7 old attack vectors cybercriminals still use

Even in today’s age of digital evolution, malicious hackers continue to use attack vectors dating back decades. Research shows notable periods of resurgence relating to certain methods deemed old-fashioned. What this indicates is that while attack specifics can change with time, points of infection, distribution and proliferation can remain and even lead to the most significant of breaches.

“Cybercriminals tend to return to ‘old favorite’ methods of attack, particularly when newer vectors get shut down or become more difficult to execute due to the efforts of law enforcement and security teams,” says Egress Threat Intelligence Vice President Jack Chapman.

Cato Networks Strategic Security Engineer Peter Lee agrees, citing two main reasons why cybercriminals use ‘old school’ attack vectors – economics and target acquisition. “The booming exploit market puts a price tag on everything that attackers throw at their targets and the prices vary enormously, so there’s a strong incentive for attackers to start cheap and work their way up. No need to burn your $2 million iPhone zero-day if you can compromise the same target by exploiting an unpatched web server CVE from 2017. Secondly, improvements in cyber defense across the board have made it more difficult for cybercriminals to get their message to key targets, which is occasionally forcing them to fall back on old vectors which have fallen off the radar of many defenders.”

Here are seven old attack vectors cybercriminals still use today with practical advice for defending against them.

1. Physical storage devices to infect systems, spread malware

The very first computer viruses spread via floppy disks, and the use of physical storage devices to infect systems and propagate malware persists to this day. This was evidenced in January 2022 when the FBI issued a public warning about BadUSB, a USB attack campaign in which numerous USB drives, laced with malicious software, were sent to employees at organizations in the transportation, defense, and insurance sectors.

The USBs were configured keyboards disguised as gift cards or invoices and, once inserted, injected commands to download malware…