Attack Vector
What is Attack Vector?
Attack VectorSpecific path or technique an attacker uses to gain unauthorized access to a target, such as phishing, exploit of a CVE, or stolen credentials.
An attack vector is the concrete route an adversary takes to breach a target: phishing email, exposed RDP, exploited public-facing CVE, leaked credential reused on another service, supply-chain dependency, malicious USB, or insider misuse. The MITRE ATT&CK framework groups vectors as Initial Access techniques such as T1566 (phishing), T1190 (exploit public-facing application), or T1078 (valid accounts). Defenders use attack-vector analysis to map threats to controls: MFA blocks credential-reuse vectors, EDR catches malware delivery, secure email gateways filter phishing, and patching shrinks exposure to exploit-based vectors. Reducing attack vectors is a direct way to shrink the attack surface.
● Examples
- 01
Initial access via an unpatched VPN appliance CVE (T1190).
- 02
Phishing attachment delivering a banking trojan (T1566.001).
● Frequently asked questions
What is Attack Vector?
Specific path or technique an attacker uses to gain unauthorized access to a target, such as phishing, exploit of a CVE, or stolen credentials. It belongs to the Compliance & Frameworks category of cybersecurity.
What does Attack Vector mean?
Specific path or technique an attacker uses to gain unauthorized access to a target, such as phishing, exploit of a CVE, or stolen credentials.
How do you defend against Attack Vector?
Defences for Attack Vector typically combine technical controls and operational practices, as detailed in the full definition above.