Systems and Security : Attacks, Threats, and Vulnerabilities

Vectors

1. Direct access
2. Wireless
3. Email
4. Supply chain
5. Social media
6. Removable media
7. Cloud

Vectors refer to the methods or channels through which a cyber attack can be launched. Some of the commonly used vectors are:

1. Direct access: This vector involves unauthorized access to a system or network through direct means such as a remote desktop connection, a virtual private network (VPN) connection, or physical access to a device.

2. Wireless: This vector involves accessing a network through wireless means such as Wi-Fi, Bluetooth, or NFC.

3. Email: This vector involves sending malicious emails to the target, which can contain phishing links, attachments, or malicious codes.

4. Supply chain: This vector involves compromising a vendor or third-party software to gain access to the target.

5. Social media: This vector involves using social media platforms to spread malicious content or steal sensitive information.

6. Removable media: This vector involves spreading malware through removable media such as USB drives, CDs, or DVDs.

7. Cloud: This vector involves compromising cloud-based systems, applications, or services.

Threat intelligence sources

1. Open-source intelligence (OSINT)
2. Closed/proprietary
3. Vulnerability databases
4. Public/private information
5. Sharing centers
6. Dark web
7. Indicators of compromise

Threat intelligence sources refer to various types of information and resources that organizations use to stay informed about the evolving threat landscape, identify and respond to potential cyber threats.

1. Open-source intelligence (OSINT): publicly available information collected from open sources like news, social media, and government websites.

2. Closed/proprietary: information gathered and analyzed by security vendors and other organizations, which is not available to the public.

3. Vulnerability databases: sources of information that provide details about known security vulnerabilities in various software and systems.

4. Public/private information-sharing centers: organizations or networks that allow for the sharing of cyber-security information among its members.

5. Dark web: a part of the internet that is not indexed by search engines and is used for illegal activities like cyber-crime, fraud, and the sale of illegal goods and services.

6. Indicators of compromise: specific information or signs that indicate that a system or network has been compromised or is at risk of compromise.

Automated Indicator Sharing (AIS)

Structured Threat Information eXpression (STIX)/Trusted
Automated eXchange of Intelligence Information (TAXII)

Automated Indicator Sharing (AIS) and Structured Threat Information eXpression (STIX)/Trusted Automated eXchange of Intelligence Information (TAXII) are threat intelligence sources that provide organizations with information on threats and vulnerabilities. AIS and STIX/TAXII are used to automate the sharing of threat intelligence data between organizations, providing a centralized and structured format for exchanging information on security incidents, threats, and vulnerabilities. This helps organizations to better understand and respond to the evolving threat landscape, as well as to detect and prevent attacks.