Modules 3 + 4 Flashcards
Nation State/APT threat actor
Motivation: national interests, espionage, disruption, war
Sophistication level: high
Funding: unmatched. Will hire world experts.
Unskilled attacker/“script kiddie “
Motivation: destruction, prestige
Sophistication level: low: no enough to be dangerous; uses tools without fully understanding them
Funding: low
Activist threat actor
Motivation: disruption, ethics, philosophy, politics: to further a social/political cause
Sophistication level: moderate
Funding: moderate
Organized crime threat actor
Motivation: furthering criminal enterprise – gaining popularity, money
Sophistication level: high – ransom data, theft, extortion, blackmail, identity, theft
Funding: high
Insider threat
Motivation: disruption, revenge, blackmail; sometimes disgruntled, but sometimes just incompetent or uneducated
Sophistication level: moderate
Funding: low
Internal !!
Shadow IT
Motivation: want to be helpful, and/or circumvent policies or security controls in the process, prestige
Sophistication level: low/moderate
Funding: low
Note: internal!!*
Social engineering threat vectors (5)
Social engineering: Talking someone into divulging information they normally wouldn’t by establishing false pretext or applying social pressure
1 Messages: email, SMS/text, chat/DM’s/IMS- PHISHING
Voice: vishing
2 impersonation
3 misinformation
4 pre-texting
5 watering hole attack
Removable media threat vector
– Data can be filtrated via a removable media and malware can be introduced
– “Air gapped “systems can also be compromised this way
File-based attacks – 3
- Malware via downloaded file/email attachment.
- File less - no file that stays on the system. It removes itself.
- Malicious images – stenography: concealing data within other non-sensitive data.
Threat vectors (9)
- social engineering
- File-based attacks.
- Removable media – mass storage devices.
- Vulnerable software.
- Unsupported systems/applications.
- Unsecured networks.
- Open network ports.
- Default credentials.
- Supply chain attacks.
Air gapped system
A highly secure computer/network that is also physically isolated from any other network, including the Internet
Sometimes they use removable media to transfer data
Vulnerable software
– Can have security flaws baked in due to inadvertent oversight
– Patch and update ASAP always!
Unsupported systems/applications
– identify, monitor, and update all systems and software regularly
– Users independently, introducing systems or software that isn’t regularly patched/updated = vulnerability!
Two ways to scan software
- Client based/agent based – use software (agent) on endpoint systems (devices) to scan software and report back to central server
- Agentless – using a network service to scan for/enumerate hosts and query hosts software.
Endpoint system
Any device that connects to a network, such as a laptop, desktop, smartphone, or server. Think of it as the final stop in a network where users interact with applications.
What are the 7 components of a network?
- Router – Directs internet traffic, assigns IP addresses.
- Switch – Connects multiple devices inside a network for faster communication.
- Modem – Converts internet signals from the ISP into usable data.
- Firewall – Protects network traffic by filtering unauthorized access.
- Server – Stores and provides data, websites, or services to devices.
- Access Point (AP) – Expands wireless network coverage.
- Network Cables & Fiber Optics – Provide physical connections for fast, stable data transfer.
Really Smart Moms Fight So All Connect
3 types of Unsecured networks (for test)
- Wired – active network ports, especially in public/traffic/vacant areas.
- Wireless – vulnerable security via insecure protocols, transmitting beyond confines of facility. NOTE: it is NOT illegal to receive wireless traffic, it’s in public space.
- Bluetooth – always beaconing its ID when active to any device. Used in retail store tracking based on Bluetooth ID.
Open network ports
• Open ports leave systems vulnerable to cyberattacks.
• Attackers can scan, exploit, or send malicious traffic through open ports.
• Mitigation:
• Close unused ports.
• Disable unnecessary services.
• Use a firewall to filter traffic.
• Monitor network activity.
Network port
A virtual door, allowing data to reach network services
Ransom as a service
Bring a gang a target and ways to deliver ransom and they’ll share the profits from the attack they’ll carry out on your behalf with you
BONUS: types of networks
- Cellular Networks (4G/5G) → Used for mobile phones and IoT devices.
• Satellite Networks (VSAT, Starlink, GPS) → Used for global communication.
• Near Field Communication (NFC) → Contactless payments like Apple Pay.
• Infrared (IR) Networks → Used in remote controls, short-range data transfer.
• Mesh Networks → Devices communicate in a decentralized way (e.g., smart homes).
• Ad-hoc Networks → Temporary networks without centralized control (e.g., military).
Host
any device that connects to a network and can send or receive data. This includes:
• Computers (Desktops, Laptops, Servers) → Store and process data.
• Mobile Devices (Phones, Tablets, Smartwatches) → Connect to networks for communication.
• Network Hardware (Routers, Switches, Firewalls, IoT Devices, etc.) → Manage and direct data flow.
Default credentials
Often admin: admin
Big problems; scanners exist to exploit this on commercial devices
How hosts work in a network?
How Hosts Work in a Network
• Hosts communicate using IP addresses. Each device has a unique identifier (like a home address).
• They interact via ports. If a host is running a web server, it “listens” for requests on port 80 (HTTP) or port 443 (HTTPS).
• Hosts can be servers or clients.
• A server is a host that provides services (e.g., a web server hosting a website).
• A client is a host that requests services (e.g., your laptop requesting a webpage).
