Section 2.2 Flashcards
What is a threat vector?
A Threat vector is a method used by an attacker to gain access or infect a target.
What are Message-based Threat Vectors?
Attackers send malicious links via Email or SMS. Clicking this link can lead to download of malicious applications or it can be a link to a malicious site.
What are Image-Base Threat Vectors?
Image formats can be a threat, such as the SVG format, which not only contains the image, but also data in XML format that describes the image. Attackers could use this image base format to inject HTML code or javascript attacks.
What are File-Based Threat Vectors?
Malicious code can be hidden in files such as Adobe PDF, or in compression files such as ZIP/RAR or even in Microsoft Office Macro files.
What are Voice Call Threat Vectors?
Vishing is phishing over the phone in which attackers may call you in order to get sensitive information.
What are Removable Device Threat Vectors?
This threat vector includes the ability to run malicious code through a usb that’s connected to a system (may be air gapped but it doesnt matter if a usb is conencted to it). An attacker might go to the parking lot and throw a usb with malicious code in hopes of someone picking it up, bringing the usb inside and then inserting it in one of the organizations computers.
What are Vulnerable Software Threat Vectors?
This threat vector is specific to running software that has known vulnerabilities that are not patched. The attacker knows about these vulnerabilities and may attack the system using these vulnerabilities.
What are Unsupported Systems Threat Vectors?
Running unsupported systems means that the manufacturer is no longer patching known vulnerabilities. This means that the attacker may attack the vulnerabilities since they know that these vulnerabilities are no longer being fixed by the manufacturer.
What are Unsecure Network Threat Vectors?
This threat vector is specific to attackers taking advantage of networks that are not secure. This is why it’s important to use the latest security protocols for wireless and wired connections as well as bluetooth connections.
What is a way for there to be open service ports?
Most network based services connect over TCP or UDP ports, which means that every service we may use, may open ports that may provide an opportunity to an attacker.
What are Supply Chain Threat Vectors?
This threat vector is specific to attackers taking advantage of vulnerabilities of vendors that are being used in your infrastructure. If a vendor has a vulnerability and their device is within your infrastructure, then your infrastructure may be at risk as well.
What is Phishing?
Phishing is a term we use to describe social engineering that uses a number of different communication methods to make you think that something is real, when in fact it really isn’t.
What are different ways Phishing is delivered?
Phishing is usually delivered through email, text, phone calls, etc.
What are spoofed email addresses?
Email addresses that are very close to a legitimate email address but usually are a character or two off. These are used to make the target think that the email is coming from a real source.
What is typosquatting?
Typosquatting is a type of misdirection used by attackers, for example creating a URL that’s almost the same as the legitimate URL but has a character misspelled.
