Chapter 1 Cybersecurity Fundamentals Definitions

Question 1

Threat

Answer 1

A threat is any potential danger to an asset. If a vulnerability exists but has not yet been exploited—or, more importantly, it is not yet publicly known—the threat is latent and not yet realized.

Question 2

Vulnerability

Answer 2

A vulnerability is a weakness in the system design, implementation, software, or code, or the lack of a mechanism. A specific vulnerability might manifest as anything from a weakness in system design to the implementation of an operational procedure.

Question 3

Vulnerabilities can be found in:

Answer 3

1. Applications
2. Operating systems
3. Hardware
4. Misconfiguration:
5. Shrinkwrap software

Question 4

Exploit

Answer 4

An exploit refers to a piece of software, a tool, a technique, or a process that takes advantage of a vulnerability that leads to access, privilege escalation, loss of integrity, or denial of service on a computer system.

Question 5

White hat hackers

Answer 5

These individuals perform ethical hacking to help secure companies and organizations.

Question 6

Black hat hackers

Answer 6

These individuals perform illegal activities, such as organized crime.

Question 7

Gray hat hackers

Answer 7

These individuals usually follow the law but sometimes venture over to the darker side of black hat hacking.

Question 8

Name five threat actors

Answer 8

Script kiddies: People who use existing “scripts” or tools to hack into computers and networks. They lack the expertise to write their own scripts.

Organized crime groups: Their main purpose is to steal information, scam people, and make money.

State sponsors and governments: These agents are interested in stealing data, including intellectual property and research-and-development data from major manufacturers, government agencies, and defense contractors.

Hacktivists: People who carry out cybersecurity attacks aimed at promoting a social or political cause.

Terrorist groups: These groups are motivated by political or religious beliefs.

Question 9

Threat intelligence

Answer 9

Threat intelligence is referred to as the knowledge about an existing or emerging threat to assets, including networks and systems. Threat intelligence includes context, mechanisms, indicators of compromise (IoCs), implications, and actionable advice.

Question 10

Structured Threat Information eXpression (STIX)

Answer 10

An express language designed for sharing of cyber-attack information. STIX details can contain data such as the IP addresses or domain names of command-and-control servers (often referred to C2 or CnC), malware hashes, and so on.

Question 11

Trusted Automated eXchange of Indicator Information (TAXII)

Answer 11

Trusted Automated eXchange of Indicator Information (TAXII): An open transport mechanism that standardizes the automated exchange of cyber-threat information.

Question 12

Cyber Observable eXpression (CybOX)

Answer 12

Cyber Observable eXpression (CybOX): A free standardized schema for specification, capture, characterization, and communication of events of stateful properties that are observable in the operational domain.

Question 13

Open Indicators of Compromise (OpenIOC)

Answer 13

Open Indicators of Compromise (OpenIOC): An open framework for sharing threat intelligence in a machine-digestible format.

Question 14

Open Command and Control (OpenC2)

Answer 14

Open Command and Control (OpenC2): A language for the command and control of cyber-defense technologies. OpenC2 Forum was a community of cybersecurity stakeholders that was facilitated by the U.S. National Security Agency.

Question 15

Name six ways viruses are transmitted.

Answer 15

Master boot record infection: This is the original method of attack. It works by attacking the master boot record of the hard drive.

BIOS infection: This could completely make the system inoperable or the device could hang before passing Power On Self-Test (POST).

File infection: This includes malware that relies on the user to execute the file. Extensions such as .com and .exe are usually used. Some form of social engineering is normally used to get the user to execute the program. Techniques include renaming the program or trying to mask the .exe extension and make it appear as a graphic (.jpg, .bmp, .png, .svg, and the like).

Macro infection: Macro viruses exploit scripting services installed on your computer. Manipulating and using macros in Microsoft Excel, Microsoft Word, and Microsoft PowerPoint documents have been very popular in the past.

Cluster: This type of virus can modify directory table entries so that it points a user or system process to the malware and not the actual program.

Multipartite: This style of virus can use more than one propagation method and targets both the boot sector and program files. One example is the NATAS (Satan spelled backward) virus.

Question 16

wrapper

Answer 16

A wrapper is a program used to combine two or more executables into a single packaged program. Wrappers are also referred to as binders, packagers, and EXE binders because they are the functional equivalent of binders for Windows Portable Executable files.

Question 17

Packers

Answer 17

Packers are similar to programs such as WinZip, Rar, and Tar because they compress files. However, whereas compression programs compress files to save space, packers do this to obfuscate the activity of the malware. The idea is to prevent anyone from viewing the malware’s code until it is placed in memory.

Question 18

Droppers

Answer 18

Droppers are software designed to install malware payloads on the victim’s system. Droppers try to avoid detection and evade security controls by using several methods to spread and install the malware payload.

Question 19

Crypters

Answer 19

Crypters function to encrypt or obscure the code. Some crypters obscure the contents of the Trojan by applying an encryption algorithm. Crypters can use anything from AES, RSA, to even Blowfish, or might use more basic obfuscation techniques such as XOR, Base64 encoding, or even ROT13.

Question 20

Name 11 Ransomeware Progrmas

Answer 20

1. WannaCry
2. Pyeta
3. Nyeta
4. Sodinokibi
5. Bad Rabbit
6. Grandcrab
7. SamSam
8. CryptoLocker
9. CryptoDefense
10. CryptoWall
11. Spora

Question 21

Ransomware

Answer 21

Ransomware can propagate like a worm or a virus but is designed to encrypt personal files on the victim’s hard drive until a ransom is paid to the attacker.

Question 22

PaaS

Answer 22

Platform as a Service (PaaS): PaaS provides everything except applications. Services provided by this model include all phases of the system development life cycle (SDLC) and can use application programming interfaces (APIs), website portals, or gateway software.

Question 23

SaaS

Answer 23

Software as a Service (SaaS): SaaS is designed to provide a complete packaged solution. The software is rented out to the user.

Question 24

IaaS

Answer 24

Infrastructure as a Service (IaaS): IaaS describes a cloud solution where you are renting infrastructure. You purchase virtual power to execute your software as needed. This is much like running a virtual server on your own equipment, except you are now running a virtual server on a virtual disk.

Question 25

Public cloud

Answer 25

Public cloud: Open for public use

Question 26

Private cloud

Answer 26

Private cloud: Used just by the client organization on the premises (on-prem) or at a dedicated area in a cloud provider

Question 27

Community cloud

Answer 27

Community cloud: Shared between several organizations

Question 28

Hybrid cloud

Answer 28

Hybrid cloud: Composed of two or more clouds (including on-prem services)