2A: Explain Threat Actor Types and Attack Vectors Flashcards
Which of the following would be assessed by likelihood and impact: vulnerability, threat, or risk?
Risk
True or false? Nation-state actors primarily only pose a risk to another state’s government?
False—nation state actors have targeted commercial interests for theft, espionage, and extortion.
You receive an email with a screenshot showing a command prompt at one of your application servers. The email suggests you engage the hacker for a day’s consultancy to patch the vulnerability. How should you categorize this threat?
This is either gray hat (semi-authorized) hacking or black hat (non-authorized) hacking. If the request for compensation via consultancy is an extortion threat (if refused, the hacker sells the exploit on the dark web), then the motivation is purely financial gain and can be categorized as black hat. If the consultancy is refused and the hacker takes no further action, it can be classed as gray hat.
Which type of threat actor is primarily motivated by the desire for social change?
Hacktivist
Which three types of threat actor are most likely to have high levels of funding?
State actors, criminal syndicates, and competitors.
You are assisting with writing an attack surface assessment report for a small company. Review the headings below and determine which two potential attack vectors have been omitted:
Direct access, Email, Remote and wireless, Web and social media, Cloud.
Removable media and supply chain.
What is APT
advanced persistent threat
An attacker’s ability to obtain, maintain, and diversify access to network systems using exploits and malware.
What is an attack surface
ALL the points at which a network or application receives external connections or inputs/outputs that are potential vectors to be exploited by a threat actor.
What is an attack vector?
A specific path by which a threat actor gains unauthorized access to a system. Also referred to as a vector
What is a black hat?
A hacker operating with malicious intent.
What are criminal syndicates
A type of threat actor that uses hacking and computer fraud for commercial gain. Also referred to as organized crime.
what is a gray hat?
A hacker who analyzes networks without seeking authorization, but without overtly malicious intent.
What is a hacker?
Often used to refer to someone who breaks into computer systems or spreads viruses
Ethical Hackers prefer to think of themselves as experts on and explorers of computer security systems.
What is a hacktivist?
A threat actor that is motivated by a social issue or political cause.
What is an insider threat?
A threat actor who has assigned privileges on the system that cause an intentional or unintentional incident.
What is an intentional threat?
threat actor with malicious purpose
What is a script kiddie?
An inexperienced, unskilled attacker that typically uses tools or scripts created by others.
What is shadow IT?
Computer hardware, software, or services used on a private network without authorization from the system owner.
What is a state actor?
A type of threat actor that is supported by the resources of its host country’s military and security services. Also referred to as a nation state actor.
what is a supply chain attack?
An attack that targets the end-to-end process of manufacturing, distributing, and handling goods and services.
what is a threat?
The potential for an entity to exploit a vulnerability/to breach security
what is a threat actor?
The person or entity responsible for an event that has been identified as a security incident or as a risk.
what is an unintentional threat?
A threat actor that causes a vulnerability or exposes an attack vector without malicious intent.
what is a vulnerability?
A weakness that could be triggered accidentally or exploited intentionally to cause a security breach.
`
What is risk?
is the likelihood and impact (or consequence) of a threat actor exploiting a vulnerability
what is a white hat?
A hacker engaged in authorized penetration testing or other security consultancy.
what is an external threat?
one that has no account or authorized access to the target system
what is capability?
a threat actor’s ability to craft novel exploit techniques and tools
what is the difference in intent and motive>
Intent = goal of the attack (vandalize, disrupt, steal info)
motive = reason for attack (greed, curiosity, grievance)
Name examples of hacktivists
Anonymous, Wikileaks, LulzSec
Name some attack vectors
Direct Access
Removable Media
Email
Remote / wireless
supply chain
web and social media
clous
