2.2 Threat Actors & Vectors Flashcards
Threat Actors and Motivations
Nation-State Actors: Highly skilled attackers with significant resources, often motivated by political or economic goals.
Hacktivists: Individuals or groups motivated by political or social causes.
Organized Crime: Groups motivated by financial gain, often using sophisticated techniques and tools.
Insider Threats: Malicious or negligent employees with access to sensitive information.
Script Kiddies: Less-skilled attackers who use pre-built tools and scripts.
Human Vectors and Social Engineering
Phishing: Deceiving users into revealing sensitive information.
Spear Phishing: Targeted phishing attacks aimed at specific individuals or organizations.
Whaling: Phishing attacks targeting high-level executives.
Smishing: Phishing attacks using SMS messages.
Vishing: Phishing attacks using voice calls.
Social Engineering: Manipulating people to gain access to sensitive information or systems.
Common Attack Surfaces
Common Attack Surfaces
Removable Devices: USB drives, external hard drives, etc.
Vulnerable Software: Outdated or unpatched software.
Unsecure Networks: Weak network configurations or lack of security controls.
Default Credentials: Using default usernames and passwords.
Open Service Ports: Unnecessary open ports can be exploited.
Human Error: Mistakes made by users, such as clicking on malicious links or downloading malware.
Supply Chain Vulnerabilities
Third-Party Risks: Vulnerabilities in software or hardware provided by third-party vendors.
Supply Chain Attacks: Targeting vendors or suppliers to gain access to target organizations.
Application Vulnerabilities
Injection Attacks: SQL injection, command injection, etc.
Cross-Site Scripting (XSS): Injecting malicious scripts into web pages.
Cross-Site Request Forgery (CSRF): Tricking users into performing unintended actions.
Insecure Direct Object References: Exposing sensitive data through URLs.
Security Misconfigurations: Improperly configured servers or applications.
OS-based and Web-based Vulnerabilities
Misconfigurations: Incorrectly configured systems or applications.
Outdated Software: Vulnerable to known exploits.
Weak Passwords: Easily guessable passwords.
Lack of Patch Management: Failure to apply security patches.
Hardware and Virtualization Vulnerabilities
Firmware Vulnerabilities: Exploits targeting firmware, such as BIOS or UEFI.
Virtualization Vulnerabilities: VM escape, privilege escalation, and resource exhaustion.
Hardware Vulnerabilities: Physical security vulnerabilities, supply chain attacks, and hardware backdoors.
Cloud Vulnerabilities (CSA Treacherous 12)
Data Breaches: Unauthorized access to sensitive data.
Weak Identity, Credential, and Access Management: Poor password policies, weak authentication mechanisms.
Insecure Application Programming Interfaces (APIs): Vulnerable APIs can be exploited.
System and Application Vulnerabilities: Outdated software and misconfigurations.
Account Hijacking: Unauthorized access to user accounts.
Advanced Persistent Threats (APTs): Long-term, targeted attacks.
Accidental Data Loss: Human error or system failures.
Insufficient Due Diligence: Failure to conduct thorough security assessments.
Abuse and Nefarious Use of Cloud Services: Malicious activities using cloud services.
Denial of Service (DoS) Attacks: Overwhelming systems with traffic.
Shared Technology Vulnerabilities: Vulnerabilities in shared infrastructure or services.
Mobile Device Vulnerabilities
Sideloading: Installing apps from sources other than official app stores.
Jailbreaking/Rooting: Modifying the device’s operating system to gain root access.
Malware and Spyware: Malicious apps that can steal data or compromise the device.
Weak Passwords and Biometric Authentication: Weak security practice
Unpatched Operating Systems: Vulnerable to exploits.
