2.2 Explain common threat vectors and attack surfaces Flashcards
1
Q
Deceptive and Disruption Technologies
A
Designed to mislead, confuse, and divert attackers
- Honeypots Decoy systems designed to attract attackers.
- Honeynets Network of honeypots mimicking an entire network
- Honeyfiles Fake files planted to lure attackers.
- Honeytokens Data with no real use, monitored for unauthorized access.
-
Disruption Technologies and Strategies for Securing Enterprise Networks:
- Bogus DNS entries: Fake DNS records
- Creating decoy directories: Fake folders/files
- Dynamic page generation: Generates fake content to disrupt bots or scrapers.
- Port triggering: - Services or ports remain closed until specific outbound traffic patterns are detected
- Spoofing fake telemetry data: Sends misleading system information (e.g., reports Windows 11 instead of MacOS) to misguide attackers.
1
Q
Threat Vectors and Attack Surfaces
A
-
Threat Vector. A potential route for a threat to exploit a system.
- Messages
- Images
- Files
- Voice Calls
- Removable Devices
- Unsecured Networks
- Unpached Software
- Attack Vector The specific method used by attackers to breach a system.
- Attack Surface The total number of vulnerabilities across a system that attackers could target
2
Q
Impersonation in Social Engineering
A
- Impersonation. Using someone’s identity to steal data or access systems
- Brand Impersonation. Mimicking companies with fake messages or sites
- Typosquatting. Registering misspelled domains of popular sites
- Watering Hole Attacks. Compromising trusted websites that a target group frequently visits. Example: Infecting a forum commonly used by employees of a specific company.
3
Q
Pretexting in Social Engineering
A
Form of social engineering where attackers create a seemingly true fabricated scenario to manipulate victims into revealing more sensitive data (e.g., a printer’s model and IP)
4
Q
Phishing Attacks
A
It’s the whole category. Trick individuals into revealing sensitive information
- Phishing. Fraudulent emails
- Spear Phishing. Targeted phishing focused on specific individuals or organizations
- Whaling. Targets high-profile individuals (CEO/CFO)
- Business Email Compromise (BEC). Uses compromised business emails to gain trust during fishing attacks.
- Vishing (Voice Phishing). Over the phone
- Smishing (SMS Phishing). Uses text messages
5
Q
Phishing vs Scam vs Fraud
A
- Phishing — focusing on pretending
- Scam — focusing on tricking with false promises
- Fraud — encompassing all deceptive activities, including phishing and scam
6
Q
Other Social Engineering Attacks
A
- Diversion Theft. Redirecting goods to other locations
- Hoaxes. A false alert or notification mimicking a virus or hack to trick the user into taking action, though no threat exists.
- Shoulder Surfing. By looking over someone’s shoulder or using cameras
- Dumpster Diving. Searches trash for sensitive documents or data
- Eavesdropping. Secretly listens to private conversations or intercepts communications
- Baiting. Leaves infected devices (like USBs) to trick victims into installing malware
-
Piggybacking and Tailgating.
- Tailgating: Follows an employee into a secure area without their knowledge
- Piggybacking: Gains access by convincing an employee to let them in (pizza delivery guy)
7
Q
Hardware Vulnerabilities
A
-
Types of Hardware Vulnerabilities
- Firmware: e.g., Outdated firmware allowing unauthorized access
- End-of-Life, Legacy, and Unsupported Systems
- Unpatched Systems
- Hardware Misconfigurations: Incorrect settings (e.g., Open ports leading to performance issues)
-
Mitigation Strategies
- Hardening: Close unnecessary ports etc.
- Patching
- Configuration Enforcement: Ensure secure setups (e.g., Regular config audits)
- Decommissioning
- Isolation: Keep vulnerable systems separate (e.g., Quarantine unpatched devices)
- Segmentation: Split networks to reduce breach impact (e.g., Separate guest network from internal systems)
