2.2 Flashcards
Common threat vectors, phishing, impersonation, watering hole attacks, other social engineering attacks
A method used by the attacker to gain access to systems
Threat vector
AKA attack vector
How can message-based attack vectors be used? (3)
Phishing attacks - thru email, text, IM
Malware - email attachment
Social engineering - invoice scams, cryptocurrency scams
How can image-based attack vectors be used? (1)
Image format (SVG, XML) can allow an attacker to edit the image description to include:
HTML injection
Javascript attack code
This can be prevented via browser input validation that will avoid running malicious code
How can voice call attack vectors be used? (4)
Vishing - tries to obtain info over phone
Spam over IP - large-scale automated phone calls
War dialing
Call tampering - disrupting voice calls, DoS
How can file-based attack vectors be used? (3)
PDF format can contain other objects
ZIP/RAR/compressed files may contain different files
MS Office files can contain macros
How can removable device attack vectors be used? (4)
Get around the firewall via USB interface, can infect airgapped networks
Malicious software on USB
USB devices can act as keyboards
Data exfiltration - transfer large amts of info, unplug it, and walk out the door
How can vulnerable software attack vectors be used? (2)
Client-based software
The attacker can infect the application/executable
This requires constant updates to mitigate
Agentless software
The attacker can compromise the central server, and would thereby affect all other users
This is very easy to distribute because, since this software is not installed on a machine, each person logging into that service is using a new (infected) instance of it
Difference between client-based and agentless software
Client-based software is installed on the system
Agentless software does not need to be installed; you connect to a separate system to access it, like a browser
How can unsupported system attack vectors be used? (3)
Unsupported systems are not patched, so there are no new security fixes
The manufacturer is under no obligation to help in crisis
A single system could be an entry - keep your inventory and records current, make sure to identify every single unsupported system/application
How can unsecure network attack vectors be used? (4)
Attackers can view all non-encrypted data
Open or rogue wireless network can be accessed
Wired or wireless interfaces without 802.1X will not have proper authentication requirements
Bluetooth can be used for reconnaissance, or attackers can root out implementation vulnerabilities
Which wireless security protocols are outdated? (3)
WEP, WPA, WPA2
An authentication protocol used by wired AND wireless networks that prevents access to a network without providing proper credentials
802.1X
How can open service port attack vectors be used? (3)
Applications that listen to specific ports might be vulnerable or misconfigured
More services (more open ports) expand the attack surface)
Misconfigured firewall rules can allow access to ports
How can default credentials attack vectors be used? (1)
Attackers can guess or search for default credentials online
How can supply chain attack vectors be used? (4)
A third party can have access to your infrastructure by riding inside trusted/existing equipment/software that has been tampered with. Attackers can tamper with the underlying infrastructure or manufacturing process
If an attacker gains access to your MSP, they have access to your network
Gain access to a network using a vendor
Suppliers can sell counterfeit networking equipment - install backdoors, or have substandard performance/availability
