Threat Vectors and Attack Surfaces

(OBJ 2.2)

Threat Vectors

• Means or pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload or carry out an unwanted action
• The "How" of an attack

Attack Surface

• Encompasses all the various points where an unauthorized user can try to enter data to or extract data from an environment

• Basically it represents the sum of all potential vulnerabilities and entry points that an attacker could exploit.

• The "Where" of the attack

• Can be minimized by

  • Network segmentation
  • Restricting Access
  • Removing unnecessary software
  • Disabling unused protocols on the portion of the network

• Example:

  • The use of Email and instant messaging within an organization expands its attack surface since it provides additional avenues that could be used as a part of a phishing campaign.

Different Threat Vectors

• Messages
  • Message-based threat vectors include threats delivered via email, simple message service (SMS text messaging), or other forms of instant messaging
  • Phishing campaigns are commonly used as part of a message-based threat vector when an attacker impersonates a trusted entity to trick its victims into revealing their sensitive information to the attacker
  • Include malicious links to try to install malware in the victim
• Images
  • Image-based threat vectors involve the embedding of malicious code inside of an image file by the threat actor
  • Image is loaded by the user and a code is executed, which can potentially lead to data theft, a system compromise or other types of malicious outcomes.
  • Example: Stegano attack
    • Malicious code hidden within a better ad image
• Files
  • File-based threat vectors involve the use of malicious files to deliver a cyber threat
  • The files, often disguised as legitimate documents or software, can be transferred as email attachments, through file-sharing services, or hosted on a malicious website
  • Downloading a pirate version of a game, these files can include some kind of malware
• Voice Calls
  • Vhishing
  • Use of voice calls to trick victims into revealing their sensitive information to an attacker
  • Make unsolicited calls from a cell phone and lie to you for you to provide payment or information (extorsion)
• Removable Devices
  • Removable device threat vectors refer to threats delivered via removable devices such as USB and external storage devices
  • One common technique used with removable devices is known as baiting
  • Baiting
    • Attacker might leave a malware-infected USB drive in a location where their target might find it, such as in the parking lot or the lobby of the targeted organization
    • If the target finds the device and connects it to the computer system he malware will then be installed and executed
    • Also used with social engineering techniques.
• Unsecure Networks
  • Unsecure networks includes wireless, wired, and Bluetooth networks that lack the appropriate security measures to protect these networks
  • If wireless networks are not properly secured, unauthorized individuals can intercept the wireless communications or gain access to the network
    • Example:
      • Rogue access points (evil twins)
      • Wireless Attacks
  • Wired networks tend to be more secure than their wireless networks, but they are still not immune to threats
    • Physical access to the network infrastructure can lead to various attacks
    • Example:
      • MAC Address Cloning
      • VLAN Hopping
      • Network Security
  • By exploiting vulnerabilities in the Bluetooth protocol, an attacker can carry out their attacks using techniques like the BlueBorne or BlueSmack exploits
    • BlueBorne
      • Set of vulnerabilities in Bluetooth technology that can allow an attacker to take over devices, spread malware, or even establish an on-path attack to intercept communications without any user interaction
    • BlueSmack
      • Type of Denial of Service Attack that targets Bluetooth-enabled devices by sending a specially crafted Logical Link Control and Adaptation Protocol packet to a target device
      • It can then consume all the available resources on the targeted device and cause it to crash or become unavailable