Modules 3 + 4 Flashcards
Nation State/APT threat actor
Motivation: national interests, espionage, disruption, war
Sophistication level: high
Funding: unmatched. Will hire world experts.
Unskilled attacker/“script kiddie “
Motivation: destruction, prestige
Sophistication level: low: no enough to be dangerous; uses tools without fully understanding them
Funding: low
Activist threat actor
Motivation: disruption, ethics, philosophy, politics: to further a social/political cause
Sophistication level: moderate
Funding: moderate
Organized crime threat actor
Motivation: furthering criminal enterprise – gaining popularity, money
Sophistication level: high – ransom data, theft, extortion, blackmail, identity, theft
Funding: high
Insider threat
Motivation: disruption, revenge, blackmail; sometimes disgruntled, but sometimes just incompetent or uneducated
Sophistication level: moderate
Funding: low
Internal !!
Shadow IT
Motivation: want to be helpful, and/or circumvent policies or security controls in the process, prestige
Sophistication level: low/moderate
Funding: low
Note: internal!!*
Social engineering threat vectors (5)
Social engineering: Talking someone into divulging information they normally wouldn’t by establishing false pretext or applying social pressure
1 Messages: email, SMS/text, chat/DM’s/IMS- PHISHING
Voice: vishing
2 impersonation
3 misinformation
4 pre-texting
5 watering hole attack
Removable media threat vector
– Data can be filtrated via a removable media and malware can be introduced
– “Air gapped “systems can also be compromised this way
File-based attacks – 3
- Malware via downloaded file/email attachment.
- File less - no file that stays on the system. It removes itself.
- Malicious images – stenography: concealing data within other non-sensitive data.
Threat vectors (9)
- social engineering
- File-based attacks.
- Removable media – mass storage devices.
- Vulnerable software.
- Unsupported systems/applications.
- Unsecured networks.
- Open network ports.
- Default credentials.
- Supply chain attacks.
Air gapped system
A highly secure computer/network that is also physically isolated from any other network, including the Internet
Sometimes they use removable media to transfer data
Vulnerable software
– Can have security flaws baked in due to inadvertent oversight
– Patch and update ASAP always!
Unsupported systems/applications
– Any system connected to an organizations network should be identified and monitored
- Any software should be listed and watched for updates
– Users independently, introducing systems or software that doesn’t regularly get patched/updated equals vulnerability!
Two ways to scan software
- Client based/agent based – use software (agent) on endpoint systems (devices) to scan software and report back to central server
- Agentless – using a network service to scan for/enumerate hosts and query hosts software.
Endpoint system
Any device that connects to a network, such as a laptop, desktop, smartphone, or server. Think of it as the final stop in a network where users interact with applications.
What are the 7 components of a network?
- Router – Directs internet traffic, assigns IP addresses.
- Switch – Connects multiple devices inside a network for faster communication.
- Modem – Converts internet signals from the ISP into usable data.
- Firewall – Protects network traffic by filtering unauthorized access.
- Server – Stores and provides data, websites, or services to devices.
- Access Point (AP) – Expands wireless network coverage.
- Network Cables & Fiber Optics – Provide physical connections for fast, stable data transfer.
3 types of Unsecured networks (for test)
- Wired – active network ports, especially in public/traffic/vacant areas.
- Wireless – vulnerable security via insecure protocols, transmitting beyond confines of facility. NOTE: it is NOT illegal to receive wireless traffic, it’s in public space.
- Bluetooth – always beaconing its ID when active to any device. Used in retail store tracking based on Bluetooth ID.
Open network ports
• Open ports leave systems vulnerable to cyberattacks.
• Attackers can scan, exploit, or send malicious traffic through open ports.
• Mitigation:
• Close unused ports.
• Disable unnecessary services.
• Use a firewall to filter traffic.
• Monitor network activity.
Network port
A virtual door, allowing data to reach network services
Ransom as a service
Bring a gang a target and ways to deliver ransom and they’ll share the profits from the attack they’ll carry out on your behalf with you
BONUS: types of networks
- Cellular Networks (4G/5G) → Used for mobile phones and IoT devices.
• Satellite Networks (VSAT, Starlink, GPS) → Used for global communication.
• Near Field Communication (NFC) → Contactless payments like Apple Pay.
• Infrared (IR) Networks → Used in remote controls, short-range data transfer.
• Mesh Networks → Devices communicate in a decentralized way (e.g., smart homes).
• Ad-hoc Networks → Temporary networks without centralized control (e.g., military).
Host
any device that connects to a network and can send or receive data. This includes:
• Computers (Desktops, Laptops, Servers) → Store and process data.
• Mobile Devices (Phones, Tablets, Smartwatches) → Connect to networks for communication.
• Network Hardware (Routers, Switches, Firewalls, IoT Devices, etc.) → Manage and direct data flow.
Default credentials
Often admin: admin
Big problems; scanners exist to exploit this on commercial devices
How hosts work in a network?
How Hosts Work in a Network
• Hosts communicate using IP addresses. Each device has a unique identifier (like a home address).
• They interact via ports. If a host is running a web server, it “listens” for requests on port 80 (HTTP) or port 443 (HTTPS).
• Hosts can be servers or clients.
• A server is a host that provides services (e.g., a web server hosting a website).
• A client is a host that requests services (e.g., your laptop requesting a webpage).
Supply chain attacks: how it works and vectors
Vectors: 1 managed service providers, 2 vendors, 3 suppliers
How it works: attacker targets a less-secure link/system within the target organizations supply chain. The target information may be in a less protected system.
Social engineering
Tactics to illicit information/behavior from people that they wouldn’t normally give/do
Phishing
Sending messages that appear legit, but are meant to lower the person into providing personal information or interact with a link/file. Usually email; low-effort.
Spear phishing
Targeting specific people because of their level of authorization
Vishing
Voice plus Phishing– using fishing techniques over voice calls
Whaling
Going after “big fish “– leadership personnel
NOTE: if the test mentions “CEO “it’s a whaling question
Smishing
SMS + phishing– phishing techniques via SMS/text
Impersonation (social engineering)
Pretending to be someone that a target is likely to trust or consider an authority in order to illicit information. The target wouldn’t otherwise give.
- brand impersonation: pretending to represent a company the target may want to work with
Misinformation
Giving false information to trick someone into doing something for you
EX: your computer is at risk !! messages
Pre-texting
Preemptive context
Attacker creates a fake backstory to trick the target into doing something against there or their organizations interests
Example: calling ahead to let the front desk know an inspector will arrive tomorrow and will need access to the elevator control room and primary data center to groom employees into granting access when prompted
Watering hole attack
Attackers lay in weight for pray to come to them
Typosquatting
Buying a domain similar to a popular site to catch people who miss typed the URL or miss the typo or trust it based on similarity
Example: gooogle.com or W0RK day
