1. Home
  2. Training Library
  3. Information Life Cycle [CISMP]

Threat vectors

Contents

keyboard_tab
Agent Smith
1
Malicious code, attacks and threats
Non-technical controls
Top ten threats

The course is part of this learning path

Threat vectors

Before malicious software infects a computer, it needs to find its way into the system.

The route it takes is called a threat vector. There are many different threat vectors and it’s important you know what they are. So, how many do you know? Make a quick list before reading on and checking your ideas.

What are the types of threat vector?

Diagram: Five types of threat vector: a Compromised site, installing infected media, downloading software, email attachments, and ethernet, wireless and Bluetooth connections.

Figure 1:Threat vectors

Visiting a compromised or malicious website

There are a few ways that visiting a site could lead to infection, such as:

  • A program automatically downloading in the background.
  • A malicious script running to steal information or redirect to other sites.

Downloading or installing software

You may unwittingly install malicious software that presents itself as legitimate. As a rule, you should only download software from legitimate and trusted sources, or trusted vendors, who have some liability and a privacy statement.

Installing infected media

This might be through an infected program on a USB drive. For example, someone might think they’re only copying a document from the removable drive to their computer. But, because of the autorun feature on the operating system which executes when removable media is connected to Windows, a malicious piece of software is executed. These types of infections can occur with any kind of removable media, like CDs, DVDs, back-up tapes and portable hard drives.

Opening email attachments

An email attachment can contain malicious software, that, when run, will infect a computer system. Care should be taken to ensure that any attachment doesn’t include a macro virus or that a downloaded link doesn't have a virus embedded within it.

Through ethernet, wireless and Bluetooth connections

PCs, Apple Macs, tablets, and mobile phones support multiple forms of communication. If all these communications services are turned on, an attacker could target the system even when it’s not being used.

For example, if Wi-Fi is turned on, the computer might act as a wireless access point for others to access the network. An attacker might break into the device over Bluetooth and then move from there into the corporate network over the LAN.

What’s next?

What steps could you take to secure these threat vectors? You’re going to explore some possible counter measure next so see if you recognise any of your ideas.

Difficulty
Beginner
Duration
36m
Description

In this course on malicious software, you will learn about the various types of malicious code in detail, contrast the different types before looking at look at the countermeasures used to combat them. You’ll also encounter non-technical controls and see the OWASP top 10 security threats.

About the Author
Students
22032
Labs
103
Courses
739
Learning Paths
42

A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.