1.5 Explain different threat actors, vectors, and intelligence sources

Question 1

Advanced persistent threat (APT)

Answer 1

Highly motivated group of attackers funded by a nation state

Question 2

Insider threat

Answer 2

Someone on the inside of an org. violating company security policy

Question 3

State actor

Answer 3

Attacker operating on behalf of nation state

Generally is an APT group

Question 4

Hacktivist

Answer 4

Using hacking skills for a cause/purpose

Question 5

Script kiddies

Answer 5

Threat actor less knowledgeable than a skilled attacker, usually uses tools with little understanding

Question 6

Criminal syndicate

Answer 6

Organized cybercrime

Question 7

Types of hackers

Answer 7

White hat
-Authorized hacker, for testing

Black hat
-Unauthorized hacker, malicious

Gray hat
-Semi-authorized hacker, under cover for ethical hacking

Question 8

Shadow IT

Answer 8

Term used to describe IT components deployed by a department w/o knowledge or permission of senior mgt or IT group

Question 9

Competitors

Answer 9

Another type of threat actor related to business or organization

Question 10

Attributes of actors

Answer 10

Internal/external

Level of sophistication/capability

Resources/funding

Intent/motivation

Question 11

Vectors

Answer 11

Path/means by which an attack gains access to a target to cause harm

Direct access

Wireless

Email

Supply chain

Social media

Removable media

Cloud

Question 12

Open source intelligence (OSINT)

Answer 12

Gathering of info from publicly available sources

Question 13

Vulnerability databases

Answer 13

Indexes/repositories of info about threats, exploits, and attacks

Example:
Common Vulnerabilities and Exposures (CVE)
National Vulnerability Database (NVD)

Question 14

Public/private information sharing centers

Answer 14

Locations where info about security compromise events are posted

Question 15

Dark web

Answer 15

Part of internet not accessible by standard users

Question 16

Indicators of compromise (IOCs)

Answer 16

Evidence of intrusion or breach

Question 17

Automated indicator sharing (AIS)

Answer 17

Initiative by Department of Homeland Security to facilitate exchange of IoCs and other cyberthreat info between Gov. and Private sectors automatically

Question 18

Structured threat information exchange (STIX)/Trusted automated exchange of indicator information (TAXII)

Answer 18

Effort to develop standard language and structure for cyberthreat indicators and related info

Question 19

Predictive analysis

Answer 19

Using IoCs and other observables to attempt to predict an attack

Question 20

Threat maps

Answer 20

Real time map of cyber attacks taking place

Question 21

Request for commends (RFC)

Answer 21

Document drafted by technical community defining technology specs

Question 22

Adversary tactics, techniques, and procedures (TTP)

Answer 22

Collection of info on means, motivations, and opportunities related to APTs