1.5 Explain different threat actors, vectors, and intelligence sources Flashcards

1
Q

What are Actors and threats?

A

Actors and threats refer to the various entities and risks that can compromise the security of a system or organization, including individuals, groups, and malicious activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What term describes the various entities and risks that can compromise the security of a system or organization?

A

Actors and threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is an Advanced persistent threat (APT)?

A

An Advanced persistent threat (APT) is a sophisticated and stealthy cyber attack carried out by highly skilled threat actors over an extended period, often targeting specific organizations or industries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What term describes a sophisticated and stealthy cyber attack carried out by highly skilled threat actors over an extended period?

A

Advanced persistent threat (APT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are Insider threats?

A

Insider threats are security risks posed by individuals within an organization who misuse their access, knowledge, or privileges to compromise the organization’s security or data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What term describes security risks posed by individuals within an organization who misuse their access or privileges?

A

Insider threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are State actors?

A

State actors are government-sponsored or affiliated entities that conduct cyber operations for political, economic, or military purposes, often targeting other nations or organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What term describes government-sponsored or affiliated entities conducting cyber operations for political or military purposes?

A

State actors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are Hacktivists?

A

Hacktivists are individuals or groups who use hacking techniques for politically or socially motivated purposes, such as activism, protest, or ideological advocacy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What term describes individuals or groups who use hacking techniques for politically or socially motivated purposes?

A

Hacktivists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are Script kiddies?

A

Script kiddies are individuals with limited technical skills who use pre-packaged hacking tools or scripts to conduct cyber attacks without understanding the underlying technology or vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What term describes individuals with limited technical skills who use pre-packaged hacking tools to conduct cyber attacks?

A

Script kiddies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are Criminal syndicates?

A

Criminal syndicates are organized groups engaged in illegal activities, including cybercrime, such as hacking, identity theft, fraud, and other financially motivated offenses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What term describes organized groups engaged in illegal activities, including cybercrime?

A

Criminal syndicates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are Hackers?

A

Hackers are individuals with advanced technical skills who use their knowledge to penetrate computer systems or networks for various purposes, including security testing, activism, or criminal activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What term describes individuals with advanced technical skills who penetrate computer systems for various purposes?

A

Hackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is Authorized access?

A

Authorized access refers to permissions granted to users or entities to access specific resources or perform certain actions within a system or organization, based on their roles or privileges.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What term describes permissions granted to users or entities to access specific resources within a system?

A

Authorized access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is Unauthorized access?

A

Unauthorized access refers to attempts to gain access to resources or systems without proper authorization or permission, often constituting a security breach or violation of policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What term describes attempts to gain access to resources or systems without proper authorization?

A

Unauthorized access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is Semiauthorized access?

A

Semiauthorized access refers to access granted to users or entities beyond their normal privileges or roles, often resulting from misconfigurations, vulnerabilities, or exploitation of access controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What term describes access granted to users beyond their normal privileges or roles?

A

Semiauthorized access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is Shadow IT?

A

Shadow IT refers to the use of unauthorized or unapproved hardware, software, or services within an organization, often by individual employees or departments without oversight or IT approval.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What term describes the use of unauthorized or unapproved hardware, software, or services within an organization?

A

Shadow IT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What are Competitors?

A

Competitors are rival individuals, companies, or organizations operating in the same market or industry, who may engage in espionage, cyber attacks, or other tactics to gain competitive advantage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What term describes rival individuals, companies, or organizations operating in the same market?

A

Competitors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What are Attributes of actors?

A

Attributes of actors refer to the characteristics or traits associated with individuals, groups, or entities involved in cyber threats or attacks, including their internal/external nature, sophistication, resources, and motivations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What term describes the characteristics associated with individuals, groups, or entities involved in cyber threats?

A

Attributes of actors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is Internal/external?

A

Internal/external refers to whether an actor operates from within the target organization or externally, often influencing their level of access, visibility, and potential impact.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What term describes whether an actor operates from within the target organization or externally?

A

Internal/external

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is Level of sophistication/capability?

A

Level of sophistication/capability refers to the technical expertise, skills, and resources possessed by threat actors, influencing their ability to carry out complex or advanced cyber attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What term describes the technical expertise and resources possessed by threat actors?

A

Level of sophistication/capability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What are Resources/funding?

A

Resources/funding refers to the financial, technological, or human resources available to threat actors to conduct cyber attacks, influencing the scale, scope, and effectiveness of their operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What term describes the financial, technological, or human resources available to threat actors?

A

Resources/funding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What is Intent/motivation?

A

Intent/motivation refers to the goals, objectives, or reasons driving the actions of threat actors, such as financial gain, political ideology, espionage, sabotage, or revenge.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What term describes the goals or reasons driving the actions of threat actors?

A

Intent/motivation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What are Vectors?

A

Vectors refer to the different methods or pathways used by threat actors to launch cyber attacks or infiltrate target systems, including direct access, wireless, email, and social engineering.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What term describes the methods or pathways used by threat actors to launch cyber attacks?

A

Vectors

39
Q

What is Direct access?

A

Direct access is a cyber attack vector where threat actors gain physical or remote access to a system, network, or device without intermediaries or additional steps.

40
Q

What term describes gaining access to a system without intermediaries or additional steps?

A

Direct access

41
Q

What is Wireless?

A

Wireless is a cyber attack vector that exploits vulnerabilities in wireless networks, devices, or protocols to gain unauthorized access, intercept data, or launch attacks.

42
Q

What term describes exploiting vulnerabilities in wireless networks or devices to gain unauthorized access?

A

Wireless

43
Q

What is Email?

A

Email is a cyber attack vector that involves the use of malicious emails or attachments to deliver malware, phishing scams, or other threats to individuals or organizations.

44
Q

What term describes the use of malicious emails or attachments to deliver threats?

A

Email

45
Q

What is Supply chain?

A

Supply chain is a cyber attack vector where threat actors target third-party suppliers, vendors, or service providers to compromise the security of products, services, or infrastructure used by the target organization.

46
Q

What term describes targeting third-party suppliers to compromise the security of products or services?

A

Supply chain

47
Q

What is Social media?

A

Social media is a cyber attack vector where threat actors exploit social networking platforms or communication channels to spread misinformation, launch phishing attacks, or manipulate public opinion.

48
Q

What term describes exploiting social networking platforms to spread misinformation or launch attacks?

A

Social media

49
Q

What is Removable media?

A

Removable media is a cyber attack vector involving the use of USB drives, CDs, or other portable storage devices to introduce malware, steal data, or compromise systems when connected to computers or networks.

50
Q

What term describes using USB drives or portable storage devices to introduce malware?

A

Removable media

51
Q

What is Cloud?

A

Cloud is a cyber attack vector where threat actors target cloud computing platforms, services, or applications to exploit misconfigurations, vulnerabilities, or weak access controls, compromising data or resources.

52
Q

What term describes targeting cloud computing platforms to exploit vulnerabilities or weak access controls?

A

Cloud

53
Q

What are Threat intelligence sources?

A

Threat intelligence sources refer to the various repositories, databases, or platforms that provide information and insights about cyber threats, adversaries, vulnerabilities, and mitigation strategies.

54
Q

What term describes repositories or platforms providing information about cyber threats and adversaries?

A

Threat intelligence sources

55
Q

What is Opensource intelligence (OSINT)?

A

Opensource intelligence (OSINT) is publicly available information collected from open sources such as websites, social media, forums, or public records, used for threat analysis and intelligence gathering.

56
Q

What term describes publicly available information collected from open sources for threat analysis?

A

Opensource intelligence (OSINT)

57
Q

What is Closed/proprietary?

A

Closed/proprietary refers to threat intelligence sources that are restricted, confidential, or proprietary, typically available only to authorized users or subscribers.

58
Q

What term describes restricted or confidential threat intelligence sources?

A

Closed/proprietary

59
Q

What are Vulnerability databases?

A

Vulnerability databases are repositories of known vulnerabilities in software, hardware, or systems, providing information about weaknesses that can be exploited by threat actors.

60
Q

What term describes repositories of known weaknesses in software, hardware, or systems?

A

Vulnerability databases

61
Q

What are Public/private information-sharing centers?

A

Public/private information-sharing centers are organizations or platforms where stakeholders share information, intelligence, or insights about cyber threats, vulnerabilities, and incidents to improve collective defense.

62
Q

What term describes organizations or platforms for sharing information about cyber threats and vulnerabilities?

A

Public/private information-sharing centers

63
Q

What is Dark web?

A

Dark web is a part of the internet that is not indexed by search engines and is often used for illicit activities, including the buying and selling of stolen data, hacking tools, or other illegal goods and services.

64
Q

What term describes the part of the internet used for illicit activities and not indexed by search engines?

A

Dark web

65
Q

What are Indicators of compromise?

A

Indicators of compromise (IoCs) are signs or evidence indicating that a system or network has been breached or compromised, including unusual activities, behaviors, or artifacts left by attackers.

66
Q

What term describes signs indicating that a system or network has been breached or compromised?

A

Indicators of compromise

67
Q

What is Automated Indicator Sharing (AIS): Structured Threat Information eXpression (STIX)/Trusted Automated eXchange of Intelligence Information (TAXII)?

A

Automated Indicator Sharing (AIS): Structured Threat Information eXpression (STIX)/Trusted Automated eXchange of Intelligence Information (TAXII) is a standardized framework for exchanging threat intelligence, including IoCs, among security communities and organizations.

68
Q

What term describes a standardized framework for exchanging threat intelligence, including IoCs, among security communities?

A

Automated Indicator Sharing (AIS): Structured Threat Information eXpression (STIX)/Trusted Automated eXchange of Intelligence Information (TAXII)

69
Q

What is Predictive analysis?

A

Predictive analysis is the process of using data, statistical algorithms, and machine learning techniques to forecast future events or behaviors, such as identifying potential cyber threats or attacks.

70
Q

What term describes using data and algorithms to forecast future events or behaviors, such as cyber threats?

A

Predictive analysis

71
Q

What are Threat maps?

A

Threat maps are visual representations of cyber threats, attacks, or vulnerabilities, often displayed geographically or in real-time, to provide situational awareness and threat intelligence.

72
Q

What term describes visual representations of cyber threats or attacks, often displayed geographically?

A

Threat maps

73
Q

What are File/code repositories?

A

File/code repositories are platforms or databases used to store, manage, and share source code, scripts, or executable files, often targeted by threat actors for reconnaissance or exploitation.

74
Q

What term describes platforms used to store and share source code or executable files?

A

File/code repositories

75
Q

What are Research sources?

A

Research sources are academic journals, publications, or reports containing studies, analyses, or findings related to cybersecurity, threat intelligence, or emerging technologies.

76
Q

What term describes academic journals or reports containing studies related to cybersecurity?

A

Research sources

77
Q

What are Vendor websites?

A

Vendor websites are online platforms maintained by software or hardware vendors, providing information, updates, or patches for their products, often targeted by threat actors for vulnerabilities or exploits.

78
Q

What term describes online platforms providing information or updates for software products?

A

Vendor websites

79
Q

What are Vulnerability feeds?

A

Vulnerability feeds are subscription services or data streams delivering information about newly discovered vulnerabilities, patches, or security advisories to organizations or security tools.

80
Q

What term describes services delivering information about newly discovered vulnerabilities?

A

Vulnerability feeds

81
Q

What are Conferences?

A

Conferences are events, seminars, or summits where cybersecurity professionals, researchers, or experts gather to share knowledge, discuss trends, and present findings about cyber threats or defenses.

82
Q

What term describes events where cybersecurity professionals gather to discuss trends and present findings?

A

Conferences

83
Q

What are Academic journals?

A

Academic journals are scholarly publications containing research articles, studies, or analyses written by experts or researchers in the field of cybersecurity or related disciplines.

84
Q

What term describes scholarly publications containing research articles written by experts in cybersecurity?

A

Academic journals

85
Q

What are Request for comments (RFC)?

A

Request for comments (RFC) documents are publications containing technical specifications, standards, or proposals developed by Internet Engineering Task Force (IETF) working groups.

86
Q

What term describes documents containing technical specifications developed by Internet Engineering Task Force (IETF)?

A

Request for comments (RFC)

87
Q

What are Local industry groups?

A

Local industry groups are organizations or associations comprised of businesses, professionals, or experts within a specific geographic area or industry sector, often collaborating on cybersecurity initiatives or sharing threat intelligence.

88
Q

What term describes organizations comprised of businesses collaborating on cybersecurity initiatives?

A

Local industry groups

89
Q

What is Social media?

A

Social media is a cyber attack vector where threat actors exploit social networking platforms or communication channels to spread misinformation, launch phishing attacks, or manipulate public opinion.

90
Q

What term describes exploiting social networking platforms to spread misinformation or launch attacks?

A

Social media

91
Q

What are Threat feeds?

A

Threat feeds are data streams or services providing real-time information about cyber threats, vulnerabilities, or malicious activities, often used by security teams for threat detection and analysis.

92
Q

What term describes services providing real-time information about cyber threats?

A

Threat feeds

93
Q

What are Adversary tactics, techniques, and procedures (TTP)?

A

Adversary tactics, techniques, and procedures (TTP) refer to the methods, tools, and behaviors used by threat actors to achieve their objectives during cyber attacks, including reconnaissance, infiltration, and exploitation.

94
Q

What term describes the methods or behaviors used by threat actors to achieve their objectives during cyber attacks?

A

Adversary tactics, techniques, and procedures (TTP)