1.5 Flashcards
Explain different threat actors, vectors, and intelligence sources.
Also known as threat _____________ or adversaries, are individuals, groups, organizations, or entities that pose a threat to the security of computer systems, networks, or data.
Actors
___________ refer to potential dangers or risks to the confidentiality, integrity, and availability of information systems and data.
Threats
An _____________ is a sophisticated and targeted cyber attack carried out by highly skilled and well-resourced adversaries, typically with specific objectives such as espionage, data theft, or sabotage. ________________ are carefully planned, stealthy, and persistent.
Advanced persistent threat (APT)
Refers to potential risks posed to an organization’s cybersecurity by individuals who have authorized access.
Insider threats
Refers to government entities or agencies that engage in cyber activities for various purposes, including espionage, sabotage, influence operations, and national security objectives.
State actors
Are individuals or groups who engage in hacking activities as a means of promoting social or political causes.
Hacktivists
Are individuals with limited technical expertise who use pre-existing hacking tools and scripts to launch cyber attacks or engage in malicious activities without a deep understanding of how these tools work.
Script kiddies
Are sophisticated groups of individuals or networks that engage in criminal activities in cyberspace for financial gain or other malicious purposes.
Criminal syndicates
Individuals or groups with advanced technical skills and knowledge of computer systems, networks, and software.
Hackers
Also known as ethical hackers or penetration testers, are individuals or security professionals who are authorized by organizations to deliberately attempt to bypass security controls.
Authorized hackers
Also known as malicious hackers or attackers, are individuals or groups who gain unauthorized access to computer systems, networks, or data.
Unauthorized hackers
Hackers that work in both the legally sanctioned world of security and the illegal realm of criminal activity.
Semi-authorized hackers
Refers to IT systems, software, applications, or services that are used within an organization without explicit approval, oversight, or control from the IT department.
Shadow IT
Other organizations within the same industry or market sector that may pose a threat or risk to an organization’s cybersecurity posture.
Competitors
Individuals within an organization who have authorized access to its systems, networks, or data.
Internal actors
individuals, groups, organizations that operate outside of an organization’s boundaries and seek to compromise its systems, networks, or data.
External actors
Refers to a method or pathway through which an attacker gains direct access to a system.
Direct access vector
Refers to various methods an attacker can use to gain access to a system.
Vectors
Refers to a method or pathway through which a cyber threat is delivered to a target via wireless communication channels.
Wireless vector
Refers to a method or pathway through which a cyber threat is delivered to a target via email.
Email vector
Refers to a method or pathway through which a cyber threat is delivered to a target via its supply chain partners or vendors.
Supply chain vector
Refers to a method or pathway through which a cyber threat is delivered to a target via removable media.
Removable media vector
Refers to a method or pathway through which a cyber threat is delivered to a target via social media.
Social media vector
Refers to a method or pathway through which a cyber threat is delivered to a target via cloud connectivity.
Cloud vector
Refers to the collection, analysis, and use of publicly available information from open sources to gather intelligence.
Open-source intelligence (OSINT)
Are collections of information about known vulnerabilities. These databases serve as centralized resources.
Vulnerability databases
Are threat intelligence databases that are offered by security firms as a premium. Cannot be accessed unless bought.
Closed/proprietary
Also known as Information Sharing and Analysis Centers (ISACs) or Information Sharing and Analysis Organizations (ISAOs), are collaborative platforms or organizations established to facilitate the exchange of cybersecurity threat intelligence.
Public/private information-
sharing centers
Is a subset of the worldwide content on the Internat that has its access restricted via specific obfuscation methods.
Dark web
Are artifacts or evidence observed in a network, system, or environment that may indicate a security compromise by malicious actors.
Indicators of Compromise (IoCs)
Is an automated, bidirectional cyber-threat indicator method that’s used for reporting.
Automated Indicator Sharing (AIS)
Are key standards and protocols in cybersecurity designed to facilitate the sharing and exchange of cyber threat intelligence.
Structured Threat Information
eXpression (STIX)/Trusted
Automated eXchange of
Intelligence Information (TAXII)
The process of using analytical methods to forecast security incidents before they occur.
Predictive analysis
Are geographical representations of attacks showing where packets are coming from and going to.
Threat maps
Are centralized storage systems used to store digital assets related to software development and IT operations.
File/code repositories
Are the sets of standards used to define how the Internet and protocols involved in the World Wide Web are established and managed.
Request for comments (RFC)
Is used to describe how threat agents organize and orchestrate their efforts.
Adversary tactics, techniques,
and procedures (TTP)