Threats, Vulnerabilities and Mitigations 2.1-2.2

Question 1

Threat Vectors

Answer 1

Method used by the attacker to infect or gain access to the target.
A lot of work goes into finding vulnerabilities

Question 2

Places where malicious code can be stored.

Answer 2

An adobe PDF file,
ZIP/RAR files
Microsoft office - Marcos within documents

Question 3

Voice call vectors

Answer 3

Vishing - phising over the phone
Scam over IP - Large scale phone calls
War dialling
Call tampering - Disrupting phone calls

Question 4

Removable device vectors

Answer 4

USB - helps to get into an air gapped network. (No connection to a network)

Question 5

Attributes of threat actors

Answer 5

• Internal/External
• Resources/funding
• Level of Sophistication/Capability

Question 6

Motivations of threat actors

Answer 6

• Data exfiltration
  -Espionage
  -Service disruption
  -Blackmail
  -Financial gain
  -Philosophical/Politcal Beliefs
  -Ethical
  -Revenge
• Chaos
  -War

Question 7

Motivations for a nation state to act as a threat actor

Answer 7

Motivations:
Data exfiltration
Philosophical
Revenge
Disruption
War

Question 8

Resources and Sophistication of nation states acting as a threat actor?

Answer 8

Commonly an Advanced Persistent threat (APT)
Has massive resources, are highly sophisticated.
Example: Stuxnet Worm - destroy nuclear centrifuges

Question 9

Unskilled attackers

Answer 9

Run pre-made scripted without any knowledge of whats really happening. Motivated by the hunt. Can be internal or external, Not very Sophisticated.

Question 10

Hacktivist

Answer 10

A hacker with a purpose, motivated by philosophy, revenge disruption, etc.
Funding may be limited

Question 11

Insider threat

Answer 11

Extensive resources - using the organisations resources against themselves
An internal entity -
Medium level of sophistication - insider has very specific knowledge which can be directed at vulnerable systems.

Question 12

Organised Crime

Answer 12

Professional Criminals - Motivated by making money
Very Sophisticated
lots of capital to fund hacking activities
May have corporate structure.

Question 13

Shadow IT

Answer 13

Going rogue within the the existing organisation. Working around the internal IT organisation
Builds their own infrastructure.
Limited Resources

Question 14

Message based vectors

Answer 14

Email
Sms
Phishing attacks

Question 14

Image based vectors

Answer 14

Images which contain malicious code within them, less easy to identify the threat.

Question 14

vulnerable client software vector

Answer 14

Infected executable
Known or unknown vulnerability
May require constant updates.

Question 14

Vulnerable agent software vectors

Answer 14

No installed executable
Compromised software on the server would affect all users
Attacker can distribute this easily because each new connection to this server runs a new instance ach time.

Question 15

Unsupported System Vectors

Answer 15

Patching is an important prevention tool.
Unsupported systems may not have patching options because they are outdated and the manufacturer doesn’t provide updates

Question 15

Unsecure network vectors

Answer 15

Wireless outdated security protocols such as WEP, WPA, WPA2
Wired or wireless unsecure interfaces can be made more secure with 802.1x which will prevent connection without credentials
Bluetooth can be used bt a threat actor for reconnaissance.

Question 16

Phishing

Answer 16

Social engineering which methods which is designed to make people think something is real when it is not. (example: a URL which takes you to a fake website which looks like a real one)

Question 17

Phishing Tricks and misdirection

Answer 17

• Typosquating Misdirection
  -Pretexting - Lying to get information
  -Vishing (Voice Phishing)
  -Smishing (SMS Phishing).

Question 18

Impersonation

Answer 18

Attacker pretends to be someone they aren’t.
Attack the victim as someone higher in rank
Throw tons of technical details

Question 19

Identity Fruad

Answer 19

Credit Card Fraud
Bank Fraud
Loan Fraud
Government benefits fraud

Question 20

How to protect against impersonation

Answer 20

Never volunteer information
Don’t disclose personal details
Always verify before revealing info
Verification should be encouraged.

Question 22

Open service Ports ?

Answer 22

Most network-based services connect over a TCP or a UDP port

Threat actors can access systems via to open ports

Question 23

Supply chain threat vector

Answer 23

Threat Actors can tamper with the underlying infrastructure during the manufacturing process before it is in installed.

MSP -Managed service provider (attackers can target the MSP)

Question 24

Phishing

Answer 24

Social Engineering to trick people into believing a fake scam to get information from them.,

Often delivered by email, text

Question 25

Methods tricks and misdirection used by attackers

Answer 25

Typosquatting - URL hijacking
Prextexting - Lying to get information
Vishing (Voice Phishing)
Smishing (SMS phishing)

Question 26

Impersonation

Answer 26

Attackers pretend to be someone they aren’t
Use some of those details from reconnaissance
attack the victim as a higher rank

Question 27

Identity fraud

Answer 27

Your identity can be stolen by others
Credit card fraud
Bank fraud
Loan Fraud
Government benefit fraud

Question 28

How to protect against impersonation

Answer 28

Never volunteer information
Don’t disclose personal details
Always verify before revealing info
Verification should be encouraged.

Question 29

Waterhole attack

Answer 29

Attacker will put malicious or infectious software on a website or software that the victim group uses and waits for them to visit the website.

Question 30

How to defend against a watering hole attack

Answer 30

Layered defence, Firewalls and IPS (Stop the network traffic before things get bad).

Question 31

Other social networking technique

Answer 31

Misinformation/Disinformation
- Disseminate factually incorrect information
-Influence campaigns
-Nation-state actors
Advertising is an option