Threats, Vulnerabilities and Mitigations
Threats, Vulnerabilities, and Mitigations
All you must know about threat actors, threat vectors, vulnerabilities, indicators of malicious activity, and threat mitigation techniques are in this Domain.
| Concept | Description |
| Threat actor | Vulnerability exploiter.Attributes: ā¢ Internal/external ā¢ Resources/funding ā¢ Level of sophistication/capability Motivations: ā¢ Data exfiltration ā¢ Espionage ā¢ Service disruption ā¢ Blackmail ā¢ Financial gain ā¢ Philosophical/political beliefs ā¢ Ethical ā¢ Revenge ā¢ Disruption/chaos ā¢ War |
| Nation-state threat actor/state actor | Foreign government agent |
| Unskilled attacker/script kiddie | Executor of pre-made programs |
| Hacktivist | Politically motivated agent |
| Insider threat | Saboteur inside an organization |
| Organized crime | Profit-driven agent with intent to blackmail |
| Shadow IT | IT systems deployed without the central IT departmentās oversight |
| Malware attacks | ā¢ Virus ā¢ Worm ā¢ Trojan ā¢ Rootkit ā¢ Keylogger ā¢ Spyware ā¢ Bloatware ā¢ Ransomware ā¢ Logic bomb |
| MSP | Managed service provider |
| Social engineering | Principles (reasons for effectiveness): ā¢ Authority ā¢ Intimidation ā¢ Consensus ā¢ Scarcity ā¢ Familiarity ā¢ Trust ā¢ Urgency |
| Phishing attack | By email; single target |
| Vishing attack | By telephone or voicemail |
| Smishing attack | By SMS text message |
| Misinformation/disinformation | Exploitation of human vulnerabilities |
| Impersonation, identity fraud/theft | Attacks using stolen credentials or personal information |
| Business email compromise | Impersonate trusted leadersĀ to trick employees into sending money or data or granting privileged access |
| Pretexting | Digital gunpoint with the ransom being oneās private information |
| Watering hole | Infect a trusted website |
| Brand impersonation | Pose as a trusted brand to dupe victims and steal their data |
| Typosquatting | Attacks using mistyped web addresses |
| TOC | Time-of-check |
| TOU | Time-of-use |
| SQLi | Structured Query Language injection |
| XSS | Cross-site scripting |
| Memory injection | Injecting malicious code into memory to execute unauthorized commands |
| Buffer overflow | Amount of data in the buffer exceeds its storage capacity |
| Malicious update | Harmful code disguised as a legitimate software update |
| Side loading | Installing mobile apps from sources outside official app stores |
| Jailbreak | Bypassing inbuilt security restrictions in mobile devices to install unauthorized software |
| Agentless | Without requiring the installation of dedicated software agents |
| End-of-life | No longer supported by the vendor |
| Virtual machine (VM) escape | Malicious code running inside a VM gains unauthorized access to the host operating system or other VMs on the same physical server, thus potentially controlling all |
| Race condition | A vulnerability in which multiple process threads āraceā against each other to access/change the data simultaneously, leading to unpredictable and potentially harmful outcomes |
| Amplified network attack | Generate such a large volume of traffic that it disrupts normal traffic to a web property; includes DDoS attack |
| Reflected network attack | Flood a victimās system with traffic by leveraging the responses from a third-party server |
| Radio frequency identification (RFID) cloning | Tamper with access control, authentication, or sensitive data storage by the unauthorized copying or duplication of the information stored on an RFID tag |
| Distributed denial-of-service (DDoS) attack | Cybercrime; flood a server with internet traffic preventing legitimate users from access |
| Domain Name System (DNS) attack | Exploit vulnerabilities in DNS |
| Wireless attack | Compromise the security of a wireless network such as by exploiting vulnerabilities |
| On-path attack | Eavesdrop; secretly intercept or modify communication between two parties who believe they are communicating directly |
| Replay attack | Intercept data and replay later for gaining unauthorized access or triggering unintended actions |
| Credential replay attack | Intercept and reuse stolen authentication credentials (e.g., usernames, passwords, session tokens) to gain unauthorized access |
| Privilege escalation | Gain unauthorized access to higher-level permissions |
| Forgery attack | Deceive the recipient about the identity of the sender |
| Directory traversal | Access files and directories stored outside the web root folder |
| Downgrade attack | Force a system to use a weaker protocol or encryption method |
| Collision attack | Find two different inputs that produce the same hash value when passed through a cryptographic hash function |
| Birthday attack | Exploits birthday paradox (>50% probability of two people sharing the same birthday in a group of 23 people) to find collisions in hash functions |
| Brute-force attack | Trying character combinations |
| Spraying attack | Trying the same password across different accounts |
| Configuration enforcement | Ensuring hardware/software adherence to predefined security settings and policies |
| Application allow list | Block any application not on the list from running |
| ACL | Access control list |
| Patching | Applying updates or fixes to address bugs and vulnerabilities |
| Least privilege | Only grant the minimum necessary rights to perform designated tasks |
| Decommissioning | Retiring assets from operation, including data sanitization |
| Hardening | Tools and techniques to reduce vulnerabilities in systems, applications, etc. |
| Host-based firewall | Network traffic filter on a single computer/server |
| HIPS | Host-based Intrusion Prevention System |
| HIDS | Host-based Intrusion Detection System |
| Electric Meatball's Digital Garden Home | |
| Terminologyš |