Security+ (SY0-701): Lesson 2: Compare Threat Types

Likelihood/consequence of a threat actor exercising a vulnerability.

To determine the likelihood/imapct that a successful exploit would have.

A weakness that could be triggered accidentally or exploited intentionally to cause a security breach.

Misconfiguration of hardware/software or network device; out-of-date software/firmware; poor network architecture; inadequate policies.

The value of the asset and ease of exploiting the fault.

Attack vector; The potential for someone/something to exploit a vulnerability and breach security intentionally or unintentionally.

Has no authorized access to the target system; Infiltrates the security system using unauthorized access.

Was granted permissions on the system; Typically an employee, contractors or business partners.

Greed/Financial, Curiosity/Chaos, Grievance/Revenge, Political

1. Service Disruption

2. Data exfiltration

3. Disinformation

Type of attack that compromises the availability of an asset or business process.

Process by which an attacker takes data stored in a private network and moves it to an external network without authorization.

Type of attack that falsifies an information resource that is normally trusted by others.

Changing the content of a website; Manipulating search engines to inject fake sites; Using bots to post false information to social media sites.

Threat actor motivated by a social issue or political cause.

Ability of an adversary to achieve ongoing compromise of network security (obtaining and maintaining access).

Threat actor that is supported by the resources of its host country’s military and security services.

Energy, health, and electoral systems/organizations.

Primarily disinformation and espionage for strategic advantage - typically not for financial reason.

Computer hardware, software, or services used on a private network without authorization from the system owner.

Revenge and Financial gain.

State actors, organized crime, and competitors.

All the points at which a malicious threat actor could try to exploit a vulnerability.

Any location or method where a threat actor can interact with a network port, application, computer, or user.

Restricting access so that only trusted endpoints, protocols/ports, and services are permitted.

A specific path a threat actor uses to gain unauthorized access to a system.

Contains a flaw in its code or design that can be exploited to circumvent access control or to crash the process.

System/Application whose vendor no longer develops updates and patches for the product.

1. Remote

2. Local

An exploit performed by sending code to the target over a network and does not depend on an authenticated session with the target to execute.

The exploit code must be executed from an authenticated session on the computer; Threat actor needs to use some valid credentials or hijack an existing session to execute it.

One that lacks the attributes of confidentiality, integrity, and availability.

Unnecessary open ports, weak/no authentication, use of default credentials, or lack of secure communications/encryption.

Allows threat actors to snoop on network traffic and recover passwords or other sensitive information.

Allows threat actors to use unauthorized devices to manipulate traffic/data, run exploit code, or spoof a service.

Threat actors are able to perform service disruption attacks; aka denial of service (DoS) attacks.

Uses an access control framework and cryptographic to identify, authenticate, authorize, and audit network users, hosts, and traffic.

Threat actor uses physical access to the site to perpetrate an attack; Unlocked workstation, boot disk to install malicious tool, stealing a PC/disk drive.

Threat actor accesses a site to attach an unauthorized device to a physical network port.

Attacker obtains credentials for remote access or wireless connection to the network or cracks the security protocols used for authentication; Rouge/spoofed APs/Evil Twin APs

Gaining access to a cloud system through an account/service/hose with weak configuration; Potentially attacking a cloud service provider.

Threat actor exploits a vulnerability or misconfiguration to transmit a malicious file to a user's device over Bluetooth.

Attacker gains control of a network device or app because it has been left configured with a default password.

Threat actor is able to establish an unauthenticated connection to a logical TCP or UDP network port.

Entices a victim into interacting with a removable device, file, image, or program that conceals malware.

If the threat actor cannot gain access to run a remote or local exploit directly, a lure might trick a user into facilitating the attack.

Vulnerability management, antivirus, program execution control, and intrusion detection.

Any form of direct messaging; Email, SMS, Instant Messaging (iMessage), Websites/Social Media

End-to-end process of supplying, manufacturing, distributing/providing goods and services to a customer.

Process of ensuring reliable sources of equipment and software

Obtains products directly from a manufacturer to sell in bulk to other businesses; Referred to as business to business (B2B).

Obtains products from suppliers to sell to retail businesses (B2B) or directly to customers (B2C); Might add some level of customization and direct support for the product(s).

Implies a closer relationship where two companies share quite closely aligned goals and marketing opportunities.

Provisions and supports IT resources such as networks, security, or web infrastructure.

Difficult to monitor the MSP; The MSP's employees are all potential sources of insider threat.

-sV

Close the exposed port and configure service encryption if its a necessary service.

Hacking the human; Goal is to deceive unsuspecting users into providing sensitive data or violating security guidelines in preparation for an intrusion or to effect an actual intrusion.

Social engineering attack where an attacker pretends to be someone they are not.

1. Persuasion/liking

2. Coercion/threat/urgency

Social engineering tactic communicating a lie or half-truth in order to get someone to trick a victim; Combination of persuasion and coercion.

Email/SMS based attack that persuades the target into interacting with a malicious resource or providing sensitive data disguised as a trusted source.

A combination of social engineering and spoofing.

A human-based attack where the attacker extracts information over the phone or VoIP.

Impersonation attack that corrupts the name resolution process and redirects users from a legitimate website to a malicious one.

Impersonation and spoofing.

Attacker registers a domain name with a common misspelling of an existing domain, so a user who misspells a URL into a browser is taken to the attacker's website.

Impersonation attack where the attacker gains control of an employee's account and uses it to convince other employees to perform fraudulent actions.

Threat actor accurately duplicates a company's logos and formatting to make a phishing message or pharming website a compelling fake.

Refers to a purposeful motivation to deceive.

Refers to repeating false claims or rumors without the intention to deceive.

Attacker targets specific groups or organizations, discovers which websites they frequent, and injects malicious code into those sites to infect the targets once they interact with the resource.

Spear-phishing attack directed at high-level executives where attackers masquerade as legitimate, known and trusted entities and encourage a victim to share highly sensitive information or to send a wire transfer to a fraudulent account.