1.5 Explain different threat actors, vectors, and intelligence sources Flashcards
What are Actors and threats?
Actors and threats refer to the various entities and risks that can compromise the security of a system or organization, including individuals, groups, and malicious activities.
What term describes the various entities and risks that can compromise the security of a system or organization?
Actors and threats
What is an Advanced persistent threat (APT)?
An Advanced persistent threat (APT) is a sophisticated and stealthy cyber attack carried out by highly skilled threat actors over an extended period, often targeting specific organizations or industries.
What term describes a sophisticated and stealthy cyber attack carried out by highly skilled threat actors over an extended period?
Advanced persistent threat (APT)
What are Insider threats?
Insider threats are security risks posed by individuals within an organization who misuse their access, knowledge, or privileges to compromise the organization’s security or data.
What term describes security risks posed by individuals within an organization who misuse their access or privileges?
Insider threats
What are State actors?
State actors are government-sponsored or affiliated entities that conduct cyber operations for political, economic, or military purposes, often targeting other nations or organizations.
What term describes government-sponsored or affiliated entities conducting cyber operations for political or military purposes?
State actors
What are Hacktivists?
Hacktivists are individuals or groups who use hacking techniques for politically or socially motivated purposes, such as activism, protest, or ideological advocacy.
What term describes individuals or groups who use hacking techniques for politically or socially motivated purposes?
Hacktivists
What are Script kiddies?
Script kiddies are individuals with limited technical skills who use pre-packaged hacking tools or scripts to conduct cyber attacks without understanding the underlying technology or vulnerabilities.
What term describes individuals with limited technical skills who use pre-packaged hacking tools to conduct cyber attacks?
Script kiddies
What are Criminal syndicates?
Criminal syndicates are organized groups engaged in illegal activities, including cybercrime, such as hacking, identity theft, fraud, and other financially motivated offenses.
What term describes organized groups engaged in illegal activities, including cybercrime?
Criminal syndicates
What are Hackers?
Hackers are individuals with advanced technical skills who use their knowledge to penetrate computer systems or networks for various purposes, including security testing, activism, or criminal activities.
What term describes individuals with advanced technical skills who penetrate computer systems for various purposes?
Hackers
What is Authorized access?
Authorized access refers to permissions granted to users or entities to access specific resources or perform certain actions within a system or organization, based on their roles or privileges.
What term describes permissions granted to users or entities to access specific resources within a system?
Authorized access
What is Unauthorized access?
Unauthorized access refers to attempts to gain access to resources or systems without proper authorization or permission, often constituting a security breach or violation of policies.
What term describes attempts to gain access to resources or systems without proper authorization?
Unauthorized access
What is Semiauthorized access?
Semiauthorized access refers to access granted to users or entities beyond their normal privileges or roles, often resulting from misconfigurations, vulnerabilities, or exploitation of access controls.
What term describes access granted to users beyond their normal privileges or roles?
Semiauthorized access
What is Shadow IT?
Shadow IT refers to the use of unauthorized or unapproved hardware, software, or services within an organization, often by individual employees or departments without oversight or IT approval.
What term describes the use of unauthorized or unapproved hardware, software, or services within an organization?
Shadow IT
What are Competitors?
Competitors are rival individuals, companies, or organizations operating in the same market or industry, who may engage in espionage, cyber attacks, or other tactics to gain competitive advantage.
What term describes rival individuals, companies, or organizations operating in the same market?
Competitors
What are Attributes of actors?
Attributes of actors refer to the characteristics or traits associated with individuals, groups, or entities involved in cyber threats or attacks, including their internal/external nature, sophistication, resources, and motivations.
What term describes the characteristics associated with individuals, groups, or entities involved in cyber threats?
Attributes of actors
What is Internal/external?
Internal/external refers to whether an actor operates from within the target organization or externally, often influencing their level of access, visibility, and potential impact.
What term describes whether an actor operates from within the target organization or externally?
Internal/external
What is Level of sophistication/capability?
Level of sophistication/capability refers to the technical expertise, skills, and resources possessed by threat actors, influencing their ability to carry out complex or advanced cyber attacks.
What term describes the technical expertise and resources possessed by threat actors?
Level of sophistication/capability
What are Resources/funding?
Resources/funding refers to the financial, technological, or human resources available to threat actors to conduct cyber attacks, influencing the scale, scope, and effectiveness of their operations.
What term describes the financial, technological, or human resources available to threat actors?
Resources/funding
What is Intent/motivation?
Intent/motivation refers to the goals, objectives, or reasons driving the actions of threat actors, such as financial gain, political ideology, espionage, sabotage, or revenge.
What term describes the goals or reasons driving the actions of threat actors?
Intent/motivation
What are Vectors?
Vectors refer to the different methods or pathways used by threat actors to launch cyber attacks or infiltrate target systems, including direct access, wireless, email, and social engineering.
What term describes the methods or pathways used by threat actors to launch cyber attacks?
Vectors
What is Direct access?
Direct access is a cyber attack vector where threat actors gain physical or remote access to a system, network, or device without intermediaries or additional steps.
What term describes gaining access to a system without intermediaries or additional steps?
Direct access
What is Wireless?
Wireless is a cyber attack vector that exploits vulnerabilities in wireless networks, devices, or protocols to gain unauthorized access, intercept data, or launch attacks.
What term describes exploiting vulnerabilities in wireless networks or devices to gain unauthorized access?
Wireless
What is Email?
Email is a cyber attack vector that involves the use of malicious emails or attachments to deliver malware, phishing scams, or other threats to individuals or organizations.
What term describes the use of malicious emails or attachments to deliver threats?
What is Supply chain?
Supply chain is a cyber attack vector where threat actors target third-party suppliers, vendors, or service providers to compromise the security of products, services, or infrastructure used by the target organization.
What term describes targeting third-party suppliers to compromise the security of products or services?
Supply chain
What is Social media?
Social media is a cyber attack vector where threat actors exploit social networking platforms or communication channels to spread misinformation, launch phishing attacks, or manipulate public opinion.
What term describes exploiting social networking platforms to spread misinformation or launch attacks?
Social media
What is Removable media?
Removable media is a cyber attack vector involving the use of USB drives, CDs, or other portable storage devices to introduce malware, steal data, or compromise systems when connected to computers or networks.
What term describes using USB drives or portable storage devices to introduce malware?
Removable media
What is Cloud?
Cloud is a cyber attack vector where threat actors target cloud computing platforms, services, or applications to exploit misconfigurations, vulnerabilities, or weak access controls, compromising data or resources.
What term describes targeting cloud computing platforms to exploit vulnerabilities or weak access controls?
Cloud
What are Threat intelligence sources?
Threat intelligence sources refer to the various repositories, databases, or platforms that provide information and insights about cyber threats, adversaries, vulnerabilities, and mitigation strategies.
What term describes repositories or platforms providing information about cyber threats and adversaries?
Threat intelligence sources
What is Opensource intelligence (OSINT)?
Opensource intelligence (OSINT) is publicly available information collected from open sources such as websites, social media, forums, or public records, used for threat analysis and intelligence gathering.
What term describes publicly available information collected from open sources for threat analysis?
Opensource intelligence (OSINT)
What is Closed/proprietary?
Closed/proprietary refers to threat intelligence sources that are restricted, confidential, or proprietary, typically available only to authorized users or subscribers.
What term describes restricted or confidential threat intelligence sources?
Closed/proprietary
What are Vulnerability databases?
Vulnerability databases are repositories of known vulnerabilities in software, hardware, or systems, providing information about weaknesses that can be exploited by threat actors.
What term describes repositories of known weaknesses in software, hardware, or systems?
Vulnerability databases
What are Public/private information-sharing centers?
Public/private information-sharing centers are organizations or platforms where stakeholders share information, intelligence, or insights about cyber threats, vulnerabilities, and incidents to improve collective defense.
What term describes organizations or platforms for sharing information about cyber threats and vulnerabilities?
Public/private information-sharing centers
What is Dark web?
Dark web is a part of the internet that is not indexed by search engines and is often used for illicit activities, including the buying and selling of stolen data, hacking tools, or other illegal goods and services.
What term describes the part of the internet used for illicit activities and not indexed by search engines?
Dark web
What are Indicators of compromise?
Indicators of compromise (IoCs) are signs or evidence indicating that a system or network has been breached or compromised, including unusual activities, behaviors, or artifacts left by attackers.
What term describes signs indicating that a system or network has been breached or compromised?
Indicators of compromise
What is Automated Indicator Sharing (AIS): Structured Threat Information eXpression (STIX)/Trusted Automated eXchange of Intelligence Information (TAXII)?
Automated Indicator Sharing (AIS): Structured Threat Information eXpression (STIX)/Trusted Automated eXchange of Intelligence Information (TAXII) is a standardized framework for exchanging threat intelligence, including IoCs, among security communities and organizations.
What term describes a standardized framework for exchanging threat intelligence, including IoCs, among security communities?
Automated Indicator Sharing (AIS): Structured Threat Information eXpression (STIX)/Trusted Automated eXchange of Intelligence Information (TAXII)
What is Predictive analysis?
Predictive analysis is the process of using data, statistical algorithms, and machine learning techniques to forecast future events or behaviors, such as identifying potential cyber threats or attacks.
What term describes using data and algorithms to forecast future events or behaviors, such as cyber threats?
Predictive analysis
What are Threat maps?
Threat maps are visual representations of cyber threats, attacks, or vulnerabilities, often displayed geographically or in real-time, to provide situational awareness and threat intelligence.
What term describes visual representations of cyber threats or attacks, often displayed geographically?
Threat maps
What are File/code repositories?
File/code repositories are platforms or databases used to store, manage, and share source code, scripts, or executable files, often targeted by threat actors for reconnaissance or exploitation.
What term describes platforms used to store and share source code or executable files?
File/code repositories
What are Research sources?
Research sources are academic journals, publications, or reports containing studies, analyses, or findings related to cybersecurity, threat intelligence, or emerging technologies.
What term describes academic journals or reports containing studies related to cybersecurity?
Research sources
What are Vendor websites?
Vendor websites are online platforms maintained by software or hardware vendors, providing information, updates, or patches for their products, often targeted by threat actors for vulnerabilities or exploits.
What term describes online platforms providing information or updates for software products?
Vendor websites
What are Vulnerability feeds?
Vulnerability feeds are subscription services or data streams delivering information about newly discovered vulnerabilities, patches, or security advisories to organizations or security tools.
What term describes services delivering information about newly discovered vulnerabilities?
Vulnerability feeds
What are Conferences?
Conferences are events, seminars, or summits where cybersecurity professionals, researchers, or experts gather to share knowledge, discuss trends, and present findings about cyber threats or defenses.
What term describes events where cybersecurity professionals gather to discuss trends and present findings?
Conferences
What are Academic journals?
Academic journals are scholarly publications containing research articles, studies, or analyses written by experts or researchers in the field of cybersecurity or related disciplines.
What term describes scholarly publications containing research articles written by experts in cybersecurity?
Academic journals
What are Request for comments (RFC)?
Request for comments (RFC) documents are publications containing technical specifications, standards, or proposals developed by Internet Engineering Task Force (IETF) working groups.
What term describes documents containing technical specifications developed by Internet Engineering Task Force (IETF)?
Request for comments (RFC)
What are Local industry groups?
Local industry groups are organizations or associations comprised of businesses, professionals, or experts within a specific geographic area or industry sector, often collaborating on cybersecurity initiatives or sharing threat intelligence.
What term describes organizations comprised of businesses collaborating on cybersecurity initiatives?
Local industry groups
What is Social media?
Social media is a cyber attack vector where threat actors exploit social networking platforms or communication channels to spread misinformation, launch phishing attacks, or manipulate public opinion.
What term describes exploiting social networking platforms to spread misinformation or launch attacks?
Social media
What are Threat feeds?
Threat feeds are data streams or services providing real-time information about cyber threats, vulnerabilities, or malicious activities, often used by security teams for threat detection and analysis.
What term describes services providing real-time information about cyber threats?
Threat feeds
What are Adversary tactics, techniques, and procedures (TTP)?
Adversary tactics, techniques, and procedures (TTP) refer to the methods, tools, and behaviors used by threat actors to achieve their objectives during cyber attacks, including reconnaissance, infiltration, and exploitation.
What term describes the methods or behaviors used by threat actors to achieve their objectives during cyber attacks?
Adversary tactics, techniques, and procedures (TTP)
