J.Dion Sec. 3 Threat Actors Flashcards

1
Q

An individual or entity responsible for incidents that impact security and data protection.

A

Threat actor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Specific characteristics or properties that define and differentiate various threat actors from one another.

A

Threat actor attributes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Individuals with limited technical expertise who use readily available tools like downloaded scripts or exploits to carry out attacks.

A

Unskilled attackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Cyber attackers who carry out their activities driven by political, social, or environmental ideologies who often want to draw attention to a specific cause or drive social change.

A

Hacktivists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Well-structured groups that execute cyberattacks for financial gain, usually through methods like ransomware, identity theft, or credit card fraud.

A

Organized crime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Highly skilled attackers that are sponsored by governments to carry out cyber espionage, sabotage, or cyber warfare against other nation states or specific targets in a variety of industries.

A

Nation-state actors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Security threats that originate from within the organization.

A

Insider threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

IT systems, devices, software, applications, and services that are managed and utilized without explicit organizational approval.

A

Shadow IT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Name the 6 different types of threat vectors.

A

Message-based
Imaged-based
File-based
Voice calls
Removable devices
Use of unsecured networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Name the 4 deception and disruption technologies used to outsmart threat actors.

A

Honeypots
Honeynets
Honeyfiles
Honeytokens

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Decoy systems or servers designed to attract and deceive potential attackers, simulating real-world IT assets to study their techniques.

A

Honeypots

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Creates an entire network of decoy systems to observer complex, multi-stage attacks.

A

Honeynets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Decoy files placed within systems to detect unauthorized access or data breaches.

A

Honeyfiles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Fake pieces of data, like a fabricated user credential, inserted into databases or systems to alert administrators when they are accessed or used.

A

Honeytokens

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

List the types of threat actor motivations.

A

Data exfiltration
Blackmail
Espionage
Service disruption
Financial gain
Philosophical or political beliefs
Ethical reasons
Revenge
Disruption or chaos
War

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The unauthorized transfer of data from a computer.

A

Data exfiltration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

One of the most common motivations for cybercriminals.

A

Financial gain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What type of attacks do cybercriminals use to achieve financial gain?

A

Ransomware attacks
Banking trojans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Type of motivation where the attacker obtains sensitive/compromising information about an individual or an organization and threatens to release this information to the public unless certain demands are met.

A

Blackmail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

This type of motivation is often achieved by Distributed Denial of Service (DDoS) attack to overwhelm a network, service, or server with excessive amounts of traffic so that it becomes unavailable to its normal users.

A

Service disruption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

This motivation type is used by individuals or groups use hacking to promote a political agenda, social change, or to protest against organizations they perceive as unethical.

A

Philosophical or Political beliefs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Motivation type where ethical hackers, also known as, authorized hackers, are motivated by a desire to improve security.

A

Ethical reasons

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Motivation type where an employee who is disgruntled, or one who has recently been fired/laid off, might want to harm their current/former employer by causing a data breach, disrupting services, or leaking sensitive information.

A

Revenge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Motivation type where threat actors, often referred to as unauthorized hackers, engage in malicious activities for the thrill of it, to challenge their skills, or simply to cause harm.

A

Disruption or chaos

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Motivation type that involves spying on individuals, organizations, or nations to gather sensitive or classified information.

A

Espionage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Motivation type where cyberattacks have increasingly become a tool for nations to attack each other on/off the battlefield.

A

War

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What are the three attributes of an attacker?

A

Origin: Internal vs external
Resources and funding
Level of sophistication and capability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Category that refers to individual/entities within an organization who pose a threat to its security.

A

Internal threat actors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Category that refers to individuals/groups outside of an organization who attempt to breach its cybersecurity defense.

A

External threat actors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Category that refers to the tools, skills, and personnel at the the disposal of a give threat actor.

A

Resources and Funding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Category that refers to their technical skill, the complexity of the tools and techniques they use, and their ability to evade detection and countermeasures.

A

Level of sophistication and capability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What level of sophistication and capability is a threat actor listed as who uses widely available tools and techniques such as the common malware or phishing attacks?

A

Low level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

An low level categorized individual with limited technical knowledge who uses pre-made software or scripts to exploit computer systems and networks without understanding the underlying principles.

A

Script Kiddie

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What type of attacks do hacktivists utilize?

A

Website defacement
DDoS attacks
Doxing
Leaking of sensitive data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Website defacement is treated as?

A

Website vandalism

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Type of attack that releases an individuals or organizations private information such as name, home address, etc.

A

Doxxing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What is the notable hacktivist event that occurred in 2010.

A

In 2010, the hacktivist group named Anonymous launched their Operation Payback Campaign via DDoS attacks against various organizations of digital anti-piracy efforts.

38
Q

What is the notable hacktivist event that occurred in 2011.

A

LulzSec launched a series of attacks known as “50 Days of Lulz” that targeted various organizations like Sony, CIA, FBI. The motivations were political and chaos driven.

Political motivation was against censorship and surveillance.

39
Q

Sophisticated and well-structured entities that leverage resources and technical skills for illicit gain.

A

Organized Cyber Crime Groups

40
Q

Sophisticated cybercrime group known for their advanced phishing campaigns and well crafted email and webpages to trick employees to login with their credentials or installing malware onto their systems as well as have been linked to numerous high-profile data breaches.

A

FIN7

41
Q

Sophisticated cybercrime group that has stolen over $1 billion from various banks around the world by using custom malware they created that allows the hackers to transfer money between accounts and even dispense money remotely at ATMs.

A

Carbanak group

42
Q

Groups that are sponsored by a government to conduct cyber operations against other nations, organizations, or individuals.

A

Nation-state actors

43
Q

Attack that is orchestrated in such a way that it appears to originate from a different source/group.

A

False flag attack

44
Q

Whenever we hear Advanced Persistent Threat, think

A

a prolonged and targeted cyberattack where an intruder gains unauthorized access to a network and remains undetected for an extended period of time monitoring and stealing data rather than causing immediate damage.

45
Q

Sophisticated piece of malware that was designed by the American and Israeli governments to sabotage the Iranian government’s nuclear program by causing physical damage to the centrifuges used in the uranium enrichment process.

A

Stuxnet worm

46
Q

How did the Stuxnet worm work?

A

By exploiting zero-day vulnerabilities in the Windows operating system that was used for the nuclear centrifuges enrichment process.

47
Q

Cybersecurity threats that originate from withing the organization.

A

Insider threats

48
Q

The use of information technology systems, devices, software, applications, and services without explicit organizational approval.

A

Shadow IT

49
Q

The means or pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload or carry out an unwanted action.

A

Threat vector

50
Q

Encompasses all the various points where an unauthorized user can try to enter data to or extract data from an environment.

A

Attack surface

51
Q

When thinking of attack vector think

A

the how of an attack.

52
Q

When thinking of the attack surface think

A

the location of an attack.

53
Q

This threat vector type is delivered via email, simple message service, or forms of instant messaging.

A

Messages

54
Q

Threat vector that involves the embedding of malicious code inside an image file and when image is opened the malicious code is executed.

A

Images

55
Q

In 2017, cybersecurity researchers discovered this large scale image-based attack.

A

Stegano

56
Q

How did the Stegano attack work?

A

Cyber criminals embedded malicious codes within the pixels of banner ads on popular websites to exploit older Internet Explorer web browser.

57
Q

Threat vectors that involve the use of malicious files to deliver a cyber attack.

A

Files

58
Q

Threat vectors that involve the used of voice calls to trick victims into revealing their sensitive information.

A

Voice calls

59
Q

Threat vectors via removable devices such as USB.

A

Removable devices

60
Q

Threat vectors that refer to the lack of appropriate security measures to protect networks.

A

Unsecure networks

61
Q

Rogue access points of fake wifi networks that mimic an organization’s legitimate ones.

A

Evil twins

62
Q

What are 3 types of attacks for wired networks?

A

Tapping into network cables to intercept/manipulate data.
Connecting unauthorized devices by using MAC address cloning.
VLAN hopping.

63
Q

What are the exploits that have been used to attack Bluetooth technology?

A

BlueBorne
BlueSmack

64
Q

Exploit with a set of vulnerabilities in Bluetooth technology that can allow an attacker to take over devices or spread malware.

A

BlueBorne exploit

65
Q

Exploit that is a type of Denial of Service attack targeting Bluetooth-enabled devices by sending a specially crafted Logical Link Control and Adaptation Protocol packet to a target device.

A

BlueSmack exploit

66
Q

Specific methods and patterns of activities or behaviors associated with a particular threat actor or group of threat actors.

A

Tactics, Techniques, and Procedures (TTPs)

67
Q

Technologies designed to mislead, confuse, and divert attackers from critical assets while simultaneously detecting and neutralizing threats.

A

Deceptive and Disruptive Technologies

68
Q

What are the 4 commonly used Deceptive and Disruptive Technologies used?

A

Honeypots
Honeynets
Honeyfiles
Honeytokens

69
Q

Decoy system or network set up to attract potential hackers by mimicking a real system with vulnerabilities that seem attractive to attackers.

A

Honeypot

70
Q

What is the primary purpose of a honeypot?

A

To gather information about the attacker’s methods, motives, and TTPs.
(Tactics, Techniques, and Procedures)

71
Q

Where are honeypots placed in an enterprise network?

A

Install a honeypot in an enterprise network, place it within a screened subnet or isolated segment that is easily accessed by potential hackers.

72
Q

Network of honeypots to create a more complex system that is designed to mimic an entire network of systems, including servers, routers, and switches.

A

Honeynet

73
Q

How do honeypots and honeynets work?

A

They log all activities to provide data about both successful and unsuccessful attacks against network.

74
Q

How can attackers use honeynets or honeypots against an organization’s security architecture?

A

The attacker can learn how the production systems are configured and use it to their advantage to attack the network.

75
Q

Decoy file placed within a system to lure in potential attackers.

A

Honeyfile

76
Q

What happens when an attacker accesses and opens a honeyfile?

A

An alert is triggered that notifies the security team. Some honeyfiles have embedded code that allows the security team to enumerate the attackers network.

77
Q

What are 6 types of honeyfiles?

A

Word-processing documents
Spreadsheets
Presentation files
Database files
Executables
Images

78
Q

Piece of data or a resource that has no legitimate value or use but is monitored for access or use.

A

Honeytoken

79
Q

What are 5 other strategies to help secure an enterprise network?

A

Using bogus DNS directories
Creating decoy directories
Generating dynamic pages to slow down web crawlers.
Using port triggering to hide services.
Spoofing fake telemetry data during a detected network scan.

80
Q

Fake DNS entries introduced into a system’s DNS server.

A

Bogus DNS

81
Q

Why is using Bogus DNS entries useful?

A

Administrators can mislead attackers into accessing non-existent domains or trap systems to waste the attacker’s time/resources while simultaneously alerting defenders.

82
Q

Fake folders and files placed within a system’s storage.

A

Decoy directories

83
Q

Why are Decoy directories useful?

A

When unauthorized user(s) attempt to access/modify these directories the system can raise an alert while the attacker is misled by false data.

84
Q

Used in websites to present every-changing content to web crawlers to confuse and slow down the threat actor.

A

Dynamic page generation

85
Q

Security mechanism where specific services or ports on a network device remain closed until a specific outbound traffic pattern is detected.

A

Port triggering

86
Q

System can respond to an attacker’s network scan attempt by sending out fake telemetry or network data.

A

Fake telemetry data

87
Q

Which of the following is a primary motivation for a hacktivist threat actor?

a. Financial gain
b. Ideological beliefs
c. Espionage
d. Service disruption

A

b. Ideological beliefs

Hacktivists are motivated by ideological, political, and philosophical beliefs and they use cybercrime as a means to promote a particular agenda/cause.

88
Q

Which attribute of a threat actor indicates the amount of financial, technological, and human resources they can use for their operations?

a. Their sophistication level
b. Their resource level
c. Their motivations
d. Their intent

A

b. Their resource level

Resource level is the attribute that reflects the depth and breadth of resources available to a threat actor.

89
Q

Which of the following threat actors primarily operates based primarily on financial motivations and is considered to be highly structured and sophisticated in their attacks?

a. Organized crime
b. Script Kiddies
c. Hacktivists
d. Nation-state actors

A

a. Organized crime

Organized cybercrime consists of groups that are primarily motivated by financial gain and typically involved in data breaches, ransomware attacks, and financial fraud.

90
Q

Which type of threat actor would BEST describe a disgruntled employee who may exploit their legitimate access for malicious purposes?

a. Unskilled attacker
b. Hacktivist
c. Insider threat
d. Nation-state actor

A

c. Insider threat

91
Q

Which deceptive technology is a piece of data or a system entity that exists solely to alert the organization when someone accesses it?

a. Honeypot
b. Honeynet
c. Honeyfile
d. Honeytoken

A

d. Honeytoken

Honeytokens are a piece of information or a system entity that is created to serve as a decoy or alert mechanism. Honeytokens sole purpose is to be accessed or used illicitly.

92
Q
A