Chapter 5 Threat Actors, Vectors, and Intelligence Sources

Question 1

What is an Advanced Persistent Threat (APT)?

Answer 1

An APT attack is characterized by using toolkits to achieve a presence on a target network and then, instead of just moving to steal information, focusing on maintain a presence on the target network

Question 2

What is an Insider threat?

Answer 2

Employees who have access to internal networks that choose to wreak havoc on their employers systems

Question 3

What are State Actors?

Answer 3

Employed by governments to compromise or gain access to the intelligence data of targeted governments

Question 4

What are Hacktivists?

Answer 4

When hackers work together for a collective effort, typically on behalf of some cause

Question 5

What is a Script kiddie?

Answer 5

Individuals who do not have the technical expertise to develop scripts or discover new vulnerabilities in software, but have enough know how to download and run scripts

Question 6

What is a criminal syndicate?

Answer 6

Criminal groups that work together in order to steal large sums of money via the internet

Question 7

What is Shadow IT?

Answer 7

Parts of an organization that perform their own IT functions

Question 8

What are Vectors?

Answer 8

The various methods that an attacker can use to get in

Question 9

What are seven common attack vectors?

Answer 9

Direct access, Wireless, E-mail, Supply chain, Social Media, Removeable media, and cloud

Question 10

What is Threat Intelligence?

Answer 10

The gathering of information from a variety of sources

Question 11

What is Open Source Intelligence (OSINT)?

Answer 11

Intel data collected from public sources

Question 12

What is automated indicator sharing?

Answer 12

A collection of information such as malicious email addresses, IP addresses, and other bad material reported by private companies to the DHS via its Automated Indicator Sharing (AIS)

Question 13

What is InfraGard?

Answer 13

A vetted access collection of security info reported to the FBI

Question 14

What is Internet Storm Center (ISC)?

Answer 14

A distributed sensor network that processes over 20 million intrusion detection log entries per day and generated alerts concerning security threats

Question 15

What is a VirusTotal?

Answer 15

Uses feeds from a myriad of antivirus scanners to maintain a signature database of malware and related information

Question 16

What is Cisco?

Answer 16

A feed of information for cisco customers

Question 17

What are Indicators of Compromise?

Answer 17

Indications that a system has been compromised by unauthorized activity

Question 18

What is Predictive Analysis?

Answer 18

The use of threat intelligence info to anticipate the next move of a threat

Question 19

What are Threat maps?

Answer 19

Geographical representations of attacks showing where packets are coming from and going to

Question 20

What are Requests for Comment (RFC)?

Answer 20

The sets of standards used to define how the internet and the protocols involved in the world wide web are established and managed