Chapter 1.5 - Threat Actors and Vectors Flashcards
Explain different threat actors, vectors, and intelligence sources
Advanced Persistent Threat (APT)
Attackers being in the network and undetected for a long while to get highly sensitive data
Insider Threats
A threat to an organization that comes from people within the organization, such as employees or former employees who have inside information concerning the organization’s security practices, data and computer systems
State Actors
People or groups who use their technology skills to facilitate hacking, sabotage, theft, misinformation and other operations on behalf of a country
Hacktivists
A hacker that has a purpose of social change or with a political agenda
Script Kiddies
An unsophisticated attacker who runs pre-made scripts without any knowledge of what’s really happening
Criminal Syndicates
Professional criminals doing organized crime motivated by money
Hackers
Person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle
Hackers (authorized)
An ethical hacker with good intentions and has permission to hack
Hackers (unauthorized)
A malicious hacker who violates security for personal gain
Hackers (semi-authorized)
A hacker who finds a vulnerability but doesn’t use it
Shadow IT
The use of IT-related hardware or software by a department or individual without the knowledge of the IT or security group within the organization
Competitors (Threat Actor)
A different organization having negative intents against your company by trying to take information or corrupt databases
Attributes of Actors
Internal/ external, level of sophistication/ capability, resources/ funding, intent/ motivation
Attack Vectors
A method used by the attacker to gain access or infect the target
Attack Vectors (Direct Access)
Physically accessing the data center and modifying the operating system
Examples: keylogger, transfer files, DoS, etc.
Attack Vectors (Wireless)
Modifying the access point of configuration
Examples: rogue access point, evil twin, etc.
Attack Vectors (Email)
Using an email to attack someone
Examples: phishing, delivery of malware, etc.
Attack Vectors (Social Media)
Putting personal information online and using it against the user
Examples: user profiling
Attack Vectors (Removable Media)
Using attacks to remove media from systems
Examples: USB, flash drive, data exfiltration
Attack Vectors (Cloud)
Using security misconfigurations against applications and services
Examples: Brute force, orchestration attacks, DoS
Open-source Intelligence (OSINT)
Researching threat using public open-source resources
Examples: Internet, government data, commercial data
Vulnerability Databases
Places where vulnerabilities can be researched
Examples: common vulnerabilities and exposures (CVE)
Public/ Private Information Sharing Centers
Provides a central resource for gathering information on cyber and related threats to critical infrastructure and providing two-way sharing of information between the private and public sectors
Dark Web
Overlay networks that use the Internet but require specific software, configurations, or authorization to access
Indicators of Compromise (IOC)
An event that indicates an intrusion
Examples: uncommon login patterns, unusual amount of connectivity
Automated Indicator Sharing (AIS)
A way for the intelligence industry to share important threat data or indicators
Structured Threat Information eXpression (STIX)
Describes cyber threat information
Examples: motivations, abilities, capabilities, etc.
Trusted Automated eXchange of Intelligence Information (TAXII)
Securely shares the STIX data over HTTPS
Predictive Analysis
Analyze a large amount of data, identify behaviors, and create a forecast for potential attacks
Threat Maps
A map created from real attack data to identify attacks and trends
File/ Code Repositories
Places to see code of what hackers are building and what people are accidentally releasing
Examples: GitHub
Threat Research
Seeking out potential risks and delivering insights to take action
Vendor Websites (research sources)
Them knowing when problems occur
Vulnerability Feeds (research sources)
Automated vulnerability notifications for when threats occur
Conferences (research sources)
A place to gathering information from other professionals about attacks
Academic Journals (research sources)
Research from academic professionals about security technologies
Request for Comments (RFC) (research sources)
Document that contains specifications and organizational notes about topics related to the internet and computer networking, such as routing, addressing and transport technologies
Local Industry Groups (research sources)
A gathering of local peers for shared industry and technology insights
Social Media (research sources)
Profiles with group conversations - professionals discussing details
Threat Feeds (research sources)
Monitoring threat announcements to stay informed
Examples: U.S. department of homeland security, etc.
Adversary Tactics, Techniques, and Procedures (TTP)
Describe the behaviors, strategies and methods used by attackers to develop and execute cyber attacks on enterprise networks