1.5 Threat actors, vectors and intelligence sources Flashcards

1
Q

What is a threat

A

It refers to any possible malicious attack that seeks to unlawfully access data, disrupt digital operations or damage information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is an APT?

A

Adavanced Persistent Threat: hacker uses continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period of time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Who are the threat actors?

A
  • Insiders: someone within the organization that already have access to the network (eg an employee)
  • Nation States: government so they their attacks are highly sophisticated (important ressources)
  • Hackivist: hacker with purpose (social change/political), their attacks can be very sophisticated and targeted
  • Script kiddies: run pre-made script without any knowledge, their attacks are not very sophisticated and they usually just trying ti gain access
  • Organized crime: professional criminals (motivated by money), very sophisticated attacks due to important ressources
  • Hackers: experts w/ technology, can be ethical, malicious or semi -authorized hackers
  • Shadow IT: the use of information technology systems, devices, software, applications, and services without explicit IT department approval
  • Competitors: different motivation (DoS, espionage, harm reputation), high level of sophistication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is attack vectors?

A

Method that the attacker would use to gain access or infect the target. It takes a lot of work to find a vulnerability and IT security professional spend their career watching these vectors (patch etc)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the different attack vectors?

A
  • Direct access: physical access to a system (data center, attach a keylogger to collect credentials, unplug power cable etc)
  • Wireless: default login credentials used, rogue access point, evil twin
  • Email: phishing attacks, social engineering attack
  • Supply Chain: gain access to a network using a vendor
  • Social media: gather information on someone using social media
  • Removable media: use of infected USB for malware, keylogger, data exfiltration
  • Cloud: security misconfiguration, bruteforce attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is threat intelligence?

A

Evidence-based information about cyber attacks that cyber security experts organize and analyze. This information may include: Mechanisms of an attack. A good source can be OSINT (publicly available info), vulnerability data base (CVE), NIST etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the different type of threat intelligence?

A
  • Strategic
  • Tactical: understanding the tactics, techniques and procedureused by the hackers
  • Technical
  • Operational
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is threat research ?

A

A group of cybersecurity experts dedicated to proactively seeking out potential risks and delivering related insights to their broader security team to take action on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly