1 - 2: Understanding Attackers Flashcards
Differentiating attackers
Internal vs External, sophistication, resource access, motivation, intent
Script Kiddies
Unskilled attackers who reuse tools and scripts made by more sophisticated attackers
Hacktivists
Use tools to advance political and social agendas
Organized crime
Believed to associate with ransomware, extortion, and other means of financial gain
Corporate Espionage
Competitors who may target proprietary information
Nation States
Sponsor sophisticated APTs, typically with military training and advanced tools
White Hat
Operate and hack with good intent and organizational blessing
Black Hat
Operate illegally with malicious intent
Grey Hat
Operate without permission in typically illegal ways, but intend to help
Insider threat
Risk that current, former employees, contractors, or other insiders may exploit their privileged access
Privilege escalation attacks
Taking a regular account into a role or account with heightened privileges
Preventing insider attacks
HR can perform background checks, follow rule of least privilege, require multiple users for high risk actions, mandatory vacations
Shadow IT
Technology brought into the organization without IT clearing it
Email (attack vector)
Conducting phishing campaigns to get at least one user to activate malware
Social media (attack vector)
Spread malware or influence employees to gain trust and access
Removable media
Leaving malware on USB drives or other media intending someone to plug it in and use it, or altering trusted cables and media with malicious chips
Card skimmers
Magnetic card readers modified to read magnetic stripes to clone card data for use elsewhere
Cloud services (attack vector)
Attackers scan cloud services for flaws, improper access control, or accidentally published credentials and keys
Direct access
Publicly available networks, endpoints that can be touched
Hardware Supply Chain
Tampering with devices before customers receive them
Wireless networks (attack vector)
Unsecured or poorly secured wi-fi networks
Ethical disclosure
1) Notify the vendor responsible, 2) provide reasonable time for patching, 3) Disclose the vulnerability publicly
Patching and vulnerability management
Updating systems to mitigate risks and threats
Zero day vulnerability
A vulnerability that at least one researcher has discovered but vendor has not yet patched, typically exploited by APTs
Window of vulnerability
Time between vulnerability discovery and patch issuance
Defending from APTs
Strong security foundation, strong encryption, rigorous monitoring