Threat actors use compromised credentials to breach applications, systems, devices, and networks. They actively try to compromise credentials through various techniques. For example, phishing attacks may trick users into divulging their credentials. A brute-force attack attempts different username-password combinations to find a real set of credentials.
Phishing is one of the most widely used attack vectors. This attack vector relies on social engineering techniques to trick users into downloading malicious files, clicking on malicious links, or revealing sensitive information. Threat actors use it for various purposes, such as obtaining credentials, launching ransomware attacks, and stealing financial information.
Malicious software (malware) serves as an attack vector that helps threat actors steal data, breach systems, and perform malicious tasks. Most malware is designed to achieve specific objectives. For example, ransomware encrypts files and demands a ransom in return for encryption keys, and spyware spies on users and sends this information to the actor.
Insider threats act from within the organization as authorized users. It can be an employee that unintentionally reveals confidential information, like credentials, to a social engineering actor. There are also malicious threat actors—employees or ex-employees who deliberately abuse their privileges to perform unauthorized activities. For example, an ex-employee whose privileges were not revoked can steal trade secrets and delete those files.
A vulnerability is a flaw that threat actors can exploit to launch attacks on software or hardware. There are two main types of vulnerabilities—known vulnerabilities disclosed to the public and zero-day vulnerabilities that are unknown vectors. Threat actors use both types to launch attacks, but zero-day vulnerabilities are considered more lucrative as they give actors more time to attack before anyone knows of their activities.
Structured Query Language (SQL) is a programming language that enables communication with databases. Many servers storing sensitive data rely on SQL to manage the data. An SQL injection is an attack vector that injects malicious SQL to make the server expose information.
A successful SQL injection targeting databases storing credit card numbers, personally identifiable information (PII), or credentials is a compliance violation that threatens not only users, but also the business that owns the database and the software vendor managing it.