Lesson 2: Compare Threat Types

Question 1

Define ‘Risk’

Answer 1

Likelihood/consequence of a threat actor exercising a vulnerability.

Question 2

What is the reason for calculating risk?

Answer 2

To determine the likelihood/imapct that a successful exploit would have.

Question 3

Define a ‘Vulnerability’

Answer 3

A weakness that could be triggered accidentally or exploited intentionally to cause a security breach.

Question 4

List examples of a vulnerability

Answer 4

Misconfiguration of hardware/software or network device; out-of-date software/firmware; poor network architecture; inadequate policies.

Question 5

What determines how vulnerable an asset is?

Answer 5

The value of the asset and ease of exploiting the fault.

Question 6

Define a ‘Threat’

Answer 6

Attack vector; The potential for someone/something to exploit a vulnerability and breach security intentionally or unintentionally.

Question 7

Define an external threat actor

Answer 7

Has no authorized access to the target system; Infiltrates the security system using unauthorized access.

Question 8

Define an internal threat actor

Answer 8

Was granted permissions on the system; Typically an employee, contractors or business partners.

Question 9

What are general motivations for perpetrating a cyber attack?

Answer 9

Greed/Financial, Curiosity/Chaos, Grievance/Revenge, Political

Question 10

List 3 general strategies/method threat actors use to perpetrate a cyber attack

Answer 10

1. Service Disruption
2. Data exfiltration
3. Disinformation

Question 11

Define ‘Service Disruption’

Answer 11

Type of attack that compromises the availability of an asset or business process.

Question 12

Define ‘Data Exfiltration’

Answer 12

Process by which an attacker takes data stored in a private network and moves it to an external network without authorization.

Question 13

Define ‘Disinformation’

Answer 13

Type of attack that falsifies an information resource that is normally trusted by others.

Question 14

List examples of a disinformation attack

Answer 14

Changing the content of a website; Manipulating search engines to inject fake sites; Using bots to post false information to social media sites.

Question 15

Define a ‘Hacktivist’

Answer 15

Threat actor motivated by a social issue or political cause.

Question 16

Define an advanced persistent threat (APT)

Answer 16

Ability of an adversary to achieve ongoing compromise of network security (obtaining and maintaining access).

Question 17

Define a ‘Nation-state actor’

Answer 17

Threat actor that is supported by the resources of its host country’s military and security services.

Question 18

What are the typical targets of nation-state actors?

Answer 18

Energy, health, and electoral systems/organizations.

Question 19

What are the typical goals of nation-state actors?

Answer 19

Primarily disinformation and espionage for strategic advantage - typically not for financial reason.

Question 20

What is ‘Shadow IT’?

Answer 20

Computer hardware, software, or services used on a private network without authorization from the system owner.

Question 21

What are the typical motivations/goals of an internal/insider threat actor?

Answer 21

Revenge and Financial gain.

Question 22

Which three types of threat actor are most likely to have high levels of funding?

Answer 22

State actors, organized crime, and competitors.

Question 23

Define an ‘Attack Surface’

Answer 23

All the points at which a malicious threat actor could try to exploit a vulnerability.

Question 24

What are examples of what could be apart of an attack surface?

Answer 24

Any location or method where a threat actor can interact with a network port, application, computer, or user.

Question 25

Define the process of minimizing attack surface

Answer 25

Restricting access so that only trusted endpoints, protocols/ports, and services are permitted.

Question 26

Define a ‘Threat Vector’

Answer 26

A specific path a threat actor uses to gain unauthorized access to a system.

Question 27

Define ‘Vulnerable software’

Answer 27

Contains a flaw in its code or design that can be exploited to circumvent access control or to crash the process.

Question 28

Define an ‘Unsupported System/Application’

Answer 28

System/Application whose vendor no longer develops updates and patches for the product.

Question 29

What are the two vectors a software vulnerability is exploited?

Answer 29

1. Remote
2. Local

Question 30

Define a ‘Remote’ exploit

Answer 30

An exploit performed by sending code to the target over a network and does not depend on an authenticated session with the target to execute.

Question 31

Define a ‘Local’ exploit

Answer 31

The exploit code must be executed from an authenticated session on the computer; Threat actor needs to use some valid credentials or hijack an existing session to execute it.

Question 32

Define an ‘Unsecure Network’

Answer 32

One that lacks the attributes of confidentiality, integrity, and availability.

Question 33

What constitutes an unsecure network?

Answer 33

Unnecessary open ports, weak/no authentication, use of default credentials, or lack of secure communications/encryption.

Question 34

What is the outcome from a ‘Lack of Confidentiality’

Answer 34

Allows threat actors to snoop on network traffic and recover passwords or other sensitive information.

Question 35

What is the outcome from a ‘Lack of Integrity’

Answer 35

Allows threat actors to use unauthorized devices to manipulate traffic/data, run exploit code, or spoof a service.

Question 36

Define a ‘Lack of Availability’

Answer 36

Threat actors are able to perform service disruption attacks; aka denial of service (DoS) attacks.

Question 37

What are qualities of a secure network?

Answer 37

Uses an access control framework and cryptographic to identify, authenticate, authorize, and audit network users, hosts, and traffic.

Question 38

Define a ‘Direct Access’ threat vector

Answer 38

Threat actor uses physical access to the site to perpetrate an attack; Unlocked workstation, boot disk to install malicious tool, stealing a PC/disk drive.

Question 39

Define a ‘Wired Network’ threat vector

Answer 39

Threat actor accesses a site to attach an unauthorized device to a physical network port.

Question 40

Define a ‘Remote and Wireless Network’ threat vector

Answer 40

Attacker obtains credentials for remote access or wireless connection to the network or cracks the security protocols used for authentication; Rouge/spoofed APs/Evil Twin APs

Question 41

Define a ‘Cloud Access’ threat vector

Answer 41

Gaining access to a cloud system through an account/service/hose with weak configuration; Potentially attacking a cloud service provider.

Question 42

Define a ‘Bluetooth Network’ threat vector

Answer 42

Threat actor exploits a vulnerability or misconfiguration to transmit a malicious file to a user’s device over Bluetooth.

Question 43

Define a ‘Default Credentials’ threat vector

Answer 43

Attacker gains control of a network device or app because it has been left configured with a default password.

Question 44

Define a ‘Open Service Port’ threat vector

Answer 44

Threat actor is able to establish an unauthenticated connection to a logical TCP or UDP network port.

Question 45

Define a ‘Lure’ threat vector

Answer 45

Entices a victim into interacting with a removable device, file, image, or program that conceals malware.

Question 46

What is the purpose of a lure attack?

Answer 46

If the threat actor cannot gain access to run a remote or local exploit directly, a lure might trick a user into facilitating the attack.

Question 47

How are lure attacks prevented?

Answer 47

Vulnerability management, antivirus, program execution control, and intrusion detection.

Question 48

What is the typical attack vector used to deliver a lure attack?

Answer 48

Any form of direct messaging; Email, SMS, Instant Messaging (iMessage), Websites/Social Media

Question 49

Define a ‘Supply chain’

Answer 49

End-to-end process of supplying, manufacturing, distributing/providing goods and services to a customer.

Question 50

Define ‘procurement management’

Answer 50

Process of ensuring reliable sources of equipment and software

Question 51

Define a ‘Supplier’ in a supply chain

Answer 51

Obtains products directly from a manufacturer to sell in bulk to other businesses; Referred to as business to business (B2B).

Question 52

Define a ‘Vendor’

Answer 52

Obtains products from suppliers to sell to retail businesses (B2B) or directly to customers (B2C); Might add some level of customization and direct support for the product(s).

Question 53

Define a ‘Business Partner’

Answer 53

Implies a closer relationship where two companies share quite closely aligned goals and marketing opportunities.

Question 54

Define a ‘managed service provider’ (MSP)

Answer 54

Provisions and supports IT resources such as networks, security, or web infrastructure.

Question 55

What is the downside of using a managed service provider (MSP)?

Answer 55

Difficult to monitor the MSP; The MSP’s employees are all potential sources of insider threat.

Question 56

What nmap option performs a scan that displays service identification?

Answer 56

-sV

Question 57

What are two primary response options to the discovery of an open port hosting an insecure service?

Answer 57

Close the exposed port and configure service encryption if its a necessary service.

Question 58

Define ‘Social engineering’

Answer 58

Hacking the human; Goal is to deceive unsuspecting users into providing sensitive data or violating security guidelines in preparation for an intrusion or to effect an actual intrusion.

Question 59

Define ‘Impersonation’

Answer 59

Social engineering attack where an attacker pretends to be someone they are not.

Question 60

What are the two types of impersonation attacks?

Answer 60

1. Persuasion/liking
2. Coercion/threat/urgency

Question 61

Define ‘Pretexting’

Answer 61

Social engineering tactic communicating a lie or half-truth in order to get someone to trick a victim; Combination of persuasion and coercion.

Question 62

Define ‘Phishing’

Answer 62

Email/SMS based attack that persuades the target into interacting with a malicious resource or providing sensitive data disguised as a trusted source.

Question 63

What two attack methods combine to create phishing?

Answer 63

A combination of social engineering and spoofing.

Question 64

Define ‘Vishing’

Answer 64

A human-based attack where the attacker extracts information over the phone or VoIP.

Question 65

Define ‘Pharming’

Answer 65

Impersonation attack that corrupts the name resolution process and redirects users from a legitimate website to a malicious one.

Question 66

What do phishing and pharming both depend on?

Answer 66

Impersonation and spoofing.

Question 67

Define ‘Typosquatting’

Answer 67

Attacker registers a domain name with a common misspelling of an existing domain, so a user who misspells a URL into a browser is taken to the attacker’s website.

Question 68

Define ‘Business email compromise’

Answer 68

Impersonation attack where the attacker gains control of an employee’s account and uses it to convince other employees to perform fraudulent actions.

Question 69

Define ‘Brand impersonation’

Answer 69

Threat actor accurately duplicates a company’s logos and formatting to make a phishing message or pharming website a compelling fake.

Question 70

Define ‘Disinformation’

Answer 70

Refers to a purposeful motivation to deceive.

Question 71

Define ‘Misinformatoin’

Answer 71

Refers to repeating false claims or rumors without the intention to deceive.

Question 72

Define a ‘watering hole attack’

Answer 72

Attacker targets specific groups or organizations, discovers which websites they frequent, and injects malicious code into those sites to infect the targets once they interact with the resource.

Question 73

Define a ‘Whaling’ attack

Answer 73

Spear-phishing attack directed at high-level executives where attackers masquerade as legitimate, known and trusted entities and encourage a victim to share highly sensitive information or to send a wire transfer to a fraudulent account.