Hi, folks, I would like to present my chart of the most common attack vectors in 2022. The article follows my research started in Top 10 cloud attack threads and vectors
| Attack vectors | Symptoms | Removing | Mitigation |
| Malware infection | Hard drive or files are not accessible New file and folders System restore is not function | Quarantine the infected systems Disable System Restore (if using a Windows machine) Remediate the infected system Schedule automatic updates and scans Enable System Restore and create a new restore point Provide end user security awareness training If a boot sector virus is suspected, reboot the computer from an external device and scan it | Scanners to detect a file containing a rootkit before it is installed Verify your email servers aren’t configured as open mail relays or SMTP open relays Remove email addresses from website Use whitelists and blacklists Train and educate end users |
| Data loss and exfiltration | Insufficient data traffic spikes Incsiased number of requests to uninedified endpoint Unrecognized usb or network devices | Identify and block insufficient process or user Provide full forensics | Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data Technical limitations placed on a system in regards to the utilization of USB storage devices and other removable media Create administrative controls such as policies Encryption scrambles data into unreadable information Self-Encrypting Drive (SED) Use data loss prevention (DLP) system |
| Mobile device and app | Device is stolen New unrecognized device detected Attempt to log in from insufficient location or device | Isolate device from network Provide full investigation Hardening of mobile device | Creating a clear separation between personal and company data on a single device Centralized software solution for remote administration and configuration of mobile devices with MDM MFI and conditional logging Choose Your Own Device (CYOD) instead of Bring Your Own Device (BYOD) Security policy for mobile devices |
| Misconfigurations | Insufficient number of connection Unrecognized ports opened Disabled anti-virus or monitoring service Spike in ICMP calls A number of not complete handshake | Block insufficient inbound/outbound ports Restrict access to the system Enable logging and monitoring | Restrict access to inbound/outbound ports Use secret management Block ICMP protocol Automated backup in secure location Could storage access control with principal of least privileges Use TLS 1.2 or higher Restrict access to VMs, containers and hosts by policies and managed identity Prevent Cross Site Scripting (XSS) and cross site request forgery (CSRF) |
| Man-in-the-middle | Pop-ups or captive portal pages asking for credentials Login pages appear that don’t look legitimate Fake software update pop-ups Certificate error messages Rogue access point (AP) APs with the same name ARP or DNS cache tables contains unknown hosts DHCP request flooding | Locate and isolate unknown device Restore/rebuild cache tables Blacklists specific endpoint or addresses Provide full forensics | Use HTTPS or VPN connection outside of office Multi-factor authentication (MFI) Periodical audit all of network devices Force AP secure connection Use WPA2 Connect to known vendors/track supply chain Train and educate end users |
What is your opinion?
Please comment me back,
be ethical,
save your privacy!