Common Threat Vectors and Attack Surfaces - 2.2
Technology Vectors
Message-Based
Threats delivered through messaging platforms.
- Short Message Service (SMS)
- Instant Messaging (IM)
Image-Based
Malicious content embedded within images.
File-Based
Threats delivered via infected or malicious files.
Voice Call
Attacks conducted through voice communication channels.
Removable Devices
Threats introduced via USB drives, CDs, or other portable media.
Vulnerable Software
Exploiting weaknesses in software applications.
- Client-Based: Vulnerabilities in client-side applications.
- Agentless: Systems without security agents installed.
Unsupported Systems and Applications
Using outdated systems that no longer receive security updates.
Unsecured Networks
Networks lacking proper security measures.
- Wireless
- Wired
- Bluetooth
Open Service Ports
Exposed network ports that can be exploited by attackers.
Default Credentials
Using default usernames and passwords, making systems vulnerable.
Supply Chain
Threats originating from third-party partners and vendors.
- Managed Service Providers (MSPs)
- Vendors
- Suppliers
Human Vectors / Social Engineering
Phishing
Fraudulent attempts to obtain sensitive information via email.
Vishing
Phishing attacks conducted through voice calls.
Smishing
Phishing attacks conducted via SMS messages.
Misinformation/Disinformation
Spreading false information to deceive or manipulate.
Impersonation
Pretending to be someone else to gain unauthorized access.
Compromised Email
Using a hacked email account to send malicious content.
Pretexting (Cover Story)
Creating a fabricated scenario to steal information.
Watering Hole
Compromising websites frequently visited by target groups.
Brand Impersonation
Imitating a trusted brand to deceive users.
Typosquatting
Registering misspelled domain names to trick users into visiting malicious sites.