2.2 Flashcards
Threat Vector and Examples
How an attacker gains access,
- message based, images or files sent, phishing, removable devices, unsecure networks
Attack Surface
Where attacker gain access
Social Engineering Threat Vector -Brand impersonation
pretending to be cisco on twitter
Social Engineering Threat Vector- Typo Squatting aka url hijacking
registering gnail.com
Social Engineering Threat Vector- Watering Hole
compromising the watering hole and waiting for users who normally would trust the website they are visiting. Waiting for someone to enter CC number in “bank’s” website
Social Engineering Threat Vector Pretexting
Giving some info that seems true so the user will provide more information.
This can involve piggybacking (pretending to be someone you’re not)
It can be a form of phishing and gathering info about a person so they divulge more
could be pretending to be a company they work with over the phone etv
Social Engineering Threat Vector Phishing
Impersonating a trusted entity to trick victims into revealing sensitive information about themselves
Baiting
attacker leaves a malware infected USB in a location where target may find it
Spear Phishing
sending fraudulent email that appear to be from reputable sources but targeted toward specific users. has a high success rate
Whaling
a form of spear phishing that targets high profile individuals like the CEO
BEC
Business Email Compromise. Phishing attack. Someone’s email is compromised and attacker takes it over to steal sensitive info, redirect payments etc
Smishing
SMS phishing
Fraud (includes identity fraud and theft)
wrongful or criminal deception that is intended to result in financial or personal gain for the attacker
Identity Fraud
attacker takes victims CC and tries to use it
Identity Theft
attacker fully assumes the identity of their bictim