Threat Vectors and Attack Surfaces Flashcards
Threat Vector
Means or pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload or carry out an unwanted action
Attack Surface
Encompasses all the various points where an unauthorized user can try to enter data to or extract data from an environment
Methods of minimizing attack surfaces include:
Restricted Access, removing unnecessary software, and disabling unused protocols
Messages
Message-based threat vectors include threats delievered via email, simple message service (SMS text messaging), or other forms of instant messaging
Images
Image-based threat vectors involving the embedding of malicious code inside of an image file by the threat actor
Files
The files, often disguised as legitimate documents or software, can be transferred as email attachments, through file-sharing services, or hosted on a malicious website
Voice calls
Vhishing - Use of voice calls to trick victims into revealing their sensitive information to an attacker
Removable devices
Baiting - attackers might leave a malware-infected USB drive in a location where their target might find it, such as in the parking lot or the lobby of the targeted organization
Unsecure Networks
Include wireless, wired, and bluetooth networks that lack appropriate security measures, if not properly secured, unauthorized individuals can intercept wireless communications or gain access to the network. Wired networks are more secure typically, but not immune to threats.
Physical access to network infrastructure can lead to attacks like
MAC Address Cloning and VLAN Hopping
Bluetooth attacks include examples
like BlueBorne, or BlueSmack exploits
BlueBorne
Set of vulnerabilities in Bluetooth technology that can allow an attacker to take over devices, spread malware, or even establish an on-path attack to intercept communications without any user interaction
BlueSmack
Type of Denial-of-Service attack that targets Bluetooth-enabled devices by sending a specially crafted Logical Link Control and Adaptation Protocol packet to a target device