Please enable JavaScript.
Coggle requires JavaScript to display documents.
Facebook Group Page for a University Course (Attack Tree Method) (Goal:…
Facebook Group Page for a University Course (Attack Tree Method)
Goal: Take down the Facebook group page
Get a group administrator account to delete it
Acquire the credentials to a group administrator account
Phish the credentials
Convince them to download malware (keylogger, ransomware)
Convince them to login on a specially-prepared phishing website
Guess the credentials
Find shared credentials from a data breach or password leak
Bribe them
Socially engineer an administrator
Pretend to be another member of staff
Make friends with them
Threaten them
Acquire information worthy of blackmail
Pose as a student
Created a convincing spoofed account
Hijack an existing student's account
Guess the account's credentials
Phish the credentials
Convince them to download malware (i.e. keylogger)
Get them to login on a prepared phishing website
Look for shared credentials from a data breach
Bribe them
Get the Facebook group page banned
Post content that violates Facebook's terms and conditions
Acquire the ability to post on the page (if not a student)
Report the page
Goal: Acquire potentially sensitive information on the group's users
Examine posts and comments on the page
Convince an administrator to let you join the group
Socially engineer them
Threaten them
Send a message containing malware (i.e. ransomware)
Acquire information worthy of blackmail
Pretend to be a member of staff
Pose as a student
Create a convincing spoofed account
Bribe them
Make friends with them
Acquire information from a group member
Convince a member of the group to help you
Read their private messages
Acquire the login credentials of a group member account
Phish the credentials
Convince them to login to a prepared phishing website
Guess the credentials
Find shared credentials from a data breach or password leak
Get members to post information outside of the intended group page
Goal: Damage the contents and usefulness of the University course group
Make contradictory/misleading posts or comments on the page
Acquire means to make comments/posts
Create bogus posts/comments that appear to be from legitimate sources
Change the contents of posts from legitimate sources
Change posts before or as they are made
Man-in-the-browser attack
Comrpomise a group member's device
Convince them to install malware (i.e. dodgy browser extensions)
Change posts after they are made
Exploit a vulnerability in Facebook's infrastructure
Make posts containing downloadable malware or links to malicious sites
Trick people into joining a convincing spoof of the course group page
Availability
Integrity
Confidentiality