Security + Domain 2

1
learntorise
2
2.1 UNDERSTANDING THREAT ACTORS AND MOTIVATIONS
Nation-State Government agency gathering
intelligence Unskilled Attacker Teenager using
hacking tool Hacktivists Group hacking a
website
THREAT ACTORS
Insider Threat Employee leaking sensitive
data Organized Crime Criminal groups deploying
ransomware Shadow IT Employee using
unauthorized app
www.infosectrain.com
3
2.1 UNDERSTANDING THREAT ACTORS AND MOTIVATIONS
ATTRIBUTES OF ACTORS
Internal/External Insiders or external cyber
attackers
Resources/Funding Self-funded hackers to
state-sponsored
Level of Sophistication/Capability Unskilled
attackers to nation-states
www.infosectrain.com
4
2.1 UNDERSTANDING THREAT ACTORS AND MOTIVATIONS
MOTIVATIONS OF THREAT ACTORS
Data Exfiltration Stealing sensitive
information Espionage Covert operations for
strategic gains Service Disruption Disrupting
services, like DDoS attacks Blackmail Blackmail
Extortion using stolen data Financial Gain
Cybercrime for monetary benefits
Philosophical/Political BeliefsIdeologically
driven actions, hacktivism Ethical Exposing
wrongdoing for advocacy Revenge Retaliation or
personal vendetta Disruption/Chaos Causing
chaos without specific goals War Cyber warfare
strategies
www.infosectrain.com
5
2.2 COMMON THREAT VECTORS AND ATTACK SURFACES
Email Phishing mimicking legitimate entities
SMS Smishing attacks via text messages Instant
Messaging Malware through messaging links
Message-based
Image-based (Steganography) Code hidden in
images File-based (Documents/PDFs) Malware in
files activated on access Voice Call (Vishing)
Fraudulent calls for information Removable
Device (USB Drives) Malware transfer via USB
drives
THREAT VECTORS
Vulnerable Software Exploits in outdated
applications Unsecure Networks Open Wi-Fi,
unsecured Bluetooth, and physical network
vulnerabilities Open Service Ports (FTP Ports)
Exploited open ports for malware Default
Credentials Default usernames/passwords
exploited Supply Chain Attacks on vendors and
suppliers
www.infosectrain.com
6
2.2 COMMON THREAT VECTORS AND ATTACK SURFACES
ATTACK SURFACES Phishing/Vishing/Smishing
Deceptive methods exploiting psychology Misinform
ation/Disinformation Manipulating with false
information Impersonation Pretending to be
someone else Business Email Compromise (BEC)
Impersonating email for fraud
HUMAN VECTORS/SOCIAL ENGINEERING
Pretexting Fabricated scenarios for
information Watering Hole Infecting commonly
visited sites Brand Impersonation Mimicking
brands to mislead Typosquatting Exploiting
typos for redirection
www.infosectrain.com
7
2.3 TYPES OF VULNERABILITIES
SQL Injection
Application Vulnerabilities
XSS Insecure Direct Object References
Memory Injection
TYPES OF VULNERABILITIES
Memory Buffer Issues
Buffer Overflow Time-of-Check (TOC) State
changes after checking Time-of-Use (TOU) Status
changes before utilization
Race Conditions
Malicious Updates Compromised software
updates Web-Based Security weaknesses in web
apps SQL Injection Manipulates SQL
queries Cross-Site Scripting (XSS) Injects
malicious scripts Firmware Firmware Outdated
firmware risks Hardware End-of-Life/Legacy
Unsupported hardware vulnerabilities Virtualizatio
n Escape VM to host system Cloud-Specific
Misconfigurations, insecure APIs, shared risks
www.infosectrain.com
8
2.3 TYPES OF VULNERABILITIES
TYPES OF VULNERABILITIES
Supply Chain Vulnerabilities insupply
network Cryptographic WeaknessesUse of weak
algorithms or keys
Misconfiguration Incorrect system or network
settings
Mobile Device Vulnerabilities Risks in mobile
devices Zero-Day Unknown, exploited
vulnerabilities
www.infosectrain.com
9
2.4 INDICATORS OF MALICIOUS ACTIVITY
Malware Attacks Malicious software compromising
systems
MALICIOUS ACTIVITY INDICATORS

• Physical Attacks Direct physical access attempts
• DDoS (Distributed Denial-of-Service)
• Overloading services with traffic
• DNS Attacks Manipulating domain name resolutions
• Wireless Attacks Exploiting wireless network
  vulnerabilities
• Network Attacks
• Man-in-the-Middle Attacks Intercepting
  communication between parties
• Credential Replay Reusing captured
  authentication credentials
• Malicious Code Injecting harmful scripts/code

www.infosectrain.com
10
2.4 INDICATORS OF MALICIOUS ACTIVITY
Injection Injecting malicious input data
MALICIOUS ACTIVITY INDICATORS
Buffer Overflow Overloading memory buffers
Application Attacks
Replay Reusing valid data transmissions
Privilege Escalation Gaining unauthorized access
levels Forgery Forgery Faking data or
identities Cryptographic Attacks Breaking
encryption to steal data Password Attacks
Exploiting weak or stolen passwords Indicators
of Malicious Activities Signs of harmful actions
www.infosectrain.com
11
2.5 MITIGATION TECHNIQUES USED TO SECURE THE
ENTERPRISE
Segmentation Divide network into segments
Application Allow List Permit specific applicatio
ns only
MITIGATION TECHNIQUES
Access Control
Isolation Separate systems for
security Patching Update software to fix
vulnerabilities
Monitoring Track activities for anomalies
Least Privilege Minimum access necessary
principle Configuration Enforcement Ensure
consistent settings compliance Decommissioning
Retire outdated systems securely
www.infosectrain.com
12
2.5 MITIGATION TECHNIQUES USED TO SECURE THE
ENTERPRISE
Encryption Secure data through encryption
HARDENING TECHNIQUES
Default Password Change Replace factory-set
passwords
Installation of Endpoint Protection Install
security software on devices
Host-based Firewall Protect devices with
firewalls Host-based Intrusion Prevention
System Prevent attacks on individual
hosts Disabling Ports/Protocols Turn off unused
ports/protocols
www.infosectrain.com
13
FOUND THIS USEFUL?
To Get More Insights
Through Our FREE
Courses Workshops eBooks Checklists Mock
Tests
LIKE
FOLLOW
SHARE