2.2 Threat Actors & Vectors

Question 1

What are the types of threat Actors and Motivations? (HONIS)

Answer 1

Hacktivists:
Individuals or groups motivated by political or social causes.

Organized Crime:
Groups motivated by financial gain, often using sophisticated techniques and tools.

Nation-State Actors: Highly skilled attackers with significant resources, often motivated by political or economic goals.

Insider Threats: Malicious or negligent employees with access to sensitive information.

Script Kiddies: Less-skilled attackers who use pre-built tools and scripts.

Question 2

Human Vectors and Social Engineering - what are the types of phishing?

Answer 2

Phishing: Deceiving users into revealing sensitive information.

Spear Phishing: Targeted phishing attacks aimed at specific individuals or organizations.

Smishing: Phishing attacks using SMS messages.

Vishing: Phishing attacks using voice calls.

Whaling: Phishing attacks targeting high-level executives.

Social Engineering: Manipulating people to gain access to sensitive information or systems.

Question 3

What are Common Attack Surfaces? (HODURV)

Answer 3

Human Error: Mistakes made by users, such as clicking on malicious links or downloading malware.
Open Service Ports: Unnecessary open ports can be exploited.
Default Credentials: Using default usernames and passwords.
Unsecure Networks: Weak network configurations or lack of security controls.
Removable Devices: USB drives, external hard drives, etc.
Vulnerable Software: Outdated or unpatched software.

Question 4

What are Supply Chain Vulnerabilities? (TS)

Answer 4

Supply Chain Attacks: Targeting vendors or suppliers to gain access to target organizations.

Third-Party Risks: Vulnerabilities in software or hardware provided by third-party vendors.

Question 5

What are Application Vulnerabilities? (SIICC)

Answer 5

Security Misconfigurations: Improperly configured servers or applications.
Insecure Direct Object References: Exposing sensitive data through URLs.
Injection Attacks: SQL injection, command injection, etc.
Cross-Site Scripting (XSS): Injecting malicious scripts into web pages.
Cross-Site Request Forgery (CSRF): Tricking users into performing unintended actions.

Question 6

What are OS-based and Web-based Vulnerabilities? (MOWL)

Answer 6

Misconfigurations: Incorrectly configured systems or applications.
Outdated Software: Vulnerable to known exploits.
Weak Passwords: Easily guessable passwords.
Lack of Patch Management: Failure to apply security patches.

Question 7

What are Hardware and Virtualization Vulnerabilities? (FVH)

Answer 7

Firmware Vulnerabilities: Exploits targeting firmware, such as BIOS or UEFI*.
Virtualization Vulnerabilities: VM escape, privilege escalation, and resource exhaustion.
Hardware Vulnerabilities: Physical security vulnerabilities, supply chain attacks, and hardware backdoors.

Unified Extensible Firmware Interface is a specification for the firmware architecture of a computing platform. When a computer is powered on, the UEFI-implementation is typically the first that runs, before starting the operating system. Examples include AMI Aptio, Phoenix SecureCore, TianoCore EDK II, InsydeH2O.

Question 8

Cloud Vulnerabilities - what are the CSA Treacherous 12?

Answer 8

1. Data Breaches: Unauthorized access to sensitive data.
2. Weak Identity, Credential, and Access Management: Poor password policies, weak authentication mechanisms.
3. Insecure Application Programming Interfaces (APIs): Vulnerable APIs can be exploited.
4. System and Application Vulnerabilities: Outdated software and misconfigurations.
5. Account Hijacking: Unauthorized access to user accounts.
6. Advanced Persistent Threats (APTs): Long-term, targeted attacks.
7. Accidental Data Loss: Human error or system failures.
8. Insufficient Due Diligence: Failure to conduct thorough security assessments.
9. Abuse and Nefarious Use of Cloud Services: Malicious activities using cloud services.
10. Denial of Service (DoS) Attacks: Overwhelming systems with traffic.
11. Shared Technology Vulnerabilities: Vulnerabilities in shared infrastructure or services.

Question 9

Mobile Device Vulnerabilities

Answer 9

Sideloading: Installing apps from sources other than official app stores.
Jailbreaking/Rooting: Modifying the device’s operating system to gain root access.
Malware and Spyware: Malicious apps that can steal data or compromise the device.
Weak Passwords and Biometric Authentication: Weak security practice
Unpatched Operating Systems: Vulnerable to exploits.