Threat Vectors

Jun 19, 2024

Threat Vectors

Threat vectors, also known as attack vectors, are methods that attackers use to gain access to systems. Attackers are constantly discovering or creating new threat vectors.

Common Messaging-Based Threat Vectors

  • Email: Attackers send emails containing malicious links or phishing pages.
  • SMS: Attackers use text messages to lure victims into clicking malicious links.
  • Instant Messages: Similar to email and SMS, attackers can use these to directly communicate and deceive victims.

Types of Attacks

  • Phishing: Utilizing messaging systems to trick users into providing sensitive information or clicking malicious links.
  • Malware Embedding: Embedding malicious software within messages or links.
  • Social Engineering: Manipulating individuals into performing specific actions or divulging confidential information.

Examples

  • Fake invoicing scams and cryptocurrency scams.
  • USPS package delivery suspension scams via text messages.
  • Reporting junk or spam to services to mitigate these threats.

Image-Based Threat Vectors

  • SVG Format: Scalable Vector Graphics (SVG) can be used to embed malicious code.
  • XML Injection: Attackers can inject HTML or JavaScript within the XML description of an SVG.
  • Browser Security: Modern browsers often prevent cross-site scripting but vulnerabilities might still exist.

File-Based Threat Vectors

  • Executables: Software that runs malicious code on system memory.
  • PDFs: Can hold various objects including scripts which can be malicious.
  • Compressed Files: Files within ZIP or RAR formats can hide malicious files.
  • Office Files: Documents with macros or browser extensions can contain malicious software.

Voice-Based Threat Vectors

  • Vishing: Voice phishing to get personal details like credit card information.
  • Spam over IP: Automated spam messages via VoIP systems.
  • War Dialing: Trying to find unpublished phone numbers to access systems.
  • Denial of Service (DoS): Disrupting systems through messaging.

USB and Removable Media

  • Malicious USB Drives: Attackers leave infected USB drives to be picked up and used inside secure networks.
  • USB as Keyboards: Modified USB drives acting as keyboards to type malicious commands.
  • Data Transfer: Using USB to transfer sensitive data out of secure networks.

Software and Unknown Vulnerabilities

  • Software Updates: Ensuring all software is up-to-date to prevent exploitation of known vulnerabilities.
  • Agentless Systems: Back-end applications can be infected to affect all connecting clients.
  • Unsupported Systems: Older versions of software with no security patches pose significant risks.

Network-Based Threat Vectors

  • Digital Highway: Networks allow free movement for attackers exploiting vulnerabilities.
  • Wireless Infrastructure: Ensure the use of latest security protocols (e.g., WPA3) and periodically scan for rogue access points.
  • 802.1X: Authentication protocol for network access control.
  • Bluetooth: Could be used for reconnaissance or exploiting weak security.

Open Ports and Misconfiguration

  • Web Servers: Open ports (e.g., TCP 80, TCP 443) can be entry points for attackers if vulnerabilities exist.
  • Patching: Regular updates are crucial to close vulnerabilities.
  • Port-Based Firewalls: Limit access to minimize potential attacks.

Default Credentials

  • Router Passwords: Default credentials like 'admin/admin' are common and should be changed immediately.
  • Device Security: Verify and change default settings to prevent unauthorized access.

Supply Chain Threat Vectors

  • Infected Equipment: Malicious software added during or after manufacturing processes.
  • Third-Party Access: Managed Service Providers (MSPs) access can be compromised to infiltrate primary network.
  • Counterfeit Hardware: Fake or tampered hardware (e.g., Cisco switches) carrying malicious software.

Case Study

  • Target's Network Breach (2013): Attackers accessed HVAC contractors' systems to infiltrate Target's network and steal credit card data from POS systems.

Security Measures

  • Inventory Management: Keep updated records of all systems and devices.
  • Regular Scans: Periodically scan networks to identify vulnerabilities and unauthorized devices.
  • Strong Authentication: Use robust authentication protocols and change default device settings.
  • Patching and Updates: Ensure all software and systems are promptly updated.
  • Third-Party Security: Monitor and manage risks from third-party service providers.