Attack Vector
What is Attack Vector?
Attack VectorSpecific path or technique an attacker uses to gain unauthorized access to a target, such as phishing, exploit of a CVE, or stolen credentials.
An attack vector is the concrete route an adversary takes to breach a target: phishing email, exposed RDP, exploited public-facing CVE, leaked credential reused on another service, supply-chain dependency, malicious USB, or insider misuse. The MITRE ATT&CK framework groups vectors as Initial Access techniques such as T1566 (phishing), T1190 (exploit public-facing application), or T1078 (valid accounts). Defenders use attack-vector analysis to map threats to controls: MFA blocks credential-reuse vectors, EDR catches malware delivery, secure email gateways filter phishing, and patching shrinks exposure to exploit-based vectors. Reducing attack vectors is a direct way to shrink the attack surface.
● Examples
- 01
Initial access via an unpatched VPN appliance CVE (T1190).
- 02
Phishing attachment delivering a banking trojan (T1566.001).
● Frequently asked questions
What is Attack Vector?
Specific path or technique an attacker uses to gain unauthorized access to a target, such as phishing, exploit of a CVE, or stolen credentials. It belongs to the Compliance & Frameworks category of cybersecurity.
What does Attack Vector mean?
Specific path or technique an attacker uses to gain unauthorized access to a target, such as phishing, exploit of a CVE, or stolen credentials.
How does Attack Vector work?
An attack vector is the concrete route an adversary takes to breach a target: phishing email, exposed RDP, exploited public-facing CVE, leaked credential reused on another service, supply-chain dependency, malicious USB, or insider misuse. The MITRE ATT&CK framework groups vectors as Initial Access techniques such as T1566 (phishing), T1190 (exploit public-facing application), or T1078 (valid accounts). Defenders use attack-vector analysis to map threats to controls: MFA blocks credential-reuse vectors, EDR catches malware delivery, secure email gateways filter phishing, and patching shrinks exposure to exploit-based vectors. Reducing attack vectors is a direct way to shrink the attack surface.
How do you defend against Attack Vector?
Defences for Attack Vector typically combine technical controls and operational practices, as detailed in the full definition above.
● Related terms
- compliance№ 071
Attack Surface
Sum of all points where an attacker can attempt to enter, extract data from, or manipulate a system, including networks, software, identities, supply chain, and people.
- compliance№ 1151
Threat Vector
Channel or means through which a threat actor can deliver an attack, often used interchangeably with attack vector but with broader, threat-modelling connotation.
- compliance№ 1149
Threat Landscape
Current picture of the threats facing an organization, sector, or region: actors, tactics, malware families, vulnerabilities, and trends over time.
- compliance№ 687
MITRE ATT&CK
A globally accessible knowledge base of adversary tactics and techniques observed in real-world attacks, maintained by MITRE.
- attacks№ 821
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.
- vulnerabilities№ 399
Exploit
A piece of code, data, or technique that takes advantage of a vulnerability to cause unintended behaviour such as code execution, privilege escalation, or information disclosure.