2.2.1 Message-Based Vectors
Email, SMS, IM.
Message-based vectors are communication channels used by threat actors to deliver malicious payloads, steal credentials, or manipulate users through human and technical vulnerabilities.
Common Message Vectors - Email: The most ubiquitous vector for phishing, malware delivery, and business email compromise (BEC). Attackers often leverage email’s inherent lack of default authentication. - SMS (Short Message Service): Used for "smishing" attacks where malicious links or fraudulent urgent requests are sent to mobile devices. - IM (Instant Messaging): Attacks via platforms like Slack, Teams, or WhatsApp that exploit the "trusted" nature of internal or social communications to bypass security filters.
Ensuring Message Integrity and Authenticity Because message-based vectors are easily spoofed, organizations use cryptographic methods to secure the content: - Hashing: Algorithms like SHA-512 generate a unique digital fingerprint. If the hash of the received message matches the sender’s hash, integrity is confirmed; any "bit-flipping" or tampering results in a mismatch. - HMAC (Hash-based Message Authentication Code): Combines a hashing algorithm (MD5, SHA-1, or SHA-256) with a symmetric secret key. This provides both integrity and authenticity, as only those with the key can generate the correct MAC. - Asymmetric Encryption (PKI): To provide confidentiality in messaging, a sender encrypts data with the recipient's public key. The recipient then decrypts it with their matched private key. - Digital Signatures: A sender hashes a message and encrypts the hash with their own private key. The recipient uses the sender's public key to verify the signature, ensuring non-repudiation.
Key Management Challenges - Symmetric Limitations: Symmetric encryption requires both parties to share the same key. This does not scale well; for N users, N(N-1)/2 keys are needed. - Key Exchange: Sending a secret key via email or IM is insecure. Secure alternatives include out-of-band exchange (e.g., physical USB) or using asymmetric methods (like Diffie-Hellman) to establish a session key.
Exam Tips - Smishing/Vishing: SMS and voice-based social engineering keywords often appear alongside message vector questions. - Integrity vs. Authenticity: Hashing alone proves integrity (nothing changed). HMAC or Digital Signatures prove authenticity (who sent it). - Encryption Logic: Remember: Public key = used to encrypt or verify. Private key = used to decrypt or sign. - Scalability: If an exam question mentions thousands of users needing secure communication, asymmetric (Public Key) is the answer, not symmetric.