2.0 Threats, Vulnerabilities, and Mitigations Flashcards
A person or entity responsible for an event that has been identified as a security incident or as a risk.
Threat actor
The degree of access that a threat actor possesses before initiating an attack. An external threat actor has no standing privileges, while an internal actor has been granted some access permissions.
Internal/external
A formal classification of the resources and expertise available to a threat actor.
Level of sophistication/capability
Resources/funding
The ability of threat actors to draw upon funding to acquire personnel, tools, and development of novel attack types.
A type of attack that compromises the availability of an asset or business process.
Service disruption
The process by which an attacker copies data from a private network to an external network.
Data exfiltration
A type of attack that falsifies an information resource that is normally trusted by others.
Disinformation
Demanding payment to prevent the release of information.
Blackmail
Demanding payment to prevent or halt some type of attack.
Extortion
Falsifying records, such as an internal fraud that involves tampering with accounts.
Fraud
Often used to refer to someone who breaks into computer systems or spreads viruses. Ethical hackers prefer to think of themselves as experts on and explorers of computer security systems.
Hacker
A hacker operating with malicious intent.
Unauthorized hacker
A hacker engaged in authorized penetration testing or other security consultancy.
Authorized hacker
An inexperienced attacker that typically uses tools or scripts created by others.
Unskilled attacker/script kiddie
A threat actor that is motivated by a social issue or political cause.
Hacktivist
An attacker’s ability to obtain, maintain, and diversify access to network systems using exploits and malware.
Advanced persistent threat (APT)
A type of threat actor that is supported by the resources of its host country’s military and security services.
Nation-state actors
A type of threat actor that uses hacking and computer fraud for commercial gain.
Organized crime
A type of threat actor who is assigned privileges on the system that cause an intentional or unintentional incident.
Internal threat
A threat actor that causes a vulnerability or exposes an attack vector without malicious intent.
Unintentional or inadvertent insider threat
Computer hardware, software, or services used on a private network without authorization from the system owner.
Shadow IT
The end-to-end process of supplying, manufacturing, distributing, and finally releasing goods and services to a customer.
Supply chain
Weakness in an application or OS that could be triggered accidentally or exploited intentionally to cause a security breach.
Vulnerable software
An attack type that will entice a victim into using or opening a removable device, document, image, or program that conceals malware.
Lure
Configuration that exposes a large attack surface, such as through unnecessary open service ports, weak or no authentication, use of default credentials, or lack of secure communications/encryption.
Unsecure network
Product life cycle phase where mainstream vendor support is no longer available.
Unsupported systems
A social engineering tactic where a team communicates, whether directly or indirectly, a lie or half-truth in order to get someone to believe a falsehood.
Pretexting
An activity where the goal is to use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines.
Social engineering
A social engineering attack where an attacker pretends to be someone they are not.
Impersonation
An email-based social engineering attack in which the attacker sends email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim.
Phishing
A human-based attack where the attacker extracts information while speaking over the phone or leveraging IP-based voice messaging services (VoIP).
Vishing
A form of phishing that uses SMS text messages to trick a victim into revealing information.
Smishing
An impersonation attack in which the attacker gains control of an employee’s account and uses it to convince other employees to perform fraudulent actions.
Business email compromise
An attack in which an attacker registers a domain name with a common misspelling of an existing domain, so that a user who misspells a URL in a browser is taken to the attacker’s website.
Typosquatting
A type of attack that redirects users from a legitimate website to a malicious one.
Pharming
An attack in which an attacker targets specific groups or organizations, discovers which websites they frequent, and injects malicious code into those sites.
Watering hole attack
Software that serves a malicious purpose, typically installed without the user’s consent (or knowledge).
Malware
A malicious software program hidden within an innocuous-seeming piece of software.
Trojan
Software that cannot definitively be classed as malicious, but may not have been chosen or wanted by the user.
Potentially unwanted programs (PUPs)/potentially unwanted applications (PUAs)
Malicious code inserted into an executable file image. The malicious code is executed when the file is run and can deliver a payload, such as attempting to infect other files.
Virus
A process executed without proper authorization from the system owner for the purpose of damaging or compromising the system.
Malicious process
A type of malware that replicates between processes in system memory and can spread over client/server network connections.
Worm
A lightweight block of malicious code that exploits a software vulnerability to gain initial access to a victim system.
Shellcode
An attacker’s ability to obtain, maintain, and diversify access to network systems using exploits and malware.
Advanced persistent threat (APT)
Software that records information about a PC and its user. ______ is used to describe software that the user has acknowledged can record information about their habits.
Adware
Malicious software or hardware that can record user keystrokes.
Keylogger
A mechanism for gaining access to a computer that bypasses or subverts the normal method of authentication.
Backdoor
Software that records information about a PC and its users, often installed without the user’s consent.
Spyware
Malware that creates a backdoor remote administration channel to allow a threat actor to access and control the infected host.
Remote access Trojan (RAT)
A group of hosts or devices that has been infected by a control program called a bot, which enables attackers to exploit the hosts to mount attacks.
Botnet
A type of attack that subverts network security systems and policies to transfer data without authorization or detection.
Covert channel
Command and control (C2 or C&C)
Infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets.
A group communications protocol that enables users to chat, send private messages, and share files.
Internet Relay Chat (IRC)
Class of malware that modifies system files, often at the kernel level, to conceal its presence.
Rootkit
Malware that tries to extort money from the victim by blocking normal operation of a computer and/or encrypting the victim’s files and demanding payment.
Ransomware
Malware that hijacks computer resources to create cryptocurrency.
Crypto-mining
A malicious program or script that is set to run under particular circumstances or in response to a defined event.
Logic bomb
