Lesson 2 Threat Actors and Threat Intel Flashcards

1
Q

Vulnerability

A

A weakness in a system that can be exploited

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Threat

A

actors willing to exploit a vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

risk

A

impact and likelihood of vulnerability being exploited by a threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

attributes of threat actors

A

known threat vs adversary behaviors
can be internal not just external to local network
intentions can be malicious, opportunistic, accidental, or unintentional
levels of sophistication depends on resources, funding, capability levels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Type of hackers

A

Lone hacker - white vs black hats vs grey hats
Scipt kiddies - unprofessional, just using scripts, etc, not sophisticated
Hacktivists - usually politically or socially motivated to make a statement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

State Actors

A

State backed, military/secret, and highly sophisticated
Advanced Persistent Threat (APT) - ability to access and stay connected to a network without authorization
Done for espionage and strategic advantage
deniability - able to cover tracks during attack
False flag operations - diversions, other minor attacks or overwhelm a system to cover real operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Criminal Syndicates

A

Operate across legal jurisdictions
Threat Actors out to make money/profit
Well funded and resourced

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Competitors

A

Cyber espionage to gain advantage over
Gain financial info on competitors
Can combine with insider threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Insider Threat

A

Malicious

  • has or had authorized access
  • employees, contractors, partners
  • motivated by sabotage, financial gain, business advantage

Unintentional

  • weak policies and procedures
  • weak adherence to policies and procedures
  • lack of training/security awareness
  • shadow IT
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

attack surface

A

points where an attacker can discover/exploit vulnerabilities to access a network or application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

attack vectors

A
parts of a system which can be exploited to gain access to a network
direct access
removable media
email
remote and wireless
supply chain
web and social media
cloud
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Threat research sources

A

Counter intelligence
Threats, Techniques, and Procedures (TTP)
Threat Research Sources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Threat Intelligence Providers

A

narrative analysis and commentary
Reputation/threat data feeds - cyber threat intelligence (CTI)
Platforms and feeds
-closed/proprietary
-vendor websites
-public/private information sharing centers
-open source intelligence (OSINT) threat data sources
OSINT as reconnaissance and monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

TTP

A

Tactics, Techniques and Procedures are a generalized statement of adversary behavior (of known attacks)

tactics - campaign strategy and approach

techniques - generalized attack vectors

procedures - specific intrusion tools and methods

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Threat Data feeds

A
STIX - structured threat info exchange - uses xml for description of attack
TAXII - transport method using STIX
AIS - Automated Indicator of Sharing
Threat maps
file/code repos
Vulnerability DBs and feeds
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Artificial Intelligence and Info Security

A
Used to correlate security intelligence and security event monitoring with threat data from threat feeds, databases, etc
Are expert Systems
Use Artificial Neural Networks (ANN)
- inputs, outputs and feedback
- objectives and error states
17
Q

Predictive Analysis of threats

A

Used to correlate security intelligence and security event monitoring with threat data from threat feeds, databases, etc
Predictive Analysis
- threat forecasting
- monitors ‘chatter’ on social media sites

18
Q

ISAC

A

Information and Sharing Center

  • Entities which share intelligence data about threats and attacks
  • good for critical infrastructure providers
19
Q

OSINT

A

Open Source Intelligence

  • harvesting cybersecurity information from public websites and data records
  • for threat intel, refers to research and data feeds which are publicly available
20
Q

AIS

A

Automated Indicator Sharing (AIS)

  • service offered by the Department of Homeland Security (DHS) for participating in threat intelligence sharing
  • uses the Trusted Automated eXchange of Indicator Information (TAXII) protocol as a means of transmitting CTI data between servers and clients.
21
Q

MITRE ATT&CK

A

A global knowledge DB documenting real-world adversary tactics and techniques
good source of OSINT

22
Q

OWASP

A

Open Web Application Security Project