Threat Vector
The specific pathway or method an attacker uses to gain unauthorized access to a system, network, or data. A threat vector is the "door" β not the attacker and not the malware, but the mechanism by which an attack is delivered or initiated. Understanding threat vectors allows defenders to identify and close attack pathways before they are exploited.
Attack Vector
Often used interchangeably with threat vector β the path or means by which an attacker gains access to a target system in order to deliver a payload or achieve a malicious objective. Attack surface is the sum of all attack vectors exposed by a system or organization. Reducing attack surface means eliminating or hardening available attack vectors.
Phishing (Message-Based)
A social engineering attack delivered via message-based vectors β primarily email β that attempts to deceive recipients into clicking malicious links, opening malware attachments, or surrendering credentials. Variants include spear phishing (targeted at a specific individual), whaling (targeting executives), smishing (SMS/text-based phishing), and vishing (voice-based phishing). Phishing is the most common initial access vector in documented breaches.
Vishing
Voice phishing β a social engineering attack conducted over phone calls. An attacker impersonates a trusted authority (IT support, bank, IRS, senior executive) and uses social pressure to extract credentials, authorize transactions, or bypass security procedures. Vishing exploits the human tendency to comply with authority figures and the urgency that voice communication creates. Example: calling the IT help desk claiming to be a VP locked out of an account.
SPIT (Spam over IP Telephony)
Automated, large-scale robocall campaigns delivered over Voice over IP (VoIP) infrastructure β the voice equivalent of email spam. SPIT campaigns can reach thousands of targets with recorded vishing messages at essentially zero cost per call. Used to deliver fraudulent messages impersonating banks, government agencies, or service providers, prompting recipients to call back or press a button to speak with a fake representative.
War Dialing
An automated attack technique that dials every phone number in a defined range, listens for modem tones or system responses, and logs which numbers connect to computers, PBX systems, modems, or other networked equipment. Originally prominent in the 1980sβ90s, war dialing still occurs against industrial, government, and legacy environments where analog phone lines and modems remain in use. Modern versions scan VoIP infrastructure as well.
Call Tampering
Disrupting, intercepting, or manipulating voice communications as a threat vector. Includes flooding a phone system with calls to prevent legitimate use (voice denial of service), injecting noise or false information into active calls, intercepting and recording VoIP traffic, and call spoofing (falsifying caller ID to impersonate trusted numbers). Targets VoIP infrastructure specifically due to its reliance on internet protocols.
SVG (Image Vector)
Scalable Vector Graphic β a file format that is fundamentally an XML text file describing shapes, paths, and graphical elements rather than pixels. Because SVG is XML-based, it can legally contain HTML elements and JavaScript. When a browser renders a malicious SVG, any embedded script executes β making SVG files a code execution vector, not just an image format. Hard to detect visually because the image appearance gives no indication of embedded code. Requires browser-level input validation and sanitization.
HID Attack / Hacker on a Chip
An attack using a USB device that emulates a Human Interface Device β specifically a keyboard. When plugged into a computer, the operating system recognizes it as an authorized input device and grants it immediate keyboard access without authentication. The device automatically types pre-programmed malicious commands at machine speed (hundreds of characters per second), executing attack sequences in seconds. Tools like the USB Rubber Ducky implement HID attacks. Often called "Hacker on a Chip" because the entire attack payload is embedded in the device's microcontroller.
Air-Gapped Network
A network that is physically isolated from all external networks, including the internet β there are no wired or wireless connections to outside systems. Considered the highest level of network isolation, used in classified government systems, industrial control environments, and critical infrastructure. Air-gapped networks are not immune to attack: USB-based vectors (such as Stuxnet) are specifically designed to bridge air gaps by physically carrying malware across the isolation boundary on removable media.
Agentless Software
A software deployment model where no application is permanently installed on the client device β the client connects to a server and runs an application instance in a session. Contrast with client-based software (installed locally). The security risk: if the server hosting the application is compromised, every client connecting to it is affected simultaneously β there is no local agent to patch, and the server-side compromise immediately impacts the entire user population upon login.
Unsupported System
A system running an operating system or application that the manufacturer no longer supports with security patches. Unsupported systems permanently accumulate known, unpatched vulnerabilities as new CVEs are discovered β because no patches will ever be released for end-of-life software. A single unsupported system in a network can serve as an entry point for the entire environment. Examples: Windows XP (end of life 2014), Windows 7 (EOL 2020), Windows Server 2008 (EOL 2020).
802.1X
An IEEE standard for port-based Network Access Control (NAC) that requires devices to authenticate before being granted access to a wired or wireless network. A device attempting to connect must present valid credentials β typically through an authentication server (RADIUS). Without 802.1X on wired network ports, any device physically connected to an Ethernet port receives network access automatically. 802.1X closes the "plug in and you're on the network" vulnerability for both wired and wireless infrastructure.
Default Credentials
Factory-set usernames and passwords shipped on network devices and systems to allow initial configuration β typically simple pairs like admin/admin, admin/password, or device-specific defaults. Default credentials must be changed immediately upon deployment. If left unchanged, they grant full administrator access to anyone who looks up the device model's defaults (publicly listed on sites like routerpasswords.com). The Mirai botnet compromised hundreds of thousands of IoT devices using only a list of 61 known default credential pairs.
Supply Chain Attack
An attack that targets an organization indirectly by compromising a vendor, supplier, contractor, manufacturer, or software provider that the target trusts. Rather than attacking a hardened target directly, attackers compromise the supply chain upstream and ride trusted relationships downstream. Examples: compromising software build pipelines to inject backdoors into legitimate updates (SolarWinds), tampering with hardware during manufacturing (fake Cisco switches), and compromising MSPs to reach all their customers simultaneously.
MSP (Managed Service Provider)
A company that manages IT infrastructure and services for multiple client organizations from a centralized platform, typically with privileged remote access to all client systems. MSPs are high-value supply chain targets because compromising one MSP provides authenticated access to all of its customer networks simultaneously. A single MSP breach can expose dozens or hundreds of separate organizations to attackers β extraordinary leverage compared to attacking each customer individually.