Ch 5 Threat Actors, Vectors, & Intelligence Sources Flashcards
1
Q
Advanced Persistent Threats (APTs) Attack
A
- Characterized by using toolkits to achieve a presence on a target network, and instead of just moving to steal information, focusing on the long game by maintaining a persistent presence on the network.
2
Q
Insider Threats
A
- Insiders may already have all the access they need to perpetrate criminal activity such as fraud.
3
Q
State Actors
A
- Employed by the government to compromise or gain access to the intelligence data of targeted governments.
- Often carryout APT attacks.
4
Q
Hacktivists
A
Hackers working together for a collectivists effort, typically on behalf of some cause.
5
Q
Script Kiddies
A
- Individuals who do not have the technical expertise to develop scripts or discover new vulnerabilities in software.
6
Q
Hackers
A
- Anyone who improperly uses computers, including criminals.
- Current categories of Hackers include authorized, unauthorized, and semi-authorized.
6
Q
Criminal Syndicates
A
- Organized crime groups that have more money to spend on accomplishing the criminal activity.
- These groups usually fall into the structured threat category.
7
Q
Authorized Hackers
A
- “White Hat” hackers serving as consultants chasing vulnerabilities or performing penetration tests.
- Uses the same tools as a regular hacker but doing so with permissions so that a firm can learn its weakness and fix them.
8
Q
Unauthorized Hackers
A
- Considered to be “Black Hat” hackers act in an unauthorized manner and violate laws causing risk to systems.
9
Q
Semi-authorized Hackers
A
- “Gray Hat” hackers may perform the same actions as a “White Hat” hacker and “Black Hat” hacker.
10
Q
Shadow IT
A
- Groups perform that perform their own IT functions, when central IT does not respond in a reasonable time frame.
- Because it is outside the control of central IT, the IT systems are not in the same realm of protection.
11
Q
Competitors
A
- Other businesses that attack other firms IT processes.
12
Q
Attributes of Actors - Internal/External
A
- Internal actors have access to the system where as external actors have to take extra steps.
13
Q
Attributes of Actors - Resources/Funding
A
- Criminal organizations and nation-states have larger budgets, bigger teams, and the ability to pursue campaigns for longer periods of time.
13
Q
Attributes of Actors - Level of Sophistication/Capability
A
- As the skill level goes up, so too does the use of minimal methods.
14
Q
Attributes of Actors - Intent/Motivation
A
- A more skilled threat actor is usually pursuing a specific objective.
15
Q
Attributes of Actors - Vectors
A
- The attacker has direct access to the system.
- Only give the necessary permissions and blocking all others.
- All outside input is treated as dangerous until proven otherwise.
16
Q
Wireless
A
- Through wireless, the attacker no longer needs have direct physical access to the network.
17
Q
Supply Chain
A
- An attacker finds a means by which they can get their attack code into the supply chain for a product or an update.
- Cannot be stopped just by policy and contracts.
17
Q
A
- One of the preferred vectors for social engineering attacks.
- Users may click on links or open the attachments delivers the payload.
18
Q
Social Media
A
- Connects an attacker directly to a user.
- Many of the usual security checks normally used are not present.
19
Q
Removable Media
A
- Typically in the form of USBs.
- An attacker takes a USB storage device and puts the attacking module on it so that it can be executed.
20
Q
Cloud
A
- Cloud servers and storage can be considered attack vectors if your cloud agreement does not include antivirus protections on files.
21
Q
Threat Intelligence Sources
A
- The gathering of information from a variety of sources which can include open source to proprietary of specialized sources.
22
Q
A
