🔒

Common Threat Vectors

Feb 23, 2025

Threat Vectors in Cybersecurity

Definition

  • Threat Vector: Method used by attackers to gain access to systems.
  • Also referred to as an attack vector.

Common Threat Vectors

Messaging Systems

  • Email: Often used to send malicious links or phishing pages.
  • SMS (Short Message Service): Attackers send text messages with malicious links.
  • Instant/Direct Messaging: Direct communication makes phishing attacks easier.

Example of Messaging Attack

  • Spam message pretending to be from the US Postal Service.
  • Link in message likely leads to a site with malware or phishing attempts.

Images

  • SVG (Scalable Vector Graphics) Format: XML-based image format that can include malicious code.
  • Attackers might inject HTML or JavaScript in SVG files.

Files

  • Executables: Direct threat vector as they run within system memory.
  • PDFs: Can contain text, images, and scripts; potential carriers of malware.
  • Compressed Files: Obfuscate malicious files within a larger archive.

Office Documents

  • Macros in Microsoft Office: Can be manipulated to gather personal information.
  • Browser Extensions: May contain malicious software.

Mobile and Communication Systems

  • Vishing (Voice Phishing): Calls to extract personal information.
  • Spam over IP: Automated voice spam using VoIP systems.

Physical Medium

  • USB Drives: Common in air-gapped networks; can install malware.
  • Modified USBs can mimic keyboards to inject commands.

Software Considerations

Software Updates

  • Importance of maintaining up-to-date software to patch vulnerabilities.
  • Agentless Systems: Web-based applications that can spread infection if central server is compromised.

Unsupported Systems

  • Systems without manufacturer support pose significant security risks.
  • Importance of maintaining an updated inventory of systems.

Network Infrastructure

  • Importance of using updated security protocols like WPA3 for wireless networks.
  • 802.1X: Authentication protocol for network access control.
  • Bluetooth: Potential entry point due to security limitations.

Network Configuration

Open Ports

  • Services on web servers require open ports (e.g., TCP port 80/443).
  • Misconfigurations can lead to unauthorized access.
  • Use of port-based firewalls for additional security.

Default Credentials

  • Default usernames/passwords (e.g., admin/admin) are security risks.
  • Importance of changing default credentials upon initial login.

Supply Chain Threats

Third-Party Vendors

  • MSP (Managed Service Providers): Access to MSP can lead to access to client systems.
  • Historical example: Target attack in 2013 using HVAC contractor's system access.

Counterfeit Hardware

  • Case of fake Cisco Catalyst switches in 2020.
  • Such hardware may include malicious components.

Full transcript