Chapter 02: Cyber Security Landscape Flashcards
These are the hackers who act with authorization and seek to discover security vulnerabilities with the intent of correcting them.
White-hat hackers
These are the hackers who act with malicious intent. They seek to defeat security controls and compromise the confidentiality, availability, and integrity of information and systems for their own, unauthorized purposes.
Black hat hackers
These are the hackers who act without proper authorization, but they do so with intent of informing their targets of any security vulnerabilities.
Grey-hat hackers
______ are often such attackers who rely almost entirely on automated tools they download from the internet. These type of attackers often have little knowledge of how their attacks actually work.
Script Kiddies
______ use hacking techniques to accomplish some activist goal.
Hacktivists
What type of threat actor fits under this category:
“They might deface the website of a company whose policies they disagree with.”
Hacktivists
What type of threat actor is anonymous.
Hacktivists
What type of threat actor is a teenager, who has no knowledge of hacking, attempting to hack the school network?
Script Kiddie
What is the motive for Crime Syndicates?
Illegal financial gain
__________, including ransomware, data compromise, distributed denial of service attacks, website defacement, and attacks against critical infrastructure. This is also a cyber crime category.
Cyber-dependent crime
_____, including child pornography, abuse and solicitation. This is also a cybercrime category.
Child Sexual exploitation
_____, includes credit card fraud and business email compromise. This is also a cybercrime category.
Payment Fraud
_______ includes the sale of illegal goods and services. This is also a cybercrime category.
Dark web activity
_______ support, includes facilitating the actions of terrorist groups online. This is also a cybercrime category.
Terrorism
______, includes social engineering, money mules, and the criminal abuse of cryptocurrencies. This is also a cybercrime category.
Cross-cutting crime factors
Organized crime tends to have attackers who range from ____ skilled to highly skilled.
moderately
______ use advanced techniques, are persistent, and are often emblematic of nation-state attacks.
APT
Stuxnet is an example of a(n) ______ attack.
APT
______ occur when an employee, contractor, vendor, or other individual with authorized access to information and systems that access to wage an attack against the organization.
Insider Attacks
Which is an effective tool for helping to mitigate insider attacks?
Behavioral assessments
A phenomenon where individuals and groups seek out their own technology solutions is known as _________.
Shadow IT
What dangers do competitors encompass?
- Competitors may engage in corporate espionage designed to steal sensitive information from the organization.
- Competitors may attempt to use a disgruntled insider to get information.
- Competitors may purchase information from dark web.
What type of threat assessment should be conducted periodically to determine what types of threat actors are most likely to target your organization and why.
Organizational Threat Assessments
Which type of threat vector is commonly exploited with with phishing messages and spam messages.
a.) Email and Social Media
b.) Direct Access
c.) Wireless Networks
d.) Removable Media
e.) Cloud
f.) Third Party Risks
a.) Email and Social Media
Which type of threat vector is exploited by attackers walking into public areas such as lobby’s, customer store, or other locations and accessing the network through the wall jacks.
a.) Email and Social Media
b.) Direct Access
c.) Wireless Networks
d.) Removable Media
e.) Cloud
f.) Third Party Risks
b.) Direct Access
Which type of threat vector is exploited by attackers gaining physical access to unsecured computer terminal, network device, or other system.
a.) Email and Social Media
b.) Direct Access
c.) Wireless Networks
d.) Removable Media
e.) Cloud
f.) Third Party Risks
b.) Direct Access
Which threat vector is exploited through sitting out in the parking lot and the attacker accessing the network without any hardwire connections.
a.) Email and Social Media
b.) Direct Access
c.) Wireless Networks
d.) Removable Media
e.) Cloud
f.) Third Party Risks
c.) Wireless Networks
Which threat vector is exploited by attackers using USB drives to spread their malware.
a.) Email and Social Media
b.) Direct Access
c.) Wireless Networks
d.) Removable Media
e.) Cloud
f.) Third Party Risks
d.) Removable Media
Which type of threat vector is where attackers routinely scan popular services for files with improper access controls, systems that have security flaws, or accidentally published API keys and passwords.
a.) Email and Social Media
b.) Direct Access
c.) Wireless Networks
d.) Removable Media
e.) Cloud
f.) Third Party Risks
e.) Cloud
Which type of threat vector is where an attacker may interfere with an organization’s IT supply chain. For example, gaining access to devices at the manufacturer.
a.) Email and Social Media
b.) Direct Access
c.) Wireless Networks
d.) Removable Media
e.) Cloud
f.) Third Party Risks
f.) Third Party Risks
________ is the set of activities and resources available to cybersecurity professionals seeking to learn about changes in the threat environment.
Threat Intelligence
Threat intelligence info can also be used for ______ to identify likely risks to the organization.
Predictive Analysis
______ often include info about threats, such as IP addresses, hostnames, domains, email addresses, URLs, file hashes, file paths, CVE numbers, and other details about a threat.
Threat Feeds
Threat intelligence sources may provide, ________. These are the telltale signs that an attack has taken place and may include file signatures, log patterns, and other evidence left behind by attackers.
Indicators of compromise (IoC)
________ is threat intelligence that is acquired from publicly available sources.
Open Source Intelligence
Commercial security vendors, government organizations, and other security-centric organizations also create and make use of ________. They do their own information gathering and research, and they may use custom tools, analysis models, or other methods to gather, curate, and maintain their threat feeds.
Closed Source intelligence
_____ provide a geographic view of threat intelligence.
Threat maps
Name a motivation for not choosing closed-source intelligence over open-source intelligence?
- Organizations may want to keep their threat data secret.
- Organizations may want to sell or license their threat data.
- Organizations may not want to take the chance of threat actors knowing about the data they are gathering.
________ allow organizations to filter and use threat intelligence based on how much trust they can give it.
Confidence Scores
_____ is an XML language originally sponsored by the US Department of Homeland Security. It is a language and serialization format used for exchange cyber threat intelligence.
Structured Threat Information eXpression (STIX)
Since STIX creation, what party maintains it.
Organization for the Advancement of Structured Information Standards (OASIS), which is an international nonprofit consortium that maintains other projects related to information formatting, including XML and HTML.
____ is intended to allow cyber threat information to be communicated at the application layer via HTTPS.
TAXII (Trusted Automated eXchange of Indicator Information protocol)
True or False: TAXII is specifically designed to support STIX.
True
Like STIX, _____ is an XML-based framework. It was developed by Mandiant and uses Mandiant’s indicators for its base framework.
OpenIOC
OpenIOC stands for
Open Indicators of Compromise
TAXII is short for.
Trusted Automated eXchange of Indicator Information.
In the United States, organizations known as _______ help infrastructure owners and operators share threat information and provide tools and assistance to their members.
ISACs
ISACs is short for.
Information Sharing and Analysis Centers
