1 - 2: Understanding Attackers

Question 1

Differentiating attackers

Answer 1

Internal vs External, sophistication, resource access, motivation, intent

Question 2

Script Kiddies

Answer 2

Unskilled attackers who reuse tools and scripts made by more sophisticated attackers

Question 3

Hacktivists

Answer 3

Use tools to advance political and social agendas

Question 4

Organized crime

Answer 4

Believed to associate with ransomware, extortion, and other means of financial gain

Question 5

Corporate Espionage

Answer 5

Competitors who may target proprietary information

Question 6

Nation States

Answer 6

Sponsor sophisticated APTs, typically with military training and advanced tools

Question 7

White Hat

Answer 7

Operate and hack with good intent and organizational blessing

Question 8

Black Hat

Answer 8

Operate illegally with malicious intent

Question 9

Grey Hat

Answer 9

Operate without permission in typically illegal ways, but intend to help

Question 10

Insider threat

Answer 10

Risk that current, former employees, contractors, or other insiders may exploit their privileged access

Question 11

Privilege escalation attacks

Answer 11

Taking a regular account into a role or account with heightened privileges

Question 12

Preventing insider attacks

Answer 12

HR can perform background checks, follow rule of least privilege, require multiple users for high risk actions, mandatory vacations

Question 13

Shadow IT

Answer 13

Technology brought into the organization without IT clearing it

Question 14

Email (attack vector)

Answer 14

Conducting phishing campaigns to get at least one user to activate malware

Question 15

Social media (attack vector)

Answer 15

Spread malware or influence employees to gain trust and access

Question 16

Removable media

Answer 16

Leaving malware on USB drives or other media intending someone to plug it in and use it, or altering trusted cables and media with malicious chips

Question 17

Card skimmers

Answer 17

Magnetic card readers modified to read magnetic stripes to clone card data for use elsewhere

Question 18

Cloud services (attack vector)

Answer 18

Attackers scan cloud services for flaws, improper access control, or accidentally published credentials and keys

Question 19

Direct access

Answer 19

Publicly available networks, endpoints that can be touched

Question 20

Hardware Supply Chain

Answer 20

Tampering with devices before customers receive them

Question 21

Wireless networks (attack vector)

Answer 21

Unsecured or poorly secured wi-fi networks

Question 22

Ethical disclosure

Answer 22

1) Notify the vendor responsible, 2) provide reasonable time for patching, 3) Disclose the vulnerability publicly

Question 23

Patching and vulnerability management

Answer 23

Updating systems to mitigate risks and threats

Question 24

Zero day vulnerability

Answer 24

A vulnerability that at least one researcher has discovered but vendor has not yet patched, typically exploited by APTs

Question 25

Window of vulnerability

Answer 25

Time between vulnerability discovery and patch issuance

Question 26

Defending from APTs

Answer 26

Strong security foundation, strong encryption, rigorous monitoring