![]() ![]() The attack is executed via malware embedded in advertisements on websites. Drive-by downloads, which take advantage of vulnerabilities in web browsers, inject malicious code using JavaScript and other browsing features. A user views a website that triggers a malware download this can happen without the user's knowledge. ![]() This type of incident stems from the violation of an organization's acceptable-use policies by an authorized user. A hacker entices the recipient to either click on a link that takes him to an infected website or to open an infected attachment. The attack is executed via an email message or attachment to an email. The attack is executed from a website or web-based application. This type of attack uses brute-force methods to compromise, degrade or destroy networks, systems or services. ![]() The attack is executed from removable media - e.g., CD, flash drive or a peripheral device. The exception is deception, which is when a human operator is fooled into removing or weakening system defenses.Īlthough organizations should be able to handle any incident, they should focus on handling incidents that use common attack vectors. All of these methods involve programming - or, in a few cases, hardware. Attack vectors enable hackers to exploit system vulnerabilities, including human operators.Īttack vectors include viruses, email attachments, webpages, pop-up windows, instant messages, chat rooms and deception. Download now Common attack vectorsĪn attack vector is a path or means by which a hacker can gain access to a computer or network server to deliver a payload or malicious outcome. Use this as starting point for developing an IRP for your company's needs. Your Editable Incident Response Plan (IRP) Template It's one of the main ways malware ensures it remains in the infected system. This happens mostly when malware infects Windows systems. This could be unexpected redirects, changes in the browser configuration or repeated pop-ups. These include user account lockouts, password changes or sudden changes in group memberships. These can be considered suspicious because of their file names, sizes or locations, which indicate the data or logs may have been leaked. The same is true of scheduled tasks that have been added. Changes that haven't been approved, including reconfiguration of services, installation of startup programs or firewall changes, are a sign of possible malicious activity. An increase in the performance of server memory or hard drives may mean an attacker is accessing them illegally. Administrators should investigate any traffic to unknown networks to ensure it's legitimate. For a company that only operates in one country, any traffic sent to other countries could indicate malicious activity. Traffic sent to or from unknown locations.This could include insiders uploading large files to personal cloud applications downloading large files to external storage devices, such as USB flash drives or sending large numbers of email messages with attachments outside the company. ![]() Organizations should monitor for traffic leaving their perimeters as well. It's not just traffic that comes into a network that organizations should worry about.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |