Lure-Based Vectors
A lure is an attack type that will entice a victim into using or opening a removable device, document, image, or program that conceals malware.
- target opens the file bait, it delivers a malicious payload hook that:
- give the threat actor control over the system
- or perform service disruption
Common Lures
- Removable Device
- attacker conceals malware on a USB thumb drive or memory card and tries to trick employees into connecting the media to a PC, laptop, or smartphone
- Executable file
- threat actor conceals exploit code in a program file
- e.g., Trojan horse malware
- Document File
- threat actor conceals malicious code by embedding it in word processing and PDF format files
- Image File
- conceals exploit code within an image file that targets a vulnerability in browser or document editing software
Controls
- endpoint security management
- vulnerability management
- antivirus
- program execution control
- and intrusion detection