🛡️

Understanding Threat Vectors and Their Risks

May 31, 2025

View transcript

Lecture Notes on Threat Vectors

Introduction to Threat Vectors

  • Threat Vector: Method used by attackers to gain access to systems.
  • Also known as an attack vector.
  • Attackers constantly seek new threat vectors.
  • Importance of protecting against both known and unknown threat vectors.

Common Threat Vectors

Messaging Systems

  • Email: Used for sending malicious links or phishing pages.
  • SMS: Attackers use text messages to deliver malicious links.
  • Instant/Direct Messages: Provides direct communication for phishing or malware.
  • Phishing Attacks: Entice users to click on fake links or websites (e.g., fake bank sites).

Multimedia

  • Images: SVG format can contain scripts and malware via XML description.

File Formats

  • Executables and PDFs: Can hold malicious scripts or software.
  • Compressed Files: Obfuscate threats within zip or rar formats.
  • Office Documents: Macros can be used to gather personal information.

Mobile and Calls

  • Vishing: Voice phishing to obtain personal information.
  • Spam over IP: Automated spam messages using VoIP systems.
  • War Dialing: Searching for live phone lines that connect to systems.

External Devices

  • USB Drives: Can carry malware, used to infiltrate air-gapped networks.
  • Malicious Keyboards: USB devices masquerading as keyboards.

Network and Software Vulnerabilities

Software Patching

  • Importance of Updates: Prevents exploitation of known vulnerabilities.
  • Agentless Systems: Web-based applications pose risks if central servers are compromised.
  • Unsupported Systems: Older systems with no patches present significant risks.

Network Infrastructure

  • Wireless Security: Upgrade to WPA3 and check for rogue access points.
  • 802.1x Authentication: Ensures network access only with credentials.
  • Bluetooth: Vulnerabilities can be exploited for reconnaissance.

System and Device Configurations

Open Ports

  • Web Servers: Open ports like TCP 80/443 can be exploited.
  • Firewalls: Limit access to services to secure systems.

Default Credentials

  • Example: Default username/password (e.g., admin/admin) risks.
  • Change Defaults: Essential for security on network devices.

Supply Chain Vulnerabilities

  • Third-Party Risks: Access through MSPs or during manufacturing.
  • Counterfeit Hardware: Fake components can introduce vulnerabilities.

Case Study

  • Target's 2013 Breach: Attackers accessed the network via HVAC contractors, installing malware on point-of-sale systems.

Full transcript