(2) Endpoint Threats and Attack Vectors

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/21

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 1:54 PM on 5/26/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

22 Terms

1
New cards

Software-Based Threats

❑ Virus ❑ Worm ❑ Trojan❑ Ransomware ❑ Spyware

2
New cards

Hardware-Based Threats

❑ Malicious ❑ Juice Jacking ❑ Supply Chain Attacks

3
New cards

Malware

Malicious code designed to infect a system

4
New cards

Ransomware

specifically encrypts files and demands payment for the decryption key.

5
New cards

Virus

Attaches to legitimate file and Attaches to legitimate file

6
New cards

Worm

Self-replicates automatically

7
New cards

Trojan

Disguised as legitimate software

8
New cards

Ransomware

Demands payment

9
New cards

Spyware

Steals sensitive data

10
New cards

Malicious USB Devices

Attackers leave "lost" USB drives in public areas. Once plugged in, these can act as a "Human Interface Device" (HID) to inject keystrokes or install backdoors.

11
New cards

Juice Jacking

Compromised public USB charging stations can secretly steal data or install malware while the device is charging

12
New cards

Supply Chain Attacks

This occurs when a component (like a microchip or firmware) is tampered with during the manufacturing or shipping process before it even reaches the end-user.

13
New cards

Insider Threats

originates from within the organization being targeted. Unlike external hackers who must "break in," an insider already has legitimate access to the network, applications, or physical facilities

14
New cards

Phishing/Smishing

Emails or SMS messages designed to look like they are from a trusted source, tricking users into clicking malicious links or providing credentials

15
New cards

Business Email Compromise (BEC)

tacker poses as a high-level executive or a known vendor to trick an employee into transferring funds or sensitive data

16
New cards

Pretexting

An attacker creates a fabricated scenario (e.g., "I'm from the IT help desk and we need to reset your password") to gain access to a system

17
New cards

Tailgating

A physical threat where an unauthorized person follows an employee into a restricted area or a secure office

18
New cards

Man-in-the-Middle (MitM)

An attacker intercepts communication between the endpoint and the server. This is common on unsecured public Wi-Fi.

19
New cards

Rogue Access Points

Attackers set up a Wi-Fi network with a name similar to a legitimate one (e.g., "Airport_Free_Wifi"). When users connect, all their traffic is visible to the attacker.

20
New cards

DNS Hijacking

Redirecting a user's traffic from a legitimate site to a malicious one by compromising the DNS settings on the endpoint or the router

21
New cards

Unsecured IoT Connections

Smart devices (printers, cameras, sensors) often have weak default security, serving as an easy entry point into the wider network

22
New cards

Defense-in-Depth for Endpoints

Protection layers: ❑User awareness training ❑Email filtering ❑Antivirus ❑EDR (Endpoint Detection and Response) ❑Firewall ❑Encryption ❑Monitoring No single tool is enough.