Describe the threat landscape

  • 7 minutes

You've now learned about cyberattacks, cybercriminals, and cybersecurity. But you'll also need to understand the means cybercriminals can use to carry out attacks and achieve their aims. To do this, you'll learn about concepts like the threat landscape, attack vectors, security breaches, and more.

What is the threat landscape?

Whether an organization is big or small, the entirety of the digital landscape with which it interacts represents an entry point for a cyberattack. These can include:

  • Email accounts
  • Social media accounts
  • Mobile devices
  • The organization's technology infrastructure
  • Cloud services
  • People

Collectively, these are referred to as the threat landscape. Notice that the threat landscape can cover more than just computers and mobile phones. It can include any elements that are owned or managed by an organization, or some that are not. As you'll learn next, criminals will use any means they can to mount and carry out an attack.

What are attack vectors?

An attack vector is an entry point or route for an attacker to gain access to a system.

Diagram showing eight of the most common attack vectors: Email, Social Media, Removable Devices, Browsers, Cloud Services, Insiders, Devices, and Wireless.

Email is perhaps the most common attack vector. Cybercriminals will send seemingly legitimate emails that result in users taking action. This might include downloading a file, or selecting a link that will compromise their device. Another common attack vector is through wireless networks. Bad actors will often tap into unsecured wireless networks at airports or coffee shops, looking for vulnerabilities in the devices of users who access the wireless network. Monitoring social media accounts, or even accessing devices that are left unsecured, are other commonly used routes for cyberattacks. However, you should know that attackers don’t need to rely on any of these. They can use a variety of less obvious attack vectors. Here are some examples:

  • Removable media. An attacker can use media such as USB drives, smart cables, storage cards, and more to compromise a device. For example, attackers might load malicious code into USB devices that are subsequently provided to users as a free gift, or left in public spaces to be found. When they're plugged in, the damage is done.
  • Browser. Attackers can use malicious websites or browser extensions to get users to download malicious software on their devices, or change a user's browser settings. The device can then become compromised, providing an entry point to the wider system or network.
  • Cloud services. Organizations rely more and more on cloud services for day-to-day business and processes. Attackers can compromise poorly secured resources or services in the cloud. For example, an attacker could compromise an account in a cloud service, and gain control of any resources or services accessible to that account. They could also gain access to another account with even more permissions.
  • Insiders. The employees of an organization can serve as an attack vector in a cyberattack, whether intentionally or not. An employee might become the victim of a cybercriminal who impersonates them as a person of authority to gain unauthorized access to a system. This is a form of social engineering attack. In this scenario, the employee serves as an unintentional attack vector. In some cases, however, an employee with authorized access may use it to intentionally steal or cause harm.

What are security breaches?

Any attack that results in someone gaining unauthorized access to devices, services, or networks is considered a security breach. Imagine a security breach as similar to a break-in where an intruder (attacker) successfully breaks into a building (a device, application, or network).

Security breaches come in different forms, including the following:

Social engineering attacks

It is common to think about security breaches as exploiting some flaw or vulnerability in a technology service or piece of equipment. Likewise, you might believe that security breaches only happen because of vulnerabilities in technology. But that’s not the case. Attackers can use social engineering attacks to exploit or manipulate users into granting them unauthorized access to a system.

In social engineering, impersonation attacks happen when an unauthorized user (the attacker), aims to gain the trust of an authorized user by posing as a person of authority to access a system from some nefarious activity. For example, a cybercriminal might pretend to be a support engineer to trick a user into revealing their password to access an organization’s systems.

Browser attacks

Whether on a desktop, laptop, or phone, browsers are an important access tool for the internet. Security vulnerabilities in a browser can have a significant impact because of their pervasiveness. For example, suppose a user is working on an important project with a looming deadline. They want to figure out how to solve a particular problem for their project. They find a website that they believe will provide a solution.

The website asks the user to make some changes to their browser settings so they can install an add-on. The user follows the instructions on the website. Unknown to them, the browser is now compromised. This is a browser modifier attack, one of many different types used by cybercriminals. An attacker can now use the browser to steal information, monitor user behavior, or compromise a device.

Password attacks

A password attack is when someone attempts to use authentication for a password-protected account to gain unauthorized access to a device or system. Attackers often use software to speed up the process of cracking and guessing passwords. For example, suppose an attacker has somehow discovered someone's username for their work account.

The attacker then tries a vast number of possible password combinations to access the user’s account. The password only has to be correct once for the attacker to get access. This is known as a brute force attack and is one of many ways in which a cybercriminal can use password attacks.

What are data breaches?

A data breach is when an attacker successfully gains access or control of data. Using the intruder example, this would be similar to that person getting access to, or stealing, vital documents and information inside the building:

Image showing a thief running from an office building.

When an attacker achieves a security breach, they'll often want to target data, because it represents vital information. Poor data security can lead to an attacker gaining access and control of data. This can lead to serious consequences for the victim, whether that is a person, organization, or even a government. This is because the victim's data could be abused in many ways. For example, it can be held as ransom or used to cause financial or reputational harm.