GCGA Ch. 6 Comparing Threats, Vulnerabilities, and Common Attacks Flashcards
Nation-state attackers
attackers who are directly employed by or sponsored by a government. Their purpose is to advance that country’s interests using hacking tools. Unskilled attackers use existing computer scripts or code to launch attacks. They typically have very little expertise or sophistication and very little funding.
Hacktivist
launches attacks as part of an activist movement or to further a cause.
Insiders
have legitimate access to an organization’s internal resources. They sometimes become malicious insiders out of greed or revenge. DLP solutions can prevent users from writing data to external media devices. Organized crime is an enterprise that employs a group of individuals working together in criminal activities. Their primary motivation is money.
Shadow IT
refers to unauthorized systems or applications used in an organization without authorization or approval. Threat actors vary in their attributes. They may be internal or external to the target organization and they have differing levels of resources/funding and level of sophistication/capabilities.
Motivations of threat actors
Threat actors also have very different motivations. Some common attack motivations include data exfiltration, espionage, service disruption, blackmail, financial gain, philosophical or political beliefs, ethical hacking, revenge, disruption or chaos, and war.
OSINT
Cybersecurity professionals and attackers use open source intelligence (OSINT) sources to learn about vulnerabilities, how attackers exploit them, and how organizations can protect against the threats.
Malware types
include several different types of malicious code, including ransomware, Trojans, worms, spyware, bloatware, viruses, keyloggers, logic bombs, and rootkits.
Ransomware
a type of malware that takes control of a user’s system or data. Criminals demand a ransom payment before returning control of the computer.
Trojan
appears to be one thing, such as pirated software or free antivirus software, but is something malicious.
RAT
A remote access Trojan (RAT) is a type of malware that allows attackers to take control of systems from remote locations.
Worm
self-replicating malware that travels throughout a network without user intervention.
Spyware
software installed on user systems without the user’s knowledge or consent and it monitors the user’s activities. It sometimes includes a keylogger that records user keystrokes.
Bloatware
software installed when a user installs another program, often without the user’s knowledge. Some bloatware changes the default home page of a user’s browser or change the default search engine.
Virus
malicious code that attaches itself to a host application. The code runs and replicates to other systems when the application is launched.
Hardware or software keyloggers
track all of the keyboard activity on a system and report it back to the attacker.
Logic bomb
executes in response to an event, such as a day, time, or condition. Malicious insiders have planted logic bombs into existing systems, and these logic bombs have delivered their payload after the employee left the company.
Rootkits
take root-level or kernel-level control of a system. They hide their processes to avoid detection, and they can remove user privileges and modify system files.
Social engineering
uses social tactics to gain information or trick users into performing actions they wouldn’t normally take. Social engineering attacks can occur in person, over the phone, while surfing the Internet, and via email. Many social engineers attempt to impersonate others.Social engineers and other criminals employ several psychology-based principles to help increase the effectiveness of their attacks. They are authority, intimidation, consensus, scarcity, urgency, familiarity, and trust.
Shoulder surfing
an attempt to gain unauthorized information through casual observation, such as looking over someone’s shoulder, or monitoring screens with a camera. Screen filters can thwart shoulder surfing attempts. Social engineers use pretexting by presenting a fake scenario before asking for information.
Hoax
a message, often circulated through email, that tells of impending doom from a virus or other security threat that simply doesn’t exist.
Tailgating
the practice of one person following closely behind another without showing credentials. Access control vestibules (sometimes called mantraps) help prevent tailgating.
Dumpster divers
search through trash looking for information. Shredding or burning documents reduces the risks associated with dumpster diving.
Watering hole attacks
discover sites that a targeted group visits and trusts. Attackers then modify these sites to download malware. When the targeted group visits the modified site, they are more likely to download and install infected files.
Spam
unwanted or unsolicited email. Attackers often use spam in different types of attacks.
