Chapter 6: Comparing Threats, Vulnerabilities, and Common Attacks Flashcards
What are Nation-state Attackers?
Cyber actors sponsored by a government/nation-state, targeting other nations’ critical infrastructure or intellectual property for political or strategic purposes.
What is an Advanced Persistent Threat (APT)?
A prolonged and targeted cyber attack where attackers gain unauthorized access and maintain persistent access to a network to steal sensitive information or compromise systems.
In the context of Cybersecurity, what is Organized Crime?
Typically composed of a group of individuals working together in criminal activities. These groups are typically organized with a hierarchy composed of a leader and workers. The primary motivation of organized crime is money.
What is a Hacker?
Commonly refers to a malicious individual who gains unauthorized access to systems or networks, with motivations ranging from malicious intent to curiosity, personal challenge, or ideological reasons.
What is an Unskilled Attacker?
Someone who lacks advanced technical knowledge but uses basic tools, scripts, or social engineering to exploit vulnerabilities.
What is a Hacktivist?
An individual or group who uses hacking to protest or promote political, social, or environmental causes.
What is an Insider Threat?
A security risk posed by individuals within an organization who misuse their authorized access, either maliciously or accidentally, to harm the organization.
What is a Competitor?
A business or individual who may conduct cyber espionage or attacks to gain advantage by stealing sensitive information or intellectual property.
Name the three major attributes that distinguish different attackers?
Internal vs. External, Resources/funding, and level of sophistication/capability.
Name a couple of threat actor motivations.
Data exfiltration, disruption/chaos, financial gain, blackmail, service disruption, philosophical, political beliefs, ethical, revenge, espionage, and war.
What is a Threat Vector?
A method or pathway used by attackers to gain unauthorized access to a system or network.
What is a Message-based threat vector?
Cyberattacks delivered through email, messaging apps, or other communication channels, often using phishing or malicious links.
What is an Image-based threat vector?
Cyberattacks delivered through image files (PNGs, JPEG) to hide malicious code, exploiting vulnerabilities in image-rendering software to deliver malware.
What is a File-based threat vector?
Cyberattacks delivered through files with malicious code such as executables, documents, or scripts that are opened or executed on a system.
What is a Voice Call-based threat vector?
Cyberattacks delivered through phone calls (like vishing) to trick victims into giving up sensitive info by impersonating trusted sources.
What is a removable device threat vector?
Cyberattacks delivered through removable media such as USBs or SD cards to deliver malware directly to a system when plugged in.
What is a System-based threat vector?
Cyberattacks delivered through the exploitation of vulnerabilities in operating systems or applications, like unpatched software or weak configurations.
What is a Network-based threat vector?
Cyberattacks delivered through a network channel to attack systems, such as via packet injection, sniffing, or DoS attacks.
What is a Supply-chain threat vector?
Compromising third-party vendors or software providers to indirectly attack the target organization.
What is Shadow Information Technology (IT)?
Unauthorized hardware or software used without IT’s knowledge or approval, often creating security risks.
What is Malware?
Software designed to harm systems or steal data.
What is a Virus?
Malware that attaches to files and spreads when the host file is run.
What is a Worm?
Self-replicating malware that spreads across systems without needing a host file.
What is a Logic Bomb?
Malicious code activated by specific conditions or actions.
What is a Trojan?
Malware that pretends to be legitimate software to deceive users into running it.
What is Scareware?
Malware that tricks users with fake warnings to install other malicious software or pay money.
What is a Remote Access Trojan (RAT)?
A Trojan that lets attackers remotely control the infect device.
What is a Keylogger?
Software that captures everything a user types to steal sensitive data.
What is Spyware?
Malware that secretly gather user info and sends it to an attacker.
What is a Rootkit?
A stealthy malware that hide its existence and provides administrative access to attackers.
What is Ransomware?
Malware that locks or encrypts data and demands payment to restore access.
What is Bloatware?
Unnecessary software that slows systems and may pose security risks.
What are some potential indicators of a malware attack?
Extra traffic, data exfiltration, encrypted traffic, traffic to specific IPs, and outgoing spam.
What are Human Vectors?
Attacks that target people through manipulation and deception rather than technical exploits.
What is Social Engineering?
Psychological manipulation used to trick people into giving sensitive info or access.
What is Impersonation?
Pretending to be someone trusted to gain unauthorized access or information.
What is Shoulder Surfing?
Observing someone’s private info by watching over their shoulder.
What is Disinformation?
Intentionally spreading false information to mislead or manipulate.
What is Tailgating?
Gaining physical access by closely following someone with authorized entry.
What is Dumpster Diving?
Retrieving discarded data from trash to gain useful or sensitive information.
What is Watering Hole Attack?
Infecting a trusted site to compromise visitors from a specific group.
What are Business Email Compromises (BEC)?
A scam using fake executive email to trick employees into sending money or sensitive info.
What is Typosquatting?
Registering a fake domain name that looks like a real one to trick users who mistype URLs, often for phishing or malware.
What is Brand Impersonation?
Faking a trusted brand to trick users into revealing data or installing malware.
What is Elicitation?
Subtle questioning techniques used to get sensitive information from someone.
What is Pretexting?
Creating a fake scenario to manipulate someone into providing information or acess.
What is Spam?
Unsolicited messages sent over the Internet, often for ads or scams.
What is Spam Over Instant Messaging (SPIM)?
Spam sent over instant messaging platforms instead of email.
What is Phishing?
Fraudulent emails or sites designed to steal personal info or install malware.
What is Spear Phishing?
Targeted phishing aimed at a specific person or organization.
What is Whaling?
A phishing attack targeting high-level executives using personalized and high-stakes messages.
What is Vishing?
Voice phishing–using phone calls to deceive victims into giving personal or financial information.
What is Smishing?
SMS-based phishing attack using fake text messages to steal info or spread malware.
What is a Spam Filter?
A tool that blocks unsolicited or harmful emails from reaching your inbox.
What is Anti-malware?
Software that protects against, detects, and removes malware.
What is a Signature File?
A database of known malware patterns used by anti-malware to detect threats.
What is Heuristic-based Detection?
Malware detection using behavior and code analysis to find new or unknown threats.
What is a File Integrity Monitor?
A tool that detects unauthorized changes to files or system by comparing current and baseline states.
What are the different aspects of Social Engineering?
Authority, Intimidation, Consensus, Urgency, Familiarity, and Trust.
What are Threat Intelligence Sources?
Services providing data on current threats, helping organizations prevent or respond to attacks.
What is the Open-Source Intelligence (OSINT)?
Intelligence collected from publicly available sources like websites, social media, and news.
What is Close/Proprietary Intelligence?
Paid, exclusive threat data gathered and distributed by private cybersecurity organizations.
What are Vulnerability Databases?
A public repo of known software and hardware security weaknesses.
What is a Trusted Automated eXchange of Intelligence Information (TAXII)?
A secure protocol for sharing cyber threat intelligence over HTTPS.
What is a Structured Threat Information eXpression (STIX)?
A structured format for representing and sharing threat intelligence in a machine-readable way.
What is Automated Indicator Sharing (AIS)?
A CISA-led program that enables automatic sharing of cyber threat indicators between government and industry.
What is the Dark Web?
A hidden part of the Internet accessible only with special tools, often used for anonymous and illicit activities.
What are Public/Private Information Sharing Organizations?
Groups that foster cybersecurity info exchange between government and private sector.
What are Indicators of Compromise (IoC)?
Forensic evidence like file hashes or IP addresses that suggest a system has been compromised.
What is Predictive Analysis?
A method of using data and trends to forecast and prevent future threats.
What are Threat Maps?
Visual tools that display real-time global cyberattack data to help monitor threat activity.
What are File/Code Repos?
Centralized storage for source code or files, used for development, threat analysis, or secure sharing.
What are some research sources one can consult?
Vendor Websites, Conferences, Local Industry Groups, Pubic/Private Sharing Centers, Academic Journals, and Request for Comments (RFC).
