Threat Vectors
Updated Jan 30, 2024 ·
Overview
-
Threat Vectors
- Means or pathway by which an attacker can gain unauthorized access to a computer or a network to deliver a malicious payload or carry out an unwanted action.
- The "How" of the attack
-
Attack Surface
- Various points where an unauthorized user can try to enter data to or extract data from an environment.
- The "Where" of the attack
Messages
-
Phishing
- Deceptive messages tricking users into revealing sensitive information.
- Often conducted via email, SMS, or malicious websites.
- For more information, please see Phishing
-
Smishing
- Phishing attacks via SMS or text messaging.
- Often impersonates trusted sources like banks or service providers.
- For more information, please see Smishing
-
Social Engineering
- Tricks users into revealing info or giving access
- Performed using manipulation and impersonation
- Exploits human trust, like phishing or pretexting.
-
Malware Links
- Links that install malicious software when clicked.
- Can lead to data theft, ransomware, or system compromise.
Images
| Type | Description |
|---|---|
| Steganography | Hides malicious code or data within images. See Cryptography Basics for more info. |
| Malware Injection | Images containing embedded malware that activates when opened. |
| Exploits | Use specific image formats to exploit vulnerabilities in viewers or editors. |
Files
| Type | Description |
|---|---|
| Malicious Attachments | Files containing malware or harmful scripts. |
| Trojan Horses | Files that appear benign but contain malicious payloads. |
| Ransomware | Files that encrypt user data for ransom when opened. |
| Exploitable Documents | Files with macros or embedded code that can be exploited. |
Voice Calls
| Type | Description |
|---|---|
| Vishing | Voice phishing, where callers pose as trusted entities to extract information. |
| Caller ID Spoofing | Fakes the caller identity to gain trust. |
| Voice Phishing Bots | Automated voice calls designed to trick or manipulate victims. |
Removable Devices
| Type | Description |
|---|---|
| USB-based Malware | Infectious code stored on USB drives. |
| Data Theft | Unauthorized access to sensitive data through removable storage. |
| Device Manipulation | Using removable devices to alter or manipulate system behavior. |
Unsecure Networks
| Type | Description |
|---|---|
| Eavesdropping | Intercepting data transmitted over unsecured networks. |
| Man-in-the-Middle (MITM) Attacks | Intercepting and altering communication between two parties. |
| Session Hijacking | Taking over user sessions in insecure networks. See Session hijacking. |
| Rogue Access Points | Fake network access points designed to steal information. See Rogue WAPs. |
Bluetooth Exploits
-
BlueBorne
- Allows attackers to gain control over Bluetooth-enabled devices remotely.
- Results in unauthorized data access, remote code execution, or device takeover.
- Affects a wide range of devices, including smartphones, laptops, and IoT devices.
-
BlueSmack
- A Bluetooth-based denial-of-service (DoS) attack.
- Overloads a target device with excessive or malformed Bluetooth packets, causing it to crash or become unresponsive.
- Can disrupt Bluetooth-enabled services and other connected devices.
Attack Vectors
Difference between attack vectors and threat vectors:
-
Threat Vector
- How the attacker plans to break into the system.
- Example: A computer missing a critical security patch -> Vulnerability -> Threat vector
-
Attack Vector
- How the attacker plans to break into the system.
- How the attacker can infect the system
- Example: Attacker scans the network for computers missing the critical security patch, then uses a known exploit to break in and gain control.