Comparison of established and recent attack vectors

The following table compares the similarity of the problems with regard to the objective, effect, cause and tools used by the attacker / actor. The reader interprets the table from the bottom up.

Measure towards digital security

Measure towards self-determined ability to act



Financial incentives made possible by

  • Competing companies / organizations - Disruption of IT-sensitive workflows

  • Extortion - Interruption of access to the database in plain text

Safeguarding power

See Chapter 5.1 - Objectives and intentions of actors in chapters - Regime-oriented countries, terrorist groups and populism.

Affecting the ability to function


Short to medium time frame

  • An extension of the technical restriction continues beyond organizational or corporate boundaries by delaying the attacker from taking immediate effect of the malicious software on the initially infected end device.

  • A further spread is carried out via the means of interaction or collaboration of the user whose end device had become the target of a successful attack. An indirect attack becomes possible by carrying out a renewed and automated transmission of the e-mail with defective attachment to the contacts stored in the digital address book. Subsequent recipients consider the content of the message to be relevant as the origin of the message (sender's address) is considered valid.

Due to the absence of a suspicious factor, the radius of infection increases progressively.

NoticeThe statement made in the previous section that the effect of the attack vector used is exclusively limited to a local machine must be revised to reflect more extensive patterns of infection.

Beyond a longer time frame

  • Societal problems to which there is no conventional method of resolution are perceived as an inability of the political leadership.

  • New trend subjects are established at regular intervals, which are in the focus of the media and press landscape over an extended period of time.

The individual doubts the neutrality of the media apparatus because of the one-sided or often repeated reporting. This contradicts high-quality journalistic standards and objective reporting with the focus on enabling people to form their own opinions without prejudice.

  • A well-functioning media landscape constitutes a fundamental instrument of any democratic society.

The self-organisation of such a structure is being disturbed by the controlled and targeted production, distribution or scattering of critical content.

  • External forces with great experience in the field of propaganda indicate the effect of proven falsified information.

  • Similarly minded inner forces take up the methods and strengthen the effect by spreading false information with a stronger regional focus.


Immediate time frame

  • The functional integrity of a digital device or component of a digital infrastructure is compromised immediately after infection.

  • Depending on the digital component on which the malware is executed, the effect is limited to a single machine. If one machine provides services for other machines, the overall workflow will be interrupted.

NoteThis attack vector corresponds to that of a Trojan horse. As a rule, this type of attack vector does not attack end devices connected in the (local) network. The effect is limited to a local machine. The extent and consequences of an incident for other or directly uninvolved participants are determined by several factors. Questions as to whether the electronic fingerprint (signature) of a malicious software is detected by a virus, spyware, malware, ransomware filter or whether, if a malicious software has an advanced behaviour, the effect of defensive methods is capable of deceiving must be considered.

Immediate time frame

  • Specific influence on the participants' ability to draw self-determined conclusions. The user usually consumes content in digital environments only superficially and does not deal with the statement contained in the content in detail.

  • The individual's conception of values and opinions is influenced by extreme statements or subconsciously perceived noises.

  • The average user is often not aware of this situation because content is considered in terms of its own social structure - the social-spatial character (family, peer group, milieu, subgroup), which represent a shared set of opinions and moral values.

An independent evaluation of the statement contained in a content is not possible, since there is at least one evaluating voice of a participant through which external content is propagated into the user's field of vision - see Chapter - Entry of external or third-party content into the inner structure of a social fabric.


Enhancing the effect through interaction

Faulty behaviour - triggered by interaction

  • by untrained employees within an organization in dealing with data received from untrusted sources.

The human factor is the weakest link in the chain of measures for IT security

Faulty behaviour - triggered by interaction

  • by people whose perception of opinion has been deliberately manipulated in advance - see Chapter 21.7.2 - Ambivalence of the media in the subchapters Simplification / Personalisation, Passivity, Apparent Worlds as well as the targeted thematisation

Entering the user's field of vision

Authentic and critical content is consumed by the user in parallel. The provider of an electronic mailbox classifies the inbound message stream - inbox / spam. The classification is done by measuring the number of transmissions of an identical message to other mailboxes (scattering) or by using the pattern of word order contained in a message. Despite an active procedure, the classification is not 100% reliable.

The user consumes content which is identified as spam.

The operator of a social media application determines the composition of the content contained in the news or content stream. The user consumes authentic and critical content in parallel. Due to the typical user behavior of consuming multiple items of content in a very short period of time, the user no longer deals in detail with the message embedded in a piece of content.

The statement communicated in a critical content changes the opinion and decision behaviour progressively.


Method of distribution

The distribution or dispersion of a compromised date is carried out by means of a primary technology used for digital communication.

Everyone who uses the Internet has an electronic mailbox.

The viral distribution model used in social media applications is ideally suited for the controlled and targeted distribution or spreading of (critical) content.

The vast majority of Internet users are using social media applications on a daily basis to participate in the digitally mapped social fabric.


The integrity of a data gets compromised.

Malicious software is injected into the operating system through an interaction of the user with the carrier.

The most suitable carrier is for instance the attachment to an e-mail.

Fake sender addresses and contents in the subject line of an e-mail pretend to be important information for the user.

This attack vector is similar to that of a Trojan horse and has been used to spread spyware and ransomware since the inception of this form of communication.

NoteOther attack vectors are mainly based on- known, but not eliminated by the manufacturer- or undisclosed vulnerabilities in software or hardware components.These attack vectors do not require a carrier medium (no user interaction) to introduce a malicious component into a given system.The effect of malicious software can often be neutralised by the use of protection software.Corresponding procedures will not be described in detail at this point.

Hidden or extreme messages are embedded in posts that are communicated in the content or message stream of social media applications.