Threats, Vulnerabilities and Mitigations 2.1-2.2 Flashcards
Threat Vectors
Method used by the attacker to infect or gain access to the target.
A lot of work goes into finding vulnerabilities
Places where malicious code can be stored.
An adobe PDF file,
ZIP/RAR files
Microsoft office - Marcos within documents
Voice call vectors
Vishing - phising over the phone
Scam over IP - Large scale phone calls
War dialling
Call tampering - Disrupting phone calls
Removable device vectors
USB - helps to get into an air gapped network. (No connection to a network)
Attributes of threat actors
- Internal/External
- Resources/funding
- Level of Sophistication/Capability
Motivations of threat actors
- Data exfiltration
-Espionage
-Service disruption
-Blackmail
-Financial gain
-Philosophical/Politcal Beliefs
-Ethical
-Revenge - Chaos
-War
Motivations for a nation state to act as a threat actor
Motivations:
Data exfiltration
Philosophical
Revenge
Disruption
War
Resources and Sophistication of nation states acting as a threat actor?
Commonly an Advanced Persistent threat (APT)
Has massive resources, are highly sophisticated.
Example: Stuxnet Worm - destroy nuclear centrifuges
Unskilled attackers
Run pre-made scripted without any knowledge of whats really happening. Motivated by the hunt. Can be internal or external, Not very Sophisticated.
Hacktivist
A hacker with a purpose, motivated by philosophy, revenge disruption, etc.
Funding may be limited
Insider threat
Extensive resources - using the organisations resources against themselves
An internal entity -
Medium level of sophistication - insider has very specific knowledge which can be directed at vulnerable systems.
Organised Crime
Professional Criminals - Motivated by making money
Very Sophisticated
lots of capital to fund hacking activities
May have corporate structure.
Shadow IT
Going rogue within the the existing organisation. Working around the internal IT organisation
Builds their own infrastructure.
Limited Resources
Message based vectors
Email
Sms
Phishing attacks
Image based vectors
Images which contain malicious code within them, less easy to identify the threat.
vulnerable client software vector
Infected executable
Known or unknown vulnerability
May require constant updates.
Vulnerable agent software vectors
No installed executable
Compromised software on the server would affect all users
Attacker can distribute this easily because each new connection to this server runs a new instance ach time.
Unsupported System Vectors
Patching is an important prevention tool.
Unsupported systems may not have patching options because they are outdated and the manufacturer doesn’t provide updates
Unsecure network vectors
Wireless outdated security protocols such as WEP, WPA, WPA2
Wired or wireless unsecure interfaces can be made more secure with 802.1x which will prevent connection without credentials
Bluetooth can be used bt a threat actor for reconnaissance.
Phishing
Social engineering which methods which is designed to make people think something is real when it is not. (example: a URL which takes you to a fake website which looks like a real one)
Phishing Tricks and misdirection
- Typosquating Misdirection
-Pretexting - Lying to get information
-Vishing (Voice Phishing)
-Smishing (SMS Phishing).
Impersonation
Attacker pretends to be someone they aren’t.
Attack the victim as someone higher in rank
Throw tons of technical details
Identity Fruad
Credit Card Fraud
Bank Fraud
Loan Fraud
Government benefits fraud
How to protect against impersonation
Never volunteer information
Don’t disclose personal details
Always verify before revealing info
Verification should be encouraged.