Describe the threat landscape
Cybercriminals will exploit any advantage they can find to bypass your security and infiltrate your computers and networks. To understand the ways in which cybercriminals carry out attacks, you'll first need to learn about concepts like attack vectors and threat landscapes.
What is a threat landscape?
A threat landscape represents all current cybersecurity threats and possible attacks that an organization or an individual could be exposed to. It's broadly defined by the state of an organization or individual's cybersecurity, how valuable the data in an organization or industry sector is, and the current flavor of malware used by cybercriminals.
For example, suppose the staff in an organization moves to hybrid or remote working. In that case, the organization could see a shift in its threat landscape as more cybercriminals target remote-access tools.
Factors that can influence a shift in the threat landscape include:
- New software releases or upgrades.
- New hardware and devices.
- Exploitable vulnerabilities discovered by cybercriminals in existing software and hardware.
- A mass change in the way people and businesses work and engage with each other.
Because of these factors, the threat landscape is in a constant state of flux.
What is an attack vector?
An attack vector is a method used by a cybercriminal to try and gain access to your network, computer, or device to exploit a system vulnerability. A cybercriminal will use many different attack vectors to expose and take advantage of system weaknesses, typically leading to a loss of data and, more recently, the installation of ransomware.
An attack vector may be exploited automatically, manually, or through both types of activity. It's often a multi-step process.
Attack vectors have changed over the years in response to improvements in the overall security of the technology we use on a day-to-day basis. In the early days of cybercrime, when networks were small, the most used attack vector was to get malware onto a target device by downloading software from a malicious website or a disk. The intention was to obtain data and cause disruption. While present at that time, ransomware wasn't a common attack vector.
With the rapid growth of the internet and the widespread uptake of broadband, more and more devices are now connected by one network or another. Nowadays, there are better and more profitable attack vectors available, ranging from phishing to denial-of-service. With almost every device able to seamlessly connect with the internet, ransomware is now a significant attack vector.
Some of the common attack vectors identified in 2021 include email links and attachments, ransomware, malware, phishing, denial of service, and social engineering.
Ransomware
Ransomware aims to make your computer or your data inaccessible unless you pay a hefty ransom to the cybercriminal. Once payment is received, the computer or data is unlocked and restored in most cases.
Phishing
Phishing is among the most commonly used forms of cyberattacks. It relies on the recipient of the message being tricked into taking action or steps that seem innocuous and safe on the surface. It can take the form of a security warning or alert from a seemingly trusted source and will usually have a time limit or urgency.
Malware
Malware is designed to intentionally harm your computer, networks, and servers. It's used to deliver viruses, worms, and even ransomware. Malware usually gets into your systems through an email attack, like phishing, but can come from other sources.