Common Threat Vectors

Managed-based Vectors

• Malicious Links

• SMS

• Phishing

  • Social Engineering

Image-based Vectors

• Inject code in SVG images (XML)

• Avoid by using input validation

  (Stops malicious code)

File-based Vectors

• Adobe PDF

  • Contains other objects

• Zip/Rar files

  • May contain more bad files

• Microsoft Office

  • Macros to grab personal info / add files

Voice Call Vectors

• Vishing

• Spam over IP (Spam Calls)

• Ware Dialing

  • Finding unpublished numbers to give access to systems

• Call Tampering (DOS attack)

Removable device Vectors

• USB

  • Malicious software

  • Bypass firewall

  • Data extraction

  • Act as keyboard

Client-based Vulnerable Software Vectors (USER)

• Infected executable

• Require constant updates

Agentless Vulnerable Software Vectors (Non-EXE)

• Compromised software

Unsupported Systems vectors

• Patching

• Outdated OS

• Single System

Unsecure Network Vectors

• Wireless Security Protocol

  • WEP, WPA, WPA2 = OUTDATED

  • WPA3 = Up to Date

• Wired

  • 802.1x = Good authentication protocol

Open service ports

• Use firewall to track open ports

• 3rd party may be able to gain access through app vulnerability

Default Credentials

• Change Default Credentials (IOT Devices)

Supply Chain Vectors

• Tamper with manufacturer devices

• Gain access to network using vendor

• Fake equipment