This chapter covers the second objective in Domain 2.0 Threats, Vulnerabilities, and Mitigations of the CompTIA Security+ exam.

In this chapter, we will look at the common threat vectors that we face in everyday life and how best to secure corresponding attack surfaces within our network against those threats. This will include an exploration of unsecure networks, both wired and wireless, vulnerabilities from points such as service ports, default credentials, and the supply chain, as well as attacks emerging from human vectors such as phishing, impersonation, misinformation, and social engineering.

This chapter will give you an overview of why companies rely on these processes to keep their environment safe and ensure you are prepared to successfully answer all exam questions related to these concepts for your certification.

Note

A full breakdown of Exam Objective 2.2 will be provided at the end of the chapter.

Message-based vectors encompass a wide array of attack methods, from email phishing to SMS scams and even social media messaging. What sets them apart is their use of seemingly benign communication platforms as vehicles for malicious payloads. Attackers leverage our trust to exploit our defenses.

These vectors include the following:

• Email: This essential tool in modern communication conceals a trove of cyber threats. However, its guise as a benign communication medium is far from the truth. Phishing emails present themselves as legitimate correspondence while harboring malevolent intent. These emails manipulate users into opening the emails or clicking on malicious links, inadvertently opening the door to data breaches, malware injections, and financial harm.
• Short Message Service (SMS): As our reliance on mobile devices continues to grow, SMS vulnerabilities emerge as a prominent threat. While SMS may appear innocuous, its role in delivering sensitive...

Images can carry more than meets the eye. Cyber attackers exploit image-based vulnerabilities to embed harmful code or links. These seemingly harmless images can lead to unauthorized access, ransomware attacks, and system compromises. Guarding against image-based attacks necessitates advanced image analysis tools to unveil concealed code or malware, thus ensuring your digital landscape remains immune to visual manipulation.

Files, our digital couriers, can unwittingly transport threats. Malicious files exploit software vulnerabilities, launching cyber-attacks when opened. These files execute harmful code, enabling hackers to breach systems, steal data, or gain control remotely. We can defend against file-based attacks by implementing vigilant file screening and attachment blocking to preemptively intercept threats before they breach our company’s network.

Voice calls, an essential mode of communication, present their own set of vulnerabilities. Attackers can manipulate voice calls to deceive users into revealing personal information, gaining unauthorized access, or perpetrating financial fraud. An example of this is caller ID spoofing, in which the attacker ingeniously disguises the true origins of a call, making it look like someone else is contacting you. This allows cyber adversaries to manipulate trust and engineer deceptive conversations. Another example is vishing, with which you are made to think you are speaking to a legitimate entity and subsequently tricked into revealing sensitive information over the phone. These attackers could also leave a voicemail.

Removable devices, from USB drives to external hard drives, offer a convenient means of data transfer. However, these seemingly innocuous devices can serve as conduits for malware transmission. When introduced into a network or system, infected removable devices can spread malware, compromise security, and enable unauthorized access.

In an example of this form of attack, a malicious USB drive can be dropped in a reception area where it can be easily found, and when the unsuspecting finder plugs the USB into their computer to trace its owner, they unknowingly trigger a file housing malicious code. This code, once activated, grants the attacker control over the victim’s computer. Any USB files that are found should be given to the security team, who will open it up in a sandbox, preventing any malicious code from executing on the network.

Vulnerable software refers to computer programs or applications that possess weaknesses or flaws that can be exploited by malicious actors to gain unauthorized access, compromise data, or disrupt system functionality. These vulnerabilities often arise from coding errors, design flaws, or outdated components within the software, making it susceptible to various cyber threats such as viruses, malware, and cyberattacks.

To mitigate the risks associated with vulnerable software, regular security updates, patch management, and adherence to best coding practices are essential. Failure to address these vulnerabilities can lead to serious consequences, including data breaches, financial losses, and reputational damage for organizations and individuals alike. Therefore, identifying and addressing vulnerable software is crucial in maintaining a secure and resilient digital ecosystem.

When looking at vulnerable software scanning, one crucial aspect is the identification...

Vulnerabilities of unsupported systems and applications, including legacy and third-party software, are prime targets for malicious actors. The risks associated with these outdated software components can be fertile ground for potential cyber threats. Hackers are adept at exploiting known vulnerabilities to which patches or updates have not been applied. By targeting these software gaps, attackers can gain unauthorized access, exfiltrate sensitive data, or launch large-scale attacks such as ransomware infections.

Unsecured networks are vulnerable as they allow unauthorized users to connect. Nowadays, we use various network technologies, including wireless, wired, and Bluetooth connections, which can act as potential gateways for threats that jeopardize our data and privacy. These are further described below:

• Wireless networks: A wireless network using open system authentication lacks encryption. This means that any data exchanged between a guest’s device and a hotel’s network, for instance, is sent in plain text that cybercriminals with the right tools can intercept to eavesdrop on this data, potentially accessing sensitive information such as login credentials, personal messages, and financial details. Strategies to protect wireless networks include using encryption and disabling the broadcast of the service set identifier (SSID), which acts as the network’s name. By disabling this broadcast, network administrators obscure the network’s...

A supply chain is the transformation of raw materials into finished products and making them available to consumers. A supply chain comprises suppliers, manufacturers, distributors, and retailers, ensuring products journey seamlessly from creation to consumption. Companies engage in this process through procurement. In procurement management, it proves beneficial to classify various types of connections. The following list compares the different parties in supply chain management:

• Managed service providers (MSPs): An MSP is a third-party organization that fulfills all of a company’s IT needs. A single compromise within an MSP’s infrastructure can ripple across multiple clients, leading to cascading breaches. To mitigate this risk, organizations should demand stringent security standards from their MSPs, including regular audits, robust access controls, and a commitment to promptly patch any vulnerabilities.
• Vendors: The relationships between organizations...

In the realm of human vectors and social engineering, attackers exploit the vulnerabilities of human psychology to breach digital defenses. We could call this “hacking the human” as the attacker tries to catch their victim off guard. The hacker manipulates the victim by appealing to desires based on money or security or pretending to be a person or company the victim trusts to gain unauthorized access or information.

The following list describes the tactics that cybercriminals employ to manipulate and deceive and explores the strategies we can adopt to outwit these psychological manipulations:

• Phishing: Phishing is an untargeted attack in which deception plays a major part. Using seemingly genuine emails, messages, or websites, attackers cast their nets wide, aiming to lure recipients into divulging personal data, passwords, or financial details. Attackers capitalize on human curiosity, urgency, and trust, often leading recipients...

This chapter covered common threat vectors and attack surfaces, ranging from message-based vectors to voice calls. We then reviewed several types of unsecure networks and considered the threat posed by supply chain attacks, including social engineering attacks such as phishing and brand impersonation.

The knowledge gained in this chapter will prepare you to answer any questions relating to Exam Objective 2.2 in your CompTIA Security+ certification exam.

The next chapter of this book is Chapter 7, Explain various types of vulnerabilities.

Explain common threat vectors and attack surfaces.

• Message-based:
  • Email: Phishing, malicious attachments
  • Short Message Service (SMS): Text-based scams, malicious links, and smishing
  • Instant messaging (IM): Chat-based phishing, malware distribution, and social engineering
• Image-based: Malware hidden in images, steganography
• File-based: Malicious files, trojans, ransomware distribution
• Voice call: Vishing, social engineering via voice
• Removable device: Malware on USBs, data theft
• Vulnerable software: Exploiting software vulnerabilities for attacks
  • Client-based versus agentless: Attack methods based on client software
• Unsupported systems and applications: Attacks targeting outdated software, OS
• Unsecure networks: Exploiting weak Wi-Fi, wired connections
  • Wireless: Hacking via Wi-Fi networks, Bluetooth
  • Wired: Attacks on physically connected systems
  • Bluetooth: Exploiting device connections, data interception
• Open service ports: Exploiting...

The following questions are designed to check that you have understood the information in the chapter. For a realistic practice exam, please check the practice resources in our exclusive online study tools (refer to Chapter 29, Accessing the online practice resources for instructions to unlock them). The answers and explanations to these questions can be found via this link.

1. You receive an email claiming to be from the IRS (Internal Revenue Service) informing you of a tax refund. The email contains a link to a website where you can claim the refund by providing your personal and financial information. You provide this information, but an hour later your bank account has been emptied. What type of attack is this most likely to be?
   1. Spear phishing
   2. Phishing
   3. Smishing
   4. Vishing
2. You are working for a government agency and have been tasked with sending data to a field operative. You decide to hide a secret message inside a pretty picture that you attach to a...