Threat Vectors and Attack Surfaces

Questions and Answers

What is a common characteristic of spear-phishing emails?

They never contain attachments.

They contain links to legal documents.

They appear to come from a trusted source. (correct)

They always come from unknown sources.

Which of the following is a method to enhance security against SMS phishing?

Ignore all received text messages.

Always click on the links from known contacts.

Use a single-factor authentication method.

Enable two-factor authentication. (correct)

What form of malware distribution can occur via image files?

By changing file extensions.

Only through encrypted images.

Through direct downloads from the internet.

Embedded malware using steganography. (correct)

What is a risk associated with file-based attacks, like PDFs or Word documents?

They often contain embedded scripts or macros.

In what way do vishing attacks typically operate?

By calling victims pretending to be legitimate services.

What is a significant concern with using removable devices like USB drives?

They can carry malware that auto-executes upon connection.

What distinguishes client-based software from agentless software?

Client-based software requires installation on the system.

How can one identify potential phishing emails?

They may have poor grammar or misspelled words.

What is a significant risk associated with using unsupported software?

Unpatched vulnerabilities being exploited

Which of the following is NOT an effective mitigation for unsecure networks?

Using default network configurations

What practice should be followed to minimize the risk of unauthorized access due to default credentials?

Implement strong, unique passwords

Which type of attack is associated with the exploitation of Bluetooth devices?

Bluejacking

What is one of the first lines of defense in cybersecurity?

Understanding threat vectors and attack surfaces

Which of the following best describes social engineering attacks?

Manipulating people to gain unauthorized access

What should be done if supported software is not available?

Isolate the unsupported systems from the network

Which is a major human vector that attackers utilize for information extraction?

Phishing attacks

Study Notes

Threat Vectors and Attack Surfaces

• Message-based attacks:

  • Emails are a common vector for phishing, malware, and spam.
  • Spear phishing emails mimic trusted sources, often containing malicious attachments or links.
  • Look for poor grammar, misspellings in emails to detect phishing attempts.
  • SMS messages can also lead to phishing sites or malware download.
  • Fake bank messages requesting urgent verification are common examples.
  • Enable two-factor authentication to enhance security.
  • Instant messaging platforms (WhatsApp, Telegram, Signal) can spread misinformation or malicious links.
  • Be cautious of files or links from known contacts; verify the legitimacy outside the platform.

• Image-based attacks:

  • Images can conceal malware or link to malicious sites.
  • Steganography can hide malicious code within images.
  • Ensure security software scans images for hidden payloads.

• File-based attacks:

  • Files (PDFs, Word documents) can contain embedded scripts or macros that execute malicious code upon opening.
  • A seemingly harmless invoice could release ransomware.

• Voice call attacks (Vishing):

  • Scammers posing as tech support or other trusted entities to obtain personal information.

• Removable Device attacks:

  • USB drives, CDs, and other removable devices can carry malware.
  • Malware can auto-execute upon connection.
  • Disable auto-run features and scan removable media before use.

Vulnerable Software

• Client-based vs. Agentless:
  • Client-based software requires installation and is vulnerable if not updated regularly.
  • Agentless software runs in the cloud and can be vulnerable if unpatched.
  • Regularly update software and run vulnerability scans.

Unsupported Systems and Applications

• Risks:

  • Using outdated or unsupported software increases risk of unpatched vulnerabilities being exploited.

• Mitigations:

  • Switch to supported software or isolate unsupported systems from the network.

Unsecure Networks

• Wireless attacks:

  • Open or poorly secured Wi-Fi networks are susceptible to man-in-the-middle attacks.

• Wired attacks:

  • Even wired networks can be compromised via physical access or unsecured ports.

• Bluetooth attacks:

  • Bluetooth can be exploited (bluejacking/bluesnarfing) where unauthorized users send messages or steal information.
  • Encrypt network traffic, disable unused ports, and services.

Open Service Ports

• Risks:

  • Open ports are vulnerable to attackers gaining unauthorized access.

• Mitigations:

  • Close unnecessary ports and implement proper access controls.

Default Credentials

• Risks:

  • Systems with default usernames and passwords are at high risk of unauthorized access.

• Mitigations:

  • Always change default credentials and use strong, unique passwords.
  • Use a password manager to keep track of complex passwords.

Supply Chain Attacks

• Managed Service Providers (MSPs):

  • MSPs manage services but can be compromised, impacting clients.

• Vendors/Suppliers:

  • Third-party software, hardware, and even chip manufacturers can be compromised.

Human Vectors/Social Engineering

• Social engineering targets human behavior to extract information or gain unauthorized access.

Types of attacks

• Phishing: Via email.
• Vishing: Over the phone.
• Smishing: Via SMS.

General Security Best Practices

• Educate your team regularly on security best practices.

Description

This quiz focuses on the various threat vectors and attack surfaces prevalent in cybersecurity. Participants will learn about message-based, image-based, and file-based attacks, offering insights into prevention strategies and detection methods. Test your knowledge on identifying and mitigating these threats for better security practices.