1.3 Explain threat actor types and attributes Flashcards
An employee suspected of modifying company invoices, diverted funds from a company account to his or her own private bank account. What kind of malicious actor type does this describe?
Insider threat
An attacker gained access to a target’s cell phone information by social engineering a cellular provider to send the attacker a SIM card issued for the victim. What type of activity is this attack categorized by?
Organized crime
Which of the following is NOT a critical profiling factor when assessing the risk that any one type of threat actor poses to an organization?
Non-repudiation
Which of the following are examples of external malicious threat actor types?
- Competitor threat
- Organized crime threat
An attacker used Open Source Intelligence (OSINT) to gather information about a target’s Internet Protocol (IP) address registration records for the victim’s servers. What type of technique did the attacker use?
DNS harvesting
An environmental advocacy group uses cyber weapons to put companies at risk and promote their agenda. What type of attack does this demonstrate?
Hacktivists
A bank manager fired a security engineer. The engineer changed companies, working for another bank, and brought insider knowledge, which broke a Non-disclosure Agreement (NDA) with the previous employer. The security engineer used this knowledge to damage the previous company’s reputation. What classification of threat actor is the engineer?
Competitor
With no specific target in mind, and without a reasonable goal, an attacker launched an unstructured phishing attack with an attachment of a replicating computer worm. If the attacker did not fully understand how this malware worked, and just wanted to gain attention, what classification of threat actor is this person?
A script kiddie
Non-repudiation
describe a property of a secure network where a sender cannot deny having sent a message
assessing the risk
- critical factors when assessing the risk that any one type of threat actor poses to an organization. For example, the intent could be to vandalize and disrupt a system or to steal something
- critical factors when assessing the risk that any one type of threat actor poses to an organization. For example, an attacker could be motivated by greed, curiosity, or some sort of grievance, for instance
- Threats can be characterized as structured or unstructured (or targeted versus opportunistic) depending on the degree to which an organization is targeted specifically.
DNS harvesting
uses Open Source Intelligence (OSINT) to gather information about a domain (subdomains, hosting provider, administrative contacts, and so on)
Topology discovery (footprinting)
part of the discovery phase where the attacker or pen tester starts to identify the structure of the target network
host discovery
When performing host discovery on an internetwork (a network of routed IP subnets), the attacker will want to discover how the subnets are connected by routers (and whether any misconfigured gateways between subnets exist)
ping command
ping command can be used to detect the presence of a host on a particular IP address or that responds to a particular host name. Users can apply a simple script to perform a ping sweep
Advanced Persistent Threat (APT)
coined to understand the behavior underpinning modern types of cyber adversaries. An APT refers to the ongoing ability of an adversary to compromise network security (to obtain and maintain access) using a variety of tools and techniques