1.5 Threat actors, vectors and intelligence sources Flashcards
What is a threat
It refers to any possible malicious attack that seeks to unlawfully access data, disrupt digital operations or damage information
What is an APT?
Adavanced Persistent Threat: hacker uses continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period of time
Who are the threat actors?
- Insiders: someone within the organization that already have access to the network (eg an employee)
- Nation States: government so they their attacks are highly sophisticated (important ressources)
- Hackivist: hacker with purpose (social change/political), their attacks can be very sophisticated and targeted
- Script kiddies: run pre-made script without any knowledge, their attacks are not very sophisticated and they usually just trying ti gain access
- Organized crime: professional criminals (motivated by money), very sophisticated attacks due to important ressources
- Hackers: experts w/ technology, can be ethical, malicious or semi -authorized hackers
- Shadow IT: the use of information technology systems, devices, software, applications, and services without explicit IT department approval
- Competitors: different motivation (DoS, espionage, harm reputation), high level of sophistication
What is attack vectors?
Method that the attacker would use to gain access or infect the target. It takes a lot of work to find a vulnerability and IT security professional spend their career watching these vectors (patch etc)
What are the different attack vectors?
- Direct access: physical access to a system (data center, attach a keylogger to collect credentials, unplug power cable etc)
- Wireless: default login credentials used, rogue access point, evil twin
- Email: phishing attacks, social engineering attack
- Supply Chain: gain access to a network using a vendor
- Social media: gather information on someone using social media
- Removable media: use of infected USB for malware, keylogger, data exfiltration
- Cloud: security misconfiguration, bruteforce attack
What is threat intelligence?
Evidence-based information about cyber attacks that cyber security experts organize and analyze. This information may include: Mechanisms of an attack. A good source can be OSINT (publicly available info), vulnerability data base (CVE), NIST etc.
What are the different type of threat intelligence?
- Strategic
- Tactical: understanding the tactics, techniques and procedureused by the hackers
- Technical
- Operational
What is threat research ?
A group of cybersecurity experts dedicated to proactively seeking out potential risks and delivering related insights to their broader security team to take action on.