Classifying Threats Flashcards

1
Q

A threat that can be identified using basic signature or pattern matching

A

Known Threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Malware

A

Any software intentionally designed to cause damage to a computer, server,
client, or computer network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A piece of software, data or sequence of commands that takes advantage of
a vulnerability to cause unintended behavior or to gain unauthorized access
to sensitive data

A

Documented Exploits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A threat that cannot be identified using basic signature or pattern matching

A

Unknown Threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An unknown exploit in the wild that exposes a vulnerability in software or hardware and can create complicated problems well before anyone realizes something is wrong

A

Zero-day Exploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Malicious code whose execution the malware author has attempted to hide
through various techniques such as compression, encryption, or encoding to
severely limit attempts to statically analyze the malware

A

Obfuscated Malware Code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A malware detection method that evaluates an object based on its intended
actions before it can actually execute that behavior

A

Behavior-based Detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Refers to the process of combining and modifying parts of existing exploit code to
create new threats that are not as easily identified by automated scanning

A

Recycled Threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A classification of malware that contains obfuscation techniques to circumvent
signature-matching and detection

A

Known Unknowns

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A classification of malware that contains completely new attack vectors and
exploits

A

Unknown Unknowns

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A type of threat actor that is supported by the resources of its host country’s
military
and security services

A

Nation-state Actor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A type of threat actor that uses hacking and computer fraud for commercial gain

A

Organized Crime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A type of threat actor that is motivated by a social issue or political cause

A

Hacktivist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A type of threat actor who is assigned privileges on the system that cause an intentional or unintentional incident.
Insider threats can be either intentional or unintentional

A

Insider Threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A threat actor who conducts an attack with a specific purpose

A

Intentional

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A threat actor that causes a vulnerability or exposes an attack vector without malicious intent
Shadow IT is a form of unintentional insider threat

A

Unintentional

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Malicious software applications that are widely available for sale or easily obtainable and usable

A

Commodity Malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A vulnerability that is discovered or exploited before the vendor can issue a patch to fix it

A

Zero-day Vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

An attacker’s ability to obtain, maintain, and diversify access to network systems
using exploits and malware

A

Advanced Persistent Threat (APT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

An infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets

A

Command and Control (C2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Blacklists of known threat sources, such as malware signatures, IP address ranges,
and DNS domains

A

Reputation Data

22
Q

A residual sign that an asset or network has been successfully attacked or is continuing to be attacked

A

Indicator of Compromise (IoC)

23
Q

A term used for evidence of an intrusion attempt that is in progress

A

Indicator of Attack (IoA)

24
Q

A term that refers to the correlation of IoCs into attack patterns

A

Behavioral Threat Research

25
Q

Behavior patterns that were used in historical cyber-attacks and adversary actions
▪ DDoS
▪ Viruses or Worms
▪ Network Reconnaissance
▪ APTs
▪ Data Exfiltration

A

Tactics, Techniques, and Procedures (TTP)

26
Q

APT techniques to retain persistence

A

Port Hopping
Fast Flux DNS

27
Q

An APT’s C2 application might use any port to communicate
and may jump between different ports

A

Port Hopping

28
Q

A technique rapidly changes the IP address associated with a
domain

A

Fast Flux DNS

29
Q

A model developed by Lockheed Martin that describes the stages by which a threat actor progresses a network intrusion.
Kill chain analysis can be used to identify a defensive course-of-action matrix to counter the progress of an attack at each stage

A

Lockheed Martin Kill Chain

30
Q

Lockheed Martin Kill Chain Stages

A

Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command & Control (C2)
Actions on Objectives

31
Q

A knowledge base maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques, and common knowledge or procedures (attack.mitre.org)
The pre-ATT&CK tactics matrix aligns to the reconnaissance and weaponization phases of the kill chain

A

MITRE ATT&CK Framework

32
Q

A framework for analyzing cybersecurity incidents and intrusions by exploring the
relationships between four core features: adversary, capability, infrastructure,
and victim

A

Diamond Model of Intrusion Analysis

33
Q

A standard terminology for IoCs and ways of indicating relationships between them that is included as part of the OASIS Cyber Threat Intelligence (CTI) framework STIX is expressed in JavaScript Object Notation (JSON) format that consists of
attribute: value pairs

A

Structured Threat Information eXpression (STIX)

34
Q

A protocol for supplying codified information to automate incident detection and
analysis

A

Trusted Automated eXchange of Indicator Information (TAXII)

35
Q

A framework by Mandiant that uses XML-formatted files for supplying codified information to automate incident detection and analysis

A

OpenIOC

36
Q

MISP provides a server platform for cyber threat intelligence sharing, a
proprietary format, supports OpenIOC definitions, and can import and export STIX over TAXII

A

Malware Information Sharing Project (MISP)

37
Q

The process of identifying and assessing the possible threat actors and attack vectors that pose a risk to the security of an app, network, or other system
Threat modeling may be used to analyze corporate networks in general or against specific targets like a website or application being deployed

A

Threat Modeling

38
Q

A formal classification of the resources and expertise available to a threat actor

A

Adversary Capability

39
Q

The points at which a network or application receives external connections or inputs/outputs
that are potential vectors to be exploited by a threat actor
▪ The holistic network
▪ Websites or cloud-services
▪ Custom software applications

A

Attack Surface

40
Q

A specific path by which a threat actor gains unauthorized access to a system
▪ Cyber
▪ Human
▪ Physical

A

Attack Vector

41
Q

Likelihood - The chance of a threat being realized which is usually expressed as a percentage
Impact - The cost of a security incident or disaster scenario which is usually expressed in cost (dollars)

A

Risk

42
Q

A cybersecurity technique designed to detect presence of threats that have not been discovered by normal security monitoring

A

Threat Hunting

43
Q

A hypothesis is derived from the threat modeling and is based on potential events with higher likelihood and higher impact

A

Establishing a Hypothesis

44
Q

Involves the creation of scenarios that show how a prospective attacker might
attempt an intrusion and what their objectives might be

A

Profiling Threat Actors and Activities

45
Q

Publicly available information plus the tools used to aggregate and search it

A

Open-Source Intelligence (OSINT)

46
Q

An Open Source Intelligence (OSINT) technique used to gather email addresses for a domain

A

Email Harvesting

47
Q

A public listing of all registered domains and their registered administrators

A

whois

48
Q

A method of replicating DNS databases across a set of DNS servers that is often used during the reconnaissance phase of an attack

A

DNS Zone Transfer

49
Q

Using Open Source Intelligence (OSINT) to gather information about a domain, such as any subdomains, the hosting provider, the administrative contacts, and so on

A

DNS Harvesting

50
Q

A techniques used to copy the source code of website files to analyze for information and vulnerabilities

A

Website Harvesting