Chapter 1.5 - Threat Actors and Vectors

Question 1

Advanced Persistent Threat (APT)

Answer 1

Attackers being in the network and undetected for a long while to get highly sensitive data

Question 2

Insider Threats

Answer 2

A threat to an organization that comes from people within the organization, such as employees or former employees who have inside information concerning the organization’s security practices, data and computer systems

Question 3

State Actors

Answer 3

People or groups who use their technology skills to facilitate hacking, sabotage, theft, misinformation and other operations on behalf of a country

Question 4

Hacktivists

Answer 4

A hacker that has a purpose of social change or with a political agenda

Question 5

Script Kiddies

Answer 5

An unsophisticated attacker who runs pre-made scripts without any knowledge of what’s really happening

Question 6

Criminal Syndicates

Answer 6

Professional criminals doing organized crime motivated by money

Question 7

Hackers

Answer 7

Person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle

Question 8

Hackers (authorized)

Answer 8

An ethical hacker with good intentions and has permission to hack

Question 9

Hackers (unauthorized)

Answer 9

A malicious hacker who violates security for personal gain

Question 10

Hackers (semi-authorized)

Answer 10

A hacker who finds a vulnerability but doesn’t use it

Question 11

Shadow IT

Answer 11

The use of IT-related hardware or software by a department or individual without the knowledge of the IT or security group within the organization

Question 12

Competitors (Threat Actor)

Answer 12

A different organization having negative intents against your company by trying to take information or corrupt databases

Question 13

Attributes of Actors

Answer 13

Internal/ external, level of sophistication/ capability, resources/ funding, intent/ motivation

Question 14

Attack Vectors

Answer 14

A method used by the attacker to gain access or infect the target

Question 15

Attack Vectors (Direct Access)

Answer 15

Physically accessing the data center and modifying the operating system
Examples: keylogger, transfer files, DoS, etc.

Question 16

Attack Vectors (Wireless)

Answer 16

Modifying the access point of configuration
Examples: rogue access point, evil twin, etc.

Question 17

Attack Vectors (Email)

Answer 17

Using an email to attack someone
Examples: phishing, delivery of malware, etc.

Question 18

Attack Vectors (Social Media)

Answer 18

Putting personal information online and using it against the user
Examples: user profiling

Question 19

Attack Vectors (Removable Media)

Answer 19

Using attacks to remove media from systems
Examples: USB, flash drive, data exfiltration

Question 20

Attack Vectors (Cloud)

Answer 20

Using security misconfigurations against applications and services
Examples: Brute force, orchestration attacks, DoS

Question 21

Open-source Intelligence (OSINT)

Answer 21

Researching threat using public open-source resources
Examples: Internet, government data, commercial data

Question 22

Vulnerability Databases

Answer 22

Places where vulnerabilities can be researched
Examples: common vulnerabilities and exposures (CVE)

Question 23

Public/ Private Information Sharing Centers

Answer 23

Provides a central resource for gathering information on cyber and related threats to critical infrastructure and providing two-way sharing of information between the private and public sectors

Question 24

Dark Web

Answer 24

Overlay networks that use the Internet but require specific software, configurations, or authorization to access

Question 25

Indicators of Compromise (IOC)

Answer 25

An event that indicates an intrusion
Examples: uncommon login patterns, unusual amount of connectivity

Question 26

Automated Indicator Sharing (AIS)

Answer 26

A way for the intelligence industry to share important threat data or indicators

Question 27

Structured Threat Information eXpression (STIX)

Answer 27

Describes cyber threat information
Examples: motivations, abilities, capabilities, etc.

Question 28

Trusted Automated eXchange of Intelligence Information (TAXII)

Answer 28

Securely shares the STIX data over HTTPS

Question 29

Predictive Analysis

Answer 29

Analyze a large amount of data, identify behaviors, and create a forecast for potential attacks

Question 30

Threat Maps

Answer 30

A map created from real attack data to identify attacks and trends

Question 31

File/ Code Repositories

Answer 31

Places to see code of what hackers are building and what people are accidentally releasing
Examples: GitHub

Question 32

Threat Research

Answer 32

Seeking out potential risks and delivering insights to take action

Question 33

Vendor Websites (research sources)

Answer 33

Them knowing when problems occur

Question 34

Vulnerability Feeds (research sources)

Answer 34

Automated vulnerability notifications for when threats occur

Question 35

Conferences (research sources)

Answer 35

A place to gathering information from other professionals about attacks

Question 36

Academic Journals (research sources)

Answer 36

Research from academic professionals about security technologies

Question 37

Request for Comments (RFC) (research sources)

Answer 37

Document that contains specifications and organizational notes about topics related to the internet and computer networking, such as routing, addressing and transport technologies

Question 38

Local Industry Groups (research sources)

Answer 38

A gathering of local peers for shared industry and technology insights

Question 39

Social Media (research sources)

Answer 39

Profiles with group conversations - professionals discussing details

Question 40

Threat Feeds (research sources)

Answer 40

Monitoring threat announcements to stay informed
Examples: U.S. department of homeland security, etc.

Question 41

Adversary Tactics, Techniques, and Procedures (TTP)

Answer 41

Describe the behaviors, strategies and methods used by attackers to develop and execute cyber attacks on enterprise networks