Chapter 1 Cybersecurity Fundamentals Definitions Flashcards
Threat
A threat is any potential danger to an asset. If a vulnerability exists but has not yet been exploited—or, more importantly, it is not yet publicly known—the threat is latent and not yet realized.
Vulnerability
A vulnerability is a weakness in the system design, implementation, software, or code, or the lack of a mechanism. A specific vulnerability might manifest as anything from a weakness in system design to the implementation of an operational procedure.
Vulnerabilities can be found in:
- Applications
- Operating systems
- Hardware
- Misconfiguration:
- Shrinkwrap software
Exploit
An exploit refers to a piece of software, a tool, a technique, or a process that takes advantage of a vulnerability that leads to access, privilege escalation, loss of integrity, or denial of service on a computer system.
White hat hackers
These individuals perform ethical hacking to help secure companies and organizations.
Black hat hackers
These individuals perform illegal activities, such as organized crime.
Gray hat hackers
These individuals usually follow the law but sometimes venture over to the darker side of black hat hacking.
Name five threat actors
Script kiddies: People who use existing “scripts” or tools to hack into computers and networks. They lack the expertise to write their own scripts.
Organized crime groups: Their main purpose is to steal information, scam people, and make money.
State sponsors and governments: These agents are interested in stealing data, including intellectual property and research-and-development data from major manufacturers, government agencies, and defense contractors.
Hacktivists: People who carry out cybersecurity attacks aimed at promoting a social or political cause.
Terrorist groups: These groups are motivated by political or religious beliefs.
Threat intelligence
Threat intelligence is referred to as the knowledge about an existing or emerging threat to assets, including networks and systems. Threat intelligence includes context, mechanisms, indicators of compromise (IoCs), implications, and actionable advice.
Structured Threat Information eXpression (STIX)
An express language designed for sharing of cyber-attack information. STIX details can contain data such as the IP addresses or domain names of command-and-control servers (often referred to C2 or CnC), malware hashes, and so on.
Trusted Automated eXchange of Indicator Information (TAXII)
Trusted Automated eXchange of Indicator Information (TAXII): An open transport mechanism that standardizes the automated exchange of cyber-threat information.
Cyber Observable eXpression (CybOX)
Cyber Observable eXpression (CybOX): A free standardized schema for specification, capture, characterization, and communication of events of stateful properties that are observable in the operational domain.
Open Indicators of Compromise (OpenIOC)
Open Indicators of Compromise (OpenIOC): An open framework for sharing threat intelligence in a machine-digestible format.
Open Command and Control (OpenC2)
Open Command and Control (OpenC2): A language for the command and control of cyber-defense technologies. OpenC2 Forum was a community of cybersecurity stakeholders that was facilitated by the U.S. National Security Agency.
Name six ways viruses are transmitted.
Master boot record infection: This is the original method of attack. It works by attacking the master boot record of the hard drive.
BIOS infection: This could completely make the system inoperable or the device could hang before passing Power On Self-Test (POST).
File infection: This includes malware that relies on the user to execute the file. Extensions such as .com and .exe are usually used. Some form of social engineering is normally used to get the user to execute the program. Techniques include renaming the program or trying to mask the .exe extension and make it appear as a graphic (.jpg, .bmp, .png, .svg, and the like).
Macro infection: Macro viruses exploit scripting services installed on your computer. Manipulating and using macros in Microsoft Excel, Microsoft Word, and Microsoft PowerPoint documents have been very popular in the past.
Cluster: This type of virus can modify directory table entries so that it points a user or system process to the malware and not the actual program.
Multipartite: This style of virus can use more than one propagation method and targets both the boot sector and program files. One example is the NATAS (Satan spelled backward) virus.