1.5 Different threat actors, vectors and intelligence sources

Question 1

Advanced persistent threat (APT)

Answer 1

This describes state actors that hack into either foreign governments or corporations

Question 2

Insider threat

Answer 2

This is when an employee, contractor vendor or any other individual with authorized access to information uses that access to attack the organization

Question 3

state actors

Answer 3

Individuals that use cybersecurity attacks as a military weapon to achieve political advantage

Question 4

Hacktivists

Answer 4

These individuals use hacking techniques to accomplish some activist goal. They are motivated by the greater good.

Question 5

Script Kiddies

Answer 5

These are low skilled individuals that try to do some hacking but lack the knowledge to do anything significant. They borrow code from others to try and do damage.

Question 6

Criminal syndicates

Answer 6

These people focus on the direct financial gain from an attack

Question 7

hackers

Answer 7

There are many forms of hackers from white hat to black hat hackers all trying to find and exploit vulnerabilities.

Question 8

authorized

Answer 8

These are white hat hackers that are allowed to go into an organizations software/apps and gather vulnerabilites

Question 9

unauthorized

Answer 9

These are black hat hackers that do the same thing as white hat hackers but they are not authorized to attack, but instead do it for unauthorized purposes

Question 10

semi-authorized

Answer 10

These are grey hat hackers who fall between a white hat and a black hat. they are not hired but they want to find vulnerabilities to inform their targets.

Question 11

shadow IT

Answer 11

This is when individuals and groups seek out their own technology solutions.

Question 12

Competitors

Answer 12

These people may engage in corporate espionage designed to steal sensitive information from your organization and use it to their advantage.

Question 13

Direct access

Answer 13

Attackers may seek this by physically entering the organizations buildings. They do this by entering public areas of the building.

Question 14

wireless

Answer 14

Attackers dont need to gain physical access to the network but may be able to access remotely outside the building

Question 15

email

Answer 15

This is one of the most commonly exploited threat vectors. Phishing, spam and other email attacks occur here.

Question 16

supply chain

Answer 16

Vendor management techniques protect the supply chain against attacks.

Question 17

social media

Answer 17

Attackers directly target users on social media or they may use social media to harvest information about users that may be used in another type of attack.

Question 18

removable media

Answer 18

Attackers use these such as usb drives to spread malware and launch their attacks.

Question 19

cloud

Answer 19

Attackers routinely scan popular cloud services for files with improper access controls, systems that have security flaws, or accidentally published API keys and passwords

Question 20

Open source intelligence (OSINT)

Answer 20

This is threat intelligence that is acquired from publicly available sources.

Question 21

Closed/proprietary

Answer 21

This is information that is secret and kept in the organization itself without being shared to anyone else

Question 22

Vulnerability databases

Answer 22

These are locally owned databases that house the vulnerabilities of an organization, not to be shared with anyone without access.

Question 23

Dark Web

Answer 23

The sale of illegal goods and services done privately on a private network.

Question 24

Automated indicator sharing (AIS)

Answer 24

enables the real-time exchange of machine-readable cyber threat indicators and defensive measures to help protect participants of the AIS community and ultimately reduce the prevalence of cyberattacks

Question 25

Structured Threat information eXpression (STIX)/Trusted automated eXchange of intelligence information (TAXII)

Answer 25

This is a XML language sponsored by the US Department of Homeland Security. This is a tool that manages threat information at any scale.

Question 26

Predictive analysis

Answer 26

This identifies likely risks to the organization

Question 27

Threat maps

Answer 27

These provide a geographic view of threat intelligence. Fireeye is an example of this.

Question 28

File/code repositories

Answer 28

Centralized locations for the storage and management of application source code.

Question 29

Vendor websites

Answer 29

These are open source intelligence resources available to the public.

Question 30

vulnerability feeds

Answer 30

These are tools that capture daily/weekly vulnerabilities for analysts to sort through.

Question 31

Adversary tactics, techniques, and procedures (TTP)

Answer 31

This is a list of ways that attackers function and conduct their attacks.