2.2 Common Threat Vectors and Attack Surfaces

🏠

Message-based

Message-based threat vectors leverage various forms of communication.

Email

Email-based attacks target users through email communication.

Example: Phishing emails attempting to steal login credentials.

flowchart subgraph Email email -->|Targeting users through emails| PhishingEmails end

Short Message Service (SMS)

SMS-based threats involve malicious messages sent via SMS.

Example: Receiving SMS with a link to a malicious app.

flowchart subgraph SMS sms -->|Sending malicious SMS messages| MaliciousSMS end

Instant Messaging (IM)

IM-based threats exploit vulnerabilities in instant messaging platforms.

Example: Malware spread through a compromised IM account.

flowchart subgraph IM im -->|Exploiting IM platform vulnerabilities| IMMalwareSpread end

Image-based

Image-based threat vectors involve manipulating image files to carry out attacks.

Example: Embedding malicious code within image files to exploit software vulnerabilities.

flowchart subgraph ImageBased image -->|Malicious code within image files| ExploitVulnerabilities end

File-based

File-based threat vectors exploit various file formats to deliver malware.

Example: Malicious attachments in email messages that deliver malware when opened.

flowchart subgraph FileBased file -->|Malicious attachments in emails| MalwareDelivery end

Voice Call

Voice call-based threats involve exploiting vulnerabilities in voice communication.

Example: Voice phishing (vishing) attacks that trick users into revealing sensitive information over the phone.

flowchart subgraph VoiceCall phone -->|Voice phishing attacks| VishingAttack end

Removable Device

Threats related to removable devices involve malicious actions using external storage media.

Example: Plugging in an infected USB drive that spreads malware upon connection.

flowchart subgraph RemovableDevice usb -->|Infected USB drives| MalwareSpread end

Vulnerable Software

Threat vectors related to vulnerable software exploit weaknesses in software applications.

Example: Exploiting known vulnerabilities in outdated web browsers.

flowchart subgraph VulnerableSoftware database -->|Exploiting software vulnerabilities| MaliciousExploits end

Client-based vs. Agentless

Threat vectors may vary based on whether client-based or agentless methods are used.

Example: Malware delivered through client-based software vulnerabilities vs. agentless web exploits.

flowchart subgraph ClientVsAgentless box -->|Client-based vs. Agentless methods| MalwareDelivery end

Unsupported Systems and Applications

Threat vectors targeting unsupported systems and applications take advantage of their lack of updates and security patches.

Example: Exploiting vulnerabilities in an old and unsupported operating system.

flowchart subgraph UnsupportedSystems box -->|Exploiting unsupported systems| SecurityVulnerabilities end

Unsecure Networks

Threat vectors related to unsecure networks include various network types like wireless, wired, and Bluetooth.

Example: Intercepting data on an unsecured public Wi-Fi network.

flowchart subgraph UnsecureNetworks wifi -->|Data interception on unsecured networks| NetworkInterception end

Wireless

Threat vectors specific to wireless networks.

Example: Unauthorized access to an open Wi-Fi network.

flowchart subgraph WirelessNetworks wifi -->|Unauthorized access to wireless networks| UnauthorizedAccess end

Wired

Threat vectors specific to wired networks.

Example: Physical network tap for eavesdropping.

flowchart subgraph WiredNetworks cable -->|Physical network tap| Eavesdropping end

Bluetooth

Threat vectors related to Bluetooth connections.

Example: Bluetooth device spoofing to gain unauthorized access.

flowchart subgraph BluetoothNetworks bluetooth -->|Bluetooth device spoofing| UnauthorizedAccess end

Open Service Ports

Threat vectors related to open service ports involve exploiting publicly accessible network services.

Example: Scanning for open ports and exploiting vulnerabilities in exposed services.

flowchart subgraph OpenServicePorts box -->|Exploiting open service ports| ServiceExploitation end

Default Credentials

Threat vectors involving default credentials exploit systems or devices that still use factory-default login credentials.

Example: Gaining unauthorized access to a router using default username and password.

flowchart subgraph DefaultCredentials box -->|Exploiting default credentials| UnauthorizedAccess end

Supply Chain

Threat vectors in the supply chain involve exploiting vulnerabilities within the production and distribution process.

Example: Compromising software updates from a managed service provider.

flowchart subgraph SupplyChain box -->|Exploiting supply chain vulnerabilities| SupplyChainCompromise end

Managed Service Providers (MSPs)

Threat vectors specific to managed service providers.

Example: Targeting vulnerabilities in services provided by an MSP.

flowchart subgraph MSPSupplyChain box -->|Exploiting MSP vulnerabilities| MSPExploitation end

Vendors

Threat vectors related to vulnerabilities in products or services provided by vendors.

Example: Exploiting vulnerabilities in vendor-supplied software.

flowchart subgraph VendorSupplyChain box -->|Exploiting vendor supply chain| VendorExploitation end

Suppliers

Threat vectors related to vulnerabilities within the supply chain from suppliers.

Example: Compromising components supplied by a third-party vendor.

flowchart subgraph SupplierSupplyChain box -->|Exploiting supplier vulnerabilities| SupplierExploitation end

Human Vectors/Social Engineering

Threat vectors involving social engineering techniques that manipulate individuals into divulging confidential information or performing actions that compromise security.

Example: Executing a phishing attack to trick a user into revealing login credentials.

flowchart subgraph HumanVectors box -->|Exploiting human vectors/social engineering| SocialEngineering end

Phishing

Threat vectors related to deceptive attempts to obtain sensitive information.

Example: Sending fraudulent emails impersonating a trusted entity to steal login credentials.

flowchart subgraph Phishing box -->|Exploiting phishing techniques| PhishingAttack end

Vishing

Threat vectors involving voice-based social engineering attacks.

Example: Manipulating individuals over phone calls to reveal confidential information.

flowchart subgraph Vishing box -->|Exploiting vishing techniques| VishingAttack end

Smishing

Threat vectors involving SMS-based social engineering attacks.

Example: Sending deceptive text messages to trick users into taking malicious actions.

flowchart subgraph Smishing box -->|Exploiting smishing techniques| SmishingAttack end

Misinformation/Disinformation

Threat vectors involving spreading false or misleading information.

Example: Creating fake news or false narratives to manipulate public opinion.

flowchart subgraph MisinformationDisinformation box -->|Exploiting misinformation/disinformation| DisinformationCampaign end

Impersonation

Threat vectors involving impersonating individuals or entities for malicious purposes.

Example: Posing as a colleague to deceive an employee into revealing sensitive information.

flowchart subgraph Impersonation box -->|Exploiting impersonation techniques| ImpersonationAttack end

Business Email Compromise

Threat vectors involving compromising business email accounts for fraudulent activities.

Example: Gaining unauthorized access to a CEO's email account to initiate fraudulent wire transfers.

flowchart subgraph BEC box -->|Exploiting business email compromise| BusinessEmailCompromise end

Pretexting

Threat vectors involving creating a fabricated scenario or pretext to deceive individuals.

Example: Pretending to be an IT technician to gain physical access to a secure facility.

flowchart subgraph Pretexting box -->|Exploiting pretexting techniques| PretextingAttack end

Watering Hole

Threat vectors involving compromising websites frequently visited by targeted individuals or groups.

Example: Injecting malware into a legitimate website frequented by a specific organization's employees.

flowchart subgraph WateringHole box -->|Exploiting watering hole attacks| WateringHoleAttack end

Brand Impersonation

Threat vectors involving impersonating trusted brands for malicious purposes.

Example: Creating fake websites that mimic reputable brands to steal user information.

flowchart subgraph BrandImpersonation box -->|Exploiting brand impersonation| BrandImpersonationAttack end

Typosquatting

Threat vectors involving registering domain names similar to legitimate ones to deceive users.

Example: Registering a domain with a slight misspelling of a popular website to capture user traffic.

flowchart subgraph Typosquatting box -->|Exploiting typosquatting| TyposquattingAttack end