Threat Vector (Attack Vector)

The method an attacker uses to get access to the system

Common methods: email, SMS, phishing

embedded malware, e.g. javascript within an SVG image or within compressed zip file

vishing - voice phishing, calling

war dialing - looking for unpublished numbers

bluetooth is a vector

Hardware Addition Attack - plugging a physical device into a machine on the network and gaining access

• 802.1x (port based network access control) is important for protecting wireless networks to prevent this

Supply Chain - a third party vendor may have access to your systems temporarily

• happened to Target in 2013, hackers used the HVAC contractor's network to gain access to the payment/credit card system
• Counterfeit hardware may be an exampe of this, e.g., if some component is installed by a malicious party they may have access to the device communications