N2K - Flash Cards - Threats, Vulnerabilities, and Mitigations - Explain Common Threat Vectors and Attack Surfaces
What is bluejacking?
An attack that sends unsolicited messages over a Bluetooth Connection
What is the greatest security risk of instant messaging (IM)?
Sender Impersonation
Which type of attack targets a more vulnerable company or resource that provides your company with third-party products or services?
Supply Chain Attack
What is the risk of default credentials?
They are well-known and easily exploited by attackers when left unchanged
What is impersonation or pretexting?
When an attacker presents as someone else to gain access to information
Which threat vector is exemplified by creating bogus content resembling trusted logos and emblems to deceive users?
Brand Impersonation
Which attack surface type introduces malware or unauthorized access to systems through USB drives or external storage?
Removable Device
Which tool is used to automate spoofing or cloning Bluetooth devices and can allow one to spoof the MAC address of a given device?
Spooftooph (Kali Linux)
What is the term for the types of attacks that include impersonation, pretexting, vishing and smishing?
Human Vectors / Social Engineering
What is the purpose of an airgap?
To ensure that a secure computer network is physically isolated from unsecured networks
Which Bluetooth attack targets IoT devices?
Bluetooth Low Energy (BLE) Attack
What is bluesnarfing?
the act of gaining unauthorized access to a device (and the network it is connected to) through its Bluetooth Connection
What is SMS phishing?
A phishing attack that uses SMS or text messages to send malware or malicious links to mobile devices
How does a supply-chain attack work?
Hackers compromise a third-party managed service provider (MSP) and use their access to the company network to leverage an attack on the target company once inside their network.
Which type of threat vector is exemplified by concealing malicious code within JPG files to exploit vulnerabilities in software or deceive users?
Image-Based
What is the purpose of using a sandbox when testing applications?
It runs untested or untrusted software from unverified or untrusted third parties, suppliers, users, or websites in an isolated environment