compromised websites, and removable media
  • Impact varies by type: data exfiltration, system damage, resource hijacking for botnets, or establishing persistent backdoor access

Ransomware

  • Encryption-based extortion—malware encrypts victim files using strong cryptographic algorithms, demanding payment for decryption keys
  • Propagation methods mirror general malware: phishing emails, exploit kits, and RDP brute-forcing are common initial access vectors
  • Defense-in-depth required: offline backups, network segmentation, and endpoint detection—paying ransoms doesn't guarantee decryption and funds criminal operations

Compare: Ransomware vs. Other Malware—ransomware is technically a malware subtype, but its explicit monetization model and reliance on cryptographic encryption make it distinct. Exam questions may ask which attack type directly weaponizes cryptography against victims.

Network and Communication Attacks

These attacks target data in transit, exploiting weaknesses in network protocols or overwhelming system resources. Cryptographic protections like TLS/HTTPS directly counter interception attacks, while availability attacks require infrastructure-level defenses.

Man-in-the-Middle (MitM) Attacks

  • Interception and relay—attacker positions themselves between two communicating parties, capturing or modifying traffic without detection
  • Common scenarios include unsecured Wi-Fi networks, ARP spoofing on local networks, and DNS hijacking redirecting traffic through attacker-controlled servers
  • Cryptographic defenses are essential: HTTPS/TLS encryption, certificate pinning, and mutual authentication prevent successful interception

Distributed Denial of Service (DDoS)

  • Availability attacks flood targets with traffic from multiple sources, exhausting bandwidth, processing power, or connection capacity
  • Botnet infrastructure—networks of compromised devices (zombies) coordinate attacks, making source blocking ineffective
  • Targets the "A" in CIA triad: no data is stolen, but service disruption causes financial loss, reputational damage, and potential cover for other attacks

Compare: MitM vs. DDoS—both are network-layer attacks, but they target different CIA principles. MitM compromises confidentiality and integrity of communications; DDoS attacks availability without accessing data. Defense strategies differ entirely: encryption for MitM, traffic filtering and redundancy for DDoS.

Application-Layer Exploits

These attacks target vulnerabilities in software code, particularly web applications that process user input. The core principle: never trust user input without validation and sanitization.

SQL Injection

  • Code injection via input fields—attackers insert malicious SQL queries through forms, URLs, or cookies that interact with backend databases
  • Impact ranges from data theft to complete compromise: attackers can read, modify, or delete database contents, bypass authentication, or execute system commands
  • Primary defenses include parameterized queries (prepared statements), input validation, least-privilege database accounts, and web application firewalls

Cross-Site Scripting (XSS)

  • Client-side script injection—malicious JavaScript executes in victims' browsers when they visit compromised or vulnerable web pages
  • Attack variants include stored XSS (persistent in database), reflected XSS (via malicious links), and DOM-based XSS (client-side manipulation)
  • Consequences include session hijacking through cookie theft, credential harvesting via fake login forms, and malware distribution through redirects

Compare: SQL Injection vs. XSS—both are injection attacks exploiting insufficient input validation, but they target different layers. SQLi attacks the server-side database; XSS attacks client-side browsers. Input sanitization helps both, but SQLi specifically requires parameterized queries while XSS requires output encoding and Content Security Policies.

Credential and Access Attacks

These attacks focus on obtaining or bypassing authentication mechanisms. Strong authentication practices—complex passwords, MFA, and rate limiting—form the primary defense layer.

Password Attacks

  • Credential compromise techniques include brute force (exhaustive guessing), dictionary attacks (common password lists), and credential stuffing (reusing breached credentials)
  • Success factors depend on password complexity, hashing algorithms used for storage, and presence of rate limiting or account lockout policies
  • Layered defenses required: strong password policies, multi-factor authentication (MFA), salted hashing (bcrypt/Argon2), and monitoring for anomalous login patterns

Zero-Day Exploits

  • Unknown vulnerability exploitation—attacks target security flaws before vendors discover them or release patches, leaving no defensive signature available
  • High value in threat landscape: zero-days command premium prices on black markets because traditional defenses (antivirus signatures, IDS rules) cannot detect them
  • Mitigation is indirect: defense-in-depth, behavioral analysis, application sandboxing, and rapid patch deployment once vulnerabilities become known

Compare: Password Attacks vs. Zero-Day Exploits—password attacks exploit weak user practices and are largely preventable through policy enforcement. Zero-days exploit unknown software flaws and require proactive security architecture since specific defenses don't exist yet. Both bypass normal security controls but through fundamentally different mechanisms.

Quick Reference Table

ConceptBest Examples
Human-targeted attacksPhishing, Social Engineering
Malicious codeMalware, Ransomware
Confidentiality attacksMitM, SQL Injection, XSS, Password Attacks
Availability attacksDDoS
Injection vulnerabilitiesSQL Injection, XSS
Cryptography-relatedMitM (defeated by), Ransomware (weaponizes)
Unknown/unpatched vulnerabilitiesZero-Day Exploits
Authentication bypassPassword Attacks, SQL Injection, Phishing

Self-Check Questions

  1. Which two attack vectors specifically exploit insufficient input validation in web applications, and how do their targets differ?

  2. Compare and contrast how MitM attacks and ransomware relate to cryptography—one is defeated by it, the other weaponizes it. Explain both relationships.

  3. If an exam question asks which attacks target the "availability" component of the CIA triad, which attack vector is your strongest example, and why don't data-theft attacks qualify?

  4. A company implements multi-factor authentication and strong password policies. Which attack vectors does this defend against, and which remain unaffected?

  5. Explain why phishing is considered a subset of social engineering, and identify a social engineering technique that doesn't involve digital communications.