1.5 Explain Different Threat Actors, Vectors And Intelligence Sources

Question 1

What is a threat actor for cyber security?

Answer 1

A threat actor is anyone or anything that has a motive and resources to attack another enterprise’s IT infrastructure. A threat actor can be a malicious person or a malicious program.

Question 2

What is an Advanced persistent threat (APT)?

Answer 2

This is where a threat actor gets long-term control of a compromised system, continually looking for new data to steal.

Question 3

What is an insider threat?

Answer 3

It is an actor that is apart of an organization. As apart of the targeted organization, these actors have substantial physical access and usually have user accounts that give them access to assets. These insiders are often motivated by revenge or greed.

Question 4

What is a state actor?

Answer 4

State actors or nation actors refer to government-directed attacks. State actors take advantage of vulnerabilities to acquire intelligence. State actors are easily the best funded and most sophisticated of all the threat actors.

Question 5

What is a hacktivist?

Answer 5

It is a hacker and an activist. These threat actors have some form of agenda, often political or fueled by a sense of injustice. Think of organizations like anonymous.

Question 6

What are script kiddies?

Answer 6

Script kiddies are poorly skilled threat actors who take advantage of relatively easy-to-use open-source stacking tools. Their lack of sophistication makes them notoriously easy to stop, most of the time.

Question 7

What are criminal syndicates?

Answer 7

Criminal syndicates use extra-legal methods to gain access to resources. They are a huge problem today. These groups are sophisticated, are well funded, cause tremendous damage to vulnerability systems worldwide to make money.

Question 8

What are White hat hackers?

Answer 8

White hat hackers use their skills for good, checking for vulnerabilities and working with the full consent of the target. These are authorized hackers.

Question 9

What are black hat hackers?

Answer 9

These black hat hackers do not have the consent of the target. They are unauthorized hackers.

Question 10

What are gray hat hackers?

Answer 10

Gray hat hackers fall somewhere in the middle. They’re rarely malicious, but usually do not have the target’s consent. They are semi authorized.

Question 11

What is a shadow IT?

Answer 11

Shadow IT describes information technology systems installed without the knowledge or consent of the main IT department. Almost never based on malicious intent. Shadow IT springs up when users need to work around limitations imposed by IT department for purposes of security limitations that hamper their jobs.

Question 12

What are competitors?

Answer 12

Competitors are outside organizations that try to gain access to the same customers as the targeted company. Competitors, definition in the same business, know precisely the type of secure information they want.

Question 13

What are the attributes of threat actors?

Answer 13

Internal/external, intent/motivation, resources/funding, level of sophistication/capability.

Question 14

What are different attack vectors?

Answer 14

It can be done through:

Direct access

Wireless

Email

Supply chain

Removable media

Cloud

Question 15

What is a Threat Intelligence Source?

Answer 15

Threat Intelligence Sources enable security professionals to research potential threats to their organizations and share threats they discover with their peers. These sources reveal the past and current threats, explore threats by defining characteristics or signature types, and much more.

Question 16

What is Open-Source Intelligence (OSINT)?

Answer 16

OSINT includes information gathered from media, public gov’t reports, professional and academic publications, and so forth. Security professionals rely heavily on OSINT for the bigger picture or the framework for the picture that can get more specific with nonpublic information layers.

Question 17

What is closed/proprietary information?

Answer 17

Closed/Proprietary information is information that is gathered from professionals in the the industry that you have an interest in. For example, in Cyber Security, a subject matter expert would be the best for getting proprietary information on the topics cyber security related.

Question 18

What are Vulnerability Databases?

Answer 18

It is a collection of all known problem areas or weaknesses in deployed software. One of the most important Vulnerability databases in the United States is the National Institute of Standards and Technology’s National Vulnerability Database (NIST).

Question 19

What are Public/Private Information-Sharing Centers?

Answer 19

These Sharing Centers were originally designed as government-based public entities after a response to the events of 9/11. This is to allow information to get across to more organizations, whether it be government or public organizations.

Question 20

What is the Dark Web?

Answer 20

It refers to Internet sites that are inaccessible without using specific such as the Tor network. The Dark Web can provide a lot of important information, especially about the criminal activity, illegal transactions, etc.

Question 21

What are Indicators of Compromise (IoC)?

Answer 21

An IoC is an artifact of intrusion by a threat actors into a system. IoCs take many forms. IoCs feature as key evidence collected in forensic investigations.

Question 22

What is Automated Indicator Sharing (AIS)?

Answer 22

These are usually tools that help to update the databases of Information Sharing and Analysis Centers. Think Intel Community like NSA and CIA sharing info.

Question 23

What is Trusted Automated eXchange of Intelligence Information(TAXII) and Structured Threat Information eXpression(STIX)?

Answer 23

TAXII enables information sharing through services and message exchanges. TAXII provides transport for threat information exchange.

STIX enables communication among organizations by providing a common language to represent information.

Question 24

What is Predictive Analysis?

Answer 24

Predictive analysis is using software, often artificial intelligence, to look for trends to anticipate any upcoming problems. It’s especially useful for issues like hardware failure prediction and network loads.

Question 25

What is a Threat Map?

Answer 25

Threat Maps are graphical representations of the geographical source and target of attacks.

Question 26

What are File/Code repositories?

Answer 26

A repository is a storage area for data files or code. Data/code in these repositories are stored in such a way that the data/code is sorted for indexed based on certain information pertinent to that data or code.

Question 27

What are Research Sources?

Answer 27

They are sources where you can find information on hot topics for threat intelligence.

Vendor Web Sites

Vulnerability feeds

Conferences

Academic Journals

Requests for Comments

Local Industry Groups

Social Media

Question 28

What are Vendor Websites?

Answer 28

Vendor websites are great resources to know anything about the product they manufacture. Find a support forum and search for information.

Question 29

What are Vulnerability Feeds?

Answer 29

Vulnerability feeds makes your research easier by delivering RSS feeds, tweets, social media posts, or other methods to let you see what’s out there.

Question 30

What are Conferences good for?

Answer 30

Another form of a research source that can help you learn about various new techniques or to be ahead of the curve with new technology being presented daily.

Question 31

Why are Academic journals good for research sources?

Answer 31

Many vulnerabilities are bought into the public spotlight through journals. The only challenge to reading about vulnerabilities in academic journals is that the articles often only discuss the theoretical vulnerability without showing how to do it.

Question 32

Why are Requests (RFCs) for Comments good as a research source?

Answer 32

They are the details on any technology that is part of TCP/IP communications. They provide a lot of information for users to research.

Question 33

Why are Local Industry Groups important to research sources?

Answer 33

Many problems are industry specific, so joining a local industry group is always the best way to connect with the folks who deal with similar issues in your industry.

Question 34

Why is Social Media important for research sources?

Answer 34

Social media can provide a great wealth of knowledge for threat intelligence. Some accounts are dedicated to hourly updates on the issues of cyber security going on today.

Question 35

What are threat feeds?

Answer 35

They are real-time data streams to recognize threats.

Question 36

What are Adversary Tactics, Techniques, and Procedures (TTP)?

Answer 36

Describes actions the threat actors take to gain access to your infrastructure.