A company handling sensitive customer data plans to build a...

A company handling sensitive customer data plans to build a flow that uses an FTP server. You’re in charge of creating the flow and notice the company uses a server with the FTPS protocol. You’re told the authentication key will be provided to you later in the week. Do you see any issues with this situation?

Transcript

00:01 Hello students, here are the various what remote access method could an attacker exploit.

00:06 So here are the list.

00:08 Number one phishing.

00:09 This is a common attack vectors where the attackers send an email that appears to be a legitimate source such as bank or credit card company.

00:17 The email will often contain a link or the attachment that when clicked or opened will install malware on the victim's computer and phishing work can be done.

00:29 Malware tizing.

00:29 This is a type of attack where the attacker inject malicious code into the legitimate website.

00:35 So here injecting the code when a victim visit the site, the malicious code will be executed and will install the malware on the victim's computer and computer will be on the risk.

00:48 Number three watering hole attack.

00:50 This is a type of attack where the attacker target a special website that is known to be frequented by their target victims.

00:57 Sometimes the attacker will then compromise the website and inject malicious code into it when a victim visit the website, the malicious code will be executed and can install malware on victim's computer.

01:09 Now zero day attack.

01:11 So this is also these are the attack they exploit vulnerabilities in the software that the software vendor is not aware.

01:18 Zero day attacks are often difficult to defend against because there is a no patch available to fix this.

01:24 So it's more dangerous.

01:26 So now here are the attack vector against the company's email server.

01:31 So some attack vector advanced an advanced attacker could exploit a vulnerability in the email server software to gain unauthorized access to the server.

01:40 Once they have access to the server, they could steal data, install malware or disrupt the email service developed.

01:47 Developed attacker could use social engineering techniques to trick a staff member into clicking on a malicious link.

01:55 So or opening a malicious attachment.

01:57 This could allow the attacker to install the malware on the staff members computers, which could then be used to gain access to the email server.

02:05 So augmented and augmented attacker could use a combination of social engineering and the technical method to gain access to the email server.

02:13 For example, they could send a phishing email that contain a link to a fake website that look like the company's email login page.

02:19 When the staff member enters their credential on the fake website, the attacker can steal them and use them to gain access to the email server.

02:29 So in this way, here are the attack vector that advertised can exploit after email has been received by the company.

02:37 So here are the attack vector that adversaries can exploit.

02:42 So here's spear phishing...

Question

Please give Ace some feedback