1.5 Explain Different Threat Actors, Vectors And Intelligence Sources Flashcards
What is a threat actor for cyber security?
A threat actor is anyone or anything that has a motive and resources to attack another enterprise’s IT infrastructure. A threat actor can be a malicious person or a malicious program.
What is an Advanced persistent threat (APT)?
This is where a threat actor gets long-term control of a compromised system, continually looking for new data to steal.
What is an insider threat?
It is an actor that is apart of an organization. As apart of the targeted organization, these actors have substantial physical access and usually have user accounts that give them access to assets. These insiders are often motivated by revenge or greed.
What is a state actor?
State actors or nation actors refer to government-directed attacks. State actors take advantage of vulnerabilities to acquire intelligence. State actors are easily the best funded and most sophisticated of all the threat actors.
What is a hacktivist?
It is a hacker and an activist. These threat actors have some form of agenda, often political or fueled by a sense of injustice. Think of organizations like anonymous.
What are script kiddies?
Script kiddies are poorly skilled threat actors who take advantage of relatively easy-to-use open-source stacking tools. Their lack of sophistication makes them notoriously easy to stop, most of the time.
What are criminal syndicates?
Criminal syndicates use extra-legal methods to gain access to resources. They are a huge problem today. These groups are sophisticated, are well funded, cause tremendous damage to vulnerability systems worldwide to make money.
What are White hat hackers?
White hat hackers use their skills for good, checking for vulnerabilities and working with the full consent of the target. These are authorized hackers.
What are black hat hackers?
These black hat hackers do not have the consent of the target. They are unauthorized hackers.
What are gray hat hackers?
Gray hat hackers fall somewhere in the middle. They’re rarely malicious, but usually do not have the target’s consent. They are semi authorized.
What is a shadow IT?
Shadow IT describes information technology systems installed without the knowledge or consent of the main IT department. Almost never based on malicious intent. Shadow IT springs up when users need to work around limitations imposed by IT department for purposes of security limitations that hamper their jobs.
What are competitors?
Competitors are outside organizations that try to gain access to the same customers as the targeted company. Competitors, definition in the same business, know precisely the type of secure information they want.
What are the attributes of threat actors?
Internal/external, intent/motivation, resources/funding, level of sophistication/capability.
What are different attack vectors?
It can be done through:
Direct access
Wireless
Supply chain
Removable media
Cloud
What is a Threat Intelligence Source?
Threat Intelligence Sources enable security professionals to research potential threats to their organizations and share threats they discover with their peers. These sources reveal the past and current threats, explore threats by defining characteristics or signature types, and much more.
What is Open-Source Intelligence (OSINT)?
OSINT includes information gathered from media, public gov’t reports, professional and academic publications, and so forth. Security professionals rely heavily on OSINT for the bigger picture or the framework for the picture that can get more specific with nonpublic information layers.
What is closed/proprietary information?
Closed/Proprietary information is information that is gathered from professionals in the the industry that you have an interest in. For example, in Cyber Security, a subject matter expert would be the best for getting proprietary information on the topics cyber security related.
What are Vulnerability Databases?
It is a collection of all known problem areas or weaknesses in deployed software. One of the most important Vulnerability databases in the United States is the National Institute of Standards and Technology’s National Vulnerability Database (NIST).
What are Public/Private Information-Sharing Centers?
These Sharing Centers were originally designed as government-based public entities after a response to the events of 9/11. This is to allow information to get across to more organizations, whether it be government or public organizations.
What is the Dark Web?
It refers to Internet sites that are inaccessible without using specific such as the Tor network. The Dark Web can provide a lot of important information, especially about the criminal activity, illegal transactions, etc.
What are Indicators of Compromise (IoC)?
An IoC is an artifact of intrusion by a threat actors into a system. IoCs take many forms. IoCs feature as key evidence collected in forensic investigations.
What is Automated Indicator Sharing (AIS)?
These are usually tools that help to update the databases of Information Sharing and Analysis Centers. Think Intel Community like NSA and CIA sharing info.
What is Trusted Automated eXchange of Intelligence Information(TAXII) and Structured Threat Information eXpression(STIX)?
TAXII enables information sharing through services and message exchanges. TAXII provides transport for threat information exchange.
STIX enables communication among organizations by providing a common language to represent information.
What is Predictive Analysis?
Predictive analysis is using software, often artificial intelligence, to look for trends to anticipate any upcoming problems. It’s especially useful for issues like hardware failure prediction and network loads.
