Basics 101

Question 1

Who are the threat actors? (7)

Answer 1

1. Insider Threats (employees, vendors, and other generally trusted individuals)
2. Hackers
3. Cyber-criminals
4. Foreign governments and intelligent agencies
5. Terrorists
6. Organized crimes
7. Hacktivism Groups (e.g., Anonymous)

Question 2

What are the Threat Actors after?

Answer 2

Threat actors want your data and secrets, and/or to blackmail/extort money from you. This data includes:

1. Usernames and passwords
2. Sensitive company documents
3. Protected Health document
4. Credit card and banking/ financial information
5. Export controlled technologies
6. Intellectual properties and sensitive technological documents
7. Personal identifying information
8. Contact lists
9. Confidential emails

Question 3

According to the Ponemon Institute study: (3 stats)

Answer 3

1. 37% of data breaches globally were Structured Threats (malicious or criminal attacks)
2. 35% were caused by “human factor” (e.g., negligent employee or contractor)
3. 29% caused by glitches that include both IT and business process failures

Question 4

There are many methods that threat actors use to gain unauthorized access to systems. These methods include: (8)

Answer 4

1. Malware/Viruses
2. Social Engineering (talking, convincing or tricking someone trusted to give a threat actor access to a system over the phone, via email, in person, or through other means)
3. Phishing or Spear Phishing (sending emails that look legitimate but have malicious links or attachments)
4. Unpatched, outdated or vulnerable systems and software
5. Baiting (removable media like USB drives)
6. Use of weak or default passwords
7. Cross Site Scripting attacks
8. Stolen logon credentials

Question 5

Leaders in system compromises from outside sources is ________.

Answer 5

Social engineering

Question 6

How do most data breaches start?

Answer 6

Getting a user to click on a Phishing email or give out credentials over the phone or email is how most data breaches start

Question 7

Reconnaissance

Answer 7

• Threat actors research (sometimes in great depth) individuals and companies with whom they are planning to target.
• They utilize a multitude of techniques, including gathering data from social media and other publicly available sources (known as Open Source Intelligence or OSINT), interviewing ex/disgruntled employees and other clandestine methods

Question 8

Intrusion/Delivery

Answer 8

Threat actors gain access to the network via vulnerable systems, social engineering, phishing, baiting, malware, watering hole or other techniques to gain access to systems at the targeted location

Question 9

Exploitation/Obtaining Credentials:

Answer 9

Once inside a network, threat actors will try and obtain user credentials, focusing on the “domain administrator” or “root” level access.

Question 10

Pivoting/Lateral Movement

Answer 10

Once inside, threat actors may try to move laterally within the network to install as many “back doors” as possible for future and continued exploitation.

Question 11

Installation

Answer 11

Threat actors may install a multitude of malignant utilities to conduct system administration duties, steal passwords, take screenshots, steal email and infect/control other systems

Question 12

Data Exfiltration/Manipulation

Answer 12

• Threat actors will obtain emails, documents, databases, files, etc. from victims servers and workstations, and encrypt and send that data to other malicious servers on the Internet.
• In addition, some attackers can encrypt and destroy your data, holding it “hostage” until a ransom is paid to de-crypt it and make it useable again.

Question 13

Maintaining Persistence:

Answer 13

Once threat actors gain access to a network (which sometimes takes a very long time and a considerable amount of effort) they go through extreme lengths to maintain that access by installing additional or updated tools, unknown malware programs, adding additional unknown system accounts, etc. This is also known as Advanced Persistent Threats (APT).

Question 14

Boards and management need to consider:

Answer 14

1. The organizational structure and reporting arrangements for cyber security operations
2. The experience and expertise of the chief information security officer (CISO), and the need to balance industry knowledge against “street smarts” as they pertain to cyber issues
3. Safeguarding data in a networked environment, which may encompass cloud data storage and the provision of services via the cloud.
4. Creating a culture that is both security-conscious and aware of financial and reputational consequences of data breaches

Question 15

PLA Unit 61398

Answer 15

• PLA Unit 61398 as one of the world’s most prodigious cyber hackers
• The Shanghai hackers had been responsible for at least 141 successful cyber intrusions in 20 major industrial sectors

Question 16

Typical Chinese hack

Answer 16

1. Starts off with a spear-phishing email targeting company’s employees.
2. If one employee clicked the email’s attachment, the computer would download a webpage crammed with malware, including “Remote Access Trojan” known as a RAT.

Question 17

What does RAT allow intruders to do?

Answer 17

Remote Access Trojan (RAT) allows intruder to roam the network, acquire the privileges of a system administrator and extract all the data he wanted

Question 18

Crackers

Answer 18

People who hack into computer systems or networks with malevolent intent

Question 19

Do all states have the same computer crime laws?

Answer 19

Not all states have the same computer crime laws; most address unauthorized access or computer trespass

Question 20

What are viruses?

Answer 20

A set of computer instructions that are designed to modify, damage, destry, record or transmit information within a computer system or network without permission of the owner

Question 21

How does cybersecurity affects a company’s bottom line?

Answer 21

1. Can drive up costs and affect revenue
2. Can harm an organization’s ability to innovate and to gain and maintain customers
3. Important component of an organization’s overall risk management

Question 22

Risk tolerance

Answer 22

Level of risk for achieving their organizational objectives

Question 23

Socially engineered malware

Answer 23

• End-user is tricked into running a Trojan horse program, often from a website they trust and visit often. Website tells user to install some new piece of software to access the website
• Responsible for hundreds of millions of successful hacks each year

Question 24

Socially engineered malware Countermeasure

Answer 24

1) end-user education that covers today’s threats

2) Enterprise prohibiting users to surf the web or answer email using elevated credentials 3) up-to-date malware program

Question 25

Password phishing attacks

Answer 25

Phishing attacks looking to trick users out of their logon credentials

Question 26

Password phishing attacks countermeasure

Answer 26

Have logons that can’t be given away; two-factor authentication (2FA), smartcards, biometrics, and other out-of-the-band authentication methods

Question 27

Unpatched software

Answer 27

Most common are browser add-in programs like Adobe Reader and other programs people often use to make surfing the web easier

Question 28

Social media threats

Answer 28

Usually arrive as a rogue friend or application install request; if accepted, giving up way more access to your social media account

Question 29

Social media threats countermeasure

Answer 29

1) End-user education about social media threats
2) Make sure users know not to share their corporate passwords with any other foreign websites 3) Make sure all social media users know how to report a hijacked social media account

Question 30

Advanced persistent threats

Answer 30

• Uses socially engineered Trojans or phishing attacks; major corporations usually faces this
• APT attackers send a specific phishing campaign to multiple employee email addresses; with just one employee tricked into running it, APT attackers can compromise an entire enterprise in a matter of hours

Question 31

Advanced persistent threats countermeasures

Answer 31

• Track network flows and get a good handle of what traffic should go from where to where
• An APT will mess up and attempt to copy large amount of data from a server to some other computer where that server does not normally communicate. When they do, you can catch them

Question 32

Cyberspace is:

Answer 32

1. Logical but physical
2. Usually used, owned and controlled predominantly by the private sector
3. Tactically fast but operationally slow
4. A domain in which the offense generally dominates the defense
5. Fraught with uncertainty