Common Threat Vectors - CompTIA Security+ SY0-701 - 2.2

Professor Messer

6 Nov 202317:14

Summary

TLDRThis video provides an in-depth look at various threat vectors used by attackers to compromise systems. From phishing and malware in messaging systems (email, SMS, instant messages) to vulnerabilities in files, USB devices, and outdated software, the video covers the many ways attackers gain unauthorized access. It also highlights social engineering tactics, unpatched systems, and supply chain attacks, where third-party vendors are exploited. The video emphasizes the importance of constant software updates, secure configurations, and vigilant monitoring to protect against these ever-evolving threats.

Takeaways

😀 A threat vector refers to the method an attacker uses to gain access to your systems, and attackers are constantly seeking new ways to exploit vulnerabilities.
😀 Attackers commonly begin their attacks through messaging systems such as email, SMS, or instant messaging, leveraging techniques like phishing and social engineering to trick users.
😀 Phishing attacks in messaging systems often involve malicious links or fake login pages that resemble trusted websites, such as banking sites.
😀 Short Message Service (SMS), including text messages, is another common threat vector, where attackers try to get you to click harmful links.
😀 SVG (Scalable Vector Graphics) images can be used as attack vectors, as they can embed malicious code like JavaScript that runs within a browser when the image is loaded.
😀 File formats like PDFs, zip files, and office documents (e.g., Word, Excel) can also be exploited as threat vectors to deliver malware or malicious macros.
😀 Attackers may hide malicious software within compressed files (zip, rar), making it harder for users to detect the threat at first glance.
😀 USB drives can be used to bypass network security, especially in air-gapped networks, by physically inserting a drive containing malware into the target system.
😀 The exploitation of outdated or unsupported software is a major concern, as vulnerabilities in these systems are no longer patched, making them ideal targets for attackers.
😀 Attackers can exploit unsecured network infrastructure, such as outdated wireless protocols (WEP, WPA, WPA2), or misconfigured services with open ports, allowing unauthorized access to systems.

Q & A

What is a threat vector and how is it used by attackers?
-A threat vector is the method an attacker uses to gain access to your systems. It can refer to any pathway or method—such as email, SMS, or even physical devices—through which attackers exploit vulnerabilities to compromise your network or systems.
Why are messaging systems, like email and SMS, common starting points for attackers?
-Messaging systems are commonly targeted because they are widely used for communication, making them an easy entry point for attackers. Phishing attacks can be executed through email, SMS, or instant messages, where attackers trick users into clicking malicious links or downloading harmful attachments.
What is phishing, and why is it effective through messaging systems?
-Phishing is a type of social engineering attack where attackers impersonate legitimate entities to trick individuals into revealing sensitive information or downloading malicious software. It's effective through messaging systems because attackers can directly engage with the user, exploiting trust and urgency to increase the likelihood of the victim clicking on malicious links.
How can attackers use files as threat vectors?
-Attackers can hide malicious code within files like PDFs, Office documents, or even images. For instance, PDF files may contain hidden scripts or macros, while image files like SVGs can embed JavaScript or HTML code, which may execute when viewed in a browser, leading to potential malware infections or other security breaches.
What role do USB drives play in physical threat vectors?
-USB drives can serve as physical threat vectors when attackers use them to introduce malware into secure systems. In a tactic called 'USB drop attacks,' attackers leave infected USB drives in public places, hoping that someone will plug them into their system, thus enabling the malware to spread. Modified USB drives can even act as keyboards, typing commands directly into a computer.
What is the risk of using outdated or unsupported systems in a network?
-Outdated or unsupported systems are a significant security risk because they no longer receive security patches from manufacturers, making them vulnerable to known exploits. Attackers often target these systems because they are easier to compromise, as they lack the latest protections against new threats.
Why is regular patching and software updates important for network security?
-Regular patching and software updates are crucial because they address known vulnerabilities and fix security flaws in software. Attackers often exploit these vulnerabilities to gain unauthorized access to systems, and without timely updates, systems remain at risk of being breached.
What is the difference between WPA2 and WPA3 encryption, and why is WPA3 preferred?
-WPA2 and WPA3 are encryption protocols used to secure wireless networks. WPA3 is the latest version and provides stronger security than WPA2, offering improved protection against brute force attacks and stronger encryption. It's recommended to upgrade to WPA3 to mitigate the risks associated with outdated protocols like WPA2.
What is social engineering, and how do attackers use it to breach systems?
-Social engineering is a manipulation technique where attackers exploit human psychology to deceive individuals into divulging confidential information or performing actions that compromise security. Examples include phishing emails, vishing (voice phishing), and impersonating trusted figures or organizations to gain access to sensitive systems.
How can supply chain vulnerabilities serve as a threat vector?
-Supply chain vulnerabilities occur when attackers gain access to a target’s infrastructure through a third-party vendor. For example, in the 2013 Target breach, attackers compromised an HVAC contractor’s network to infiltrate Target’s systems. Attackers can exploit weaker security practices at third-party vendors to gain indirect access to larger networks.