Key Concepts Flashcards
Attribution is always a straightforward process, with clear evidence pointing to a single group. True or false
False - attribution is very difficult to assign to a group
What does the E stand for in F3EAD?
Find
Fix
Finish
Exploit
Analyse
Disseminate
Threat group actors are never motivated by political or ideological factors? T/f
False - hacktivists follow ideology
Why do we look at entry and exit points?
- To identify when/where data enters and exits a system
-To identify where data exits and enters a system AND where users acces the system
- in order to direct the data ourselves
-to identify where users access the system
To identify where data exits and enters a system AND where users access the system
What are the two separate areas where these type of IOCs can be generated from?
- host based and network based indicators
-encryption based and network based indicators
- host based and computer based indicators
- system based and encryption based indicators
host based and network based indicators
What is the purpose of using a drive-by-download attack in cybersecurity?
-to compromise a website frequented by the target
- to disrupt the targets operations
- to steal sensitive data
- to install malware on the targets device
- to install malware on the targets device
Which threat actor is considered to have the greater capability and motivation?
- hacktivists
- insider threat
- nation state actors
- Cyber Criminals
Nation state actors
What is the main goal of a zero day vulnerability?
- to steal sensitive data
- to disrupt the targets operations
- to install malware on the targets device
- to blackmail the target
To install malware on the targets device
How can understanding of a threat actors motivation be used to inform threat intelligence analysis and response?
-by enabling the creation of more accurate threat models
- all of these are correct
- by informing the development of more effective countermeasures
- by identifying the most likely targets and methods of attack
- by facilitating attribution of attacks to specific groups or actors
All of these
Which of these is not a decision making loop?
- intelligence cycle
- F3EAD
- FFS cycle
- OODA Loops
Ffs cycle
What does IPE stand for?
Intelligence Preparation of the Environment
What is the common technique used by APT threat actors use to gain initial access to the network?
DDoS, vulnerability exploitation, supply chain attacks or social engineering
Social engineering
Which of the following is the most likely intent of a state sponsored threat actor?
Financial gain, political espionage, create mayhem, all of these are correct, Hacktivism
Political espionage
Which hat colour refers to hackers that hack without consent but stop short of malicious activities?
White, grey, black or green?
Grey
Hactivist ideology always opposes the nation state? True or false
False- hacktivists ideology varies from Ukraine war to whales at sea world
What does IPB stand for?
Intelligence preparation of the battlefield
The process of attribution can be influenced by biases including cultural and political? T/F
True
What is a nations state actor motivation?
Financial gain, ideology, intellectual property theft, boredom
IP theft
What do we mean by utility of scale?
A way of categorising hackers by concepts from unsophisticated to sophisticated
What is the difference between IPB and IPE?
IPE focuses on the environment in isolation from the adversary
What is the objective of the sterile corridor?
- to further data collection
- to analyse data
- to explain aspects of intelligence to other members of the intelligence team
- to obscure aspects of an intelligence activity to members of the intelligence team
to obscure aspects of an intelligence activity to members of the intelligence team
What do we mean by utility of scale?
- presenting security of a document
- measuring intelligence report accurately
- categorising hackers by sophistication
- a way to measure DDoS
Categorising hackers by sophistication
Should you consider insider threat as a threat actor or threat vector
Threat vector
What was the CBEST narrative structure developed for?
To communicate something technical to a non technical audience
What is the purpose of IPB?
-prepare for war
- explain operations to a non CTI analyst
-gain access onto enemy system
- analyse mission variables in the area of interest to determine the effect on operations
Analyse mission variables in the area of interest to determine the effect on operations
What are the principles of intelligence? Crosscat
Centralised responsive objective systematic sharing continuous review accessible timely
What is the purpose of a drive by download attack
To install malware on the targets device
What is the purpose of a supply chain attack as a technique?
To steal sensitive data
What is the difference between a threat actors intent and their capability?
Intent refers to what the attacker wants to achieve, while capability refers to their ability to achieve it
What are some of the challenges of measuring threat actor motivation?
Available information may be incomplete or misleading. Motivation is often subjective and difficult to quantify. Difficult to distinguish between different threat actors and their motivations. Many threat actors are adept at deception and hiding their true intentions.
