1.5 Different threat actors, vectors and intelligence sources Flashcards
Advanced persistent threat (APT)
This describes state actors that hack into either foreign governments or corporations
Insider threat
This is when an employee, contractor vendor or any other individual with authorized access to information uses that access to attack the organization
state actors
Individuals that use cybersecurity attacks as a military weapon to achieve political advantage
Hacktivists
These individuals use hacking techniques to accomplish some activist goal. They are motivated by the greater good.
Script Kiddies
These are low skilled individuals that try to do some hacking but lack the knowledge to do anything significant. They borrow code from others to try and do damage.
Criminal syndicates
These people focus on the direct financial gain from an attack
hackers
There are many forms of hackers from white hat to black hat hackers all trying to find and exploit vulnerabilities.
authorized
These are white hat hackers that are allowed to go into an organizations software/apps and gather vulnerabilites
unauthorized
These are black hat hackers that do the same thing as white hat hackers but they are not authorized to attack, but instead do it for unauthorized purposes
semi-authorized
These are grey hat hackers who fall between a white hat and a black hat. they are not hired but they want to find vulnerabilities to inform their targets.
shadow IT
This is when individuals and groups seek out their own technology solutions.
Competitors
These people may engage in corporate espionage designed to steal sensitive information from your organization and use it to their advantage.
Direct access
Attackers may seek this by physically entering the organizations buildings. They do this by entering public areas of the building.
wireless
Attackers dont need to gain physical access to the network but may be able to access remotely outside the building
This is one of the most commonly exploited threat vectors. Phishing, spam and other email attacks occur here.
supply chain
Vendor management techniques protect the supply chain against attacks.
social media
Attackers directly target users on social media or they may use social media to harvest information about users that may be used in another type of attack.
removable media
Attackers use these such as usb drives to spread malware and launch their attacks.
cloud
Attackers routinely scan popular cloud services for files with improper access controls, systems that have security flaws, or accidentally published API keys and passwords
Open source intelligence (OSINT)
This is threat intelligence that is acquired from publicly available sources.
Closed/proprietary
This is information that is secret and kept in the organization itself without being shared to anyone else
Vulnerability databases
These are locally owned databases that house the vulnerabilities of an organization, not to be shared with anyone without access.
Dark Web
The sale of illegal goods and services done privately on a private network.
Automated indicator sharing (AIS)
enables the real-time exchange of machine-readable cyber threat indicators and defensive measures to help protect participants of the AIS community and ultimately reduce the prevalence of cyberattacks
Structured Threat information eXpression (STIX)/Trusted automated eXchange of intelligence information (TAXII)
This is a XML language sponsored by the US Department of Homeland Security. This is a tool that manages threat information at any scale.
Predictive analysis
This identifies likely risks to the organization
Threat maps
These provide a geographic view of threat intelligence. Fireeye is an example of this.
File/code repositories
Centralized locations for the storage and management of application source code.
Vendor websites
These are open source intelligence resources available to the public.
vulnerability feeds
These are tools that capture daily/weekly vulnerabilities for analysts to sort through.
Adversary tactics, techniques, and procedures (TTP)
This is a list of ways that attackers function and conduct their attacks.