Threat vectors and attack surfaces

Question 1

Threat vector

Answer 1

Means or path that an attacker can use to access networks or computers to deliver a malicious payload or carry out an unwanted action, ie how

Question 2

Attack surface

Answer 2

Encompasses all various points where an unauthorized user can try to enter data to extract data, ie where

Question 3

How to minimize

Answer 3

Restricting access, removing unnecessary software, disabling unused protocols

Question 4

Messages

Answer 4

message based threat vectors delivered by email, sms, or other forms of IM, IE, phishing campaign

Question 5

Images

Answer 5

Imaged based threat vector involve embedding of malicious code inside an image file by the threat actor

Question 6

Files

Answer 6

File based threat vector use malicious files to deliver cyber threats, ie, disguised as legit, can be transferred via email. Or downloaded game from file share

Question 7

voice calls

Answer 7

Voice call threat vectors involve the use of voice calls to trick victims into revealing their sensitive info. May try to impersonate a bank or IRS

Question 8

Removable devices

Answer 8

threat vectors delivered via USB or other removable devices. Baiting can be used by hackers leaving usb devices for victims who are unknowing, or social engineering

Question 9

Unsecure networks

Answer 9

threat vectors that lack appropriate security measures for protection, like wifi, bluetooth

Question 10

Blueborne

Answer 10

exploit in bluetooth that can allow an attacker to take over devices or spread malware

Question 11

Bluesmack

Answer 11

Type of denial service attack that targets bt enabled devices by sending specifically crafted Logical Link Control and adaptation protocol packet which can cause device to crash or become inoperable