Module 02 - Threats, Vulnerabilities, and Mitigations Flashcards
What are the attack types?
Opportunistic and unstructured
Targeted and structured
What’s shadow IT?
Is the use of unapproved or unsanctioned technology in a company
What are the attributes of threat actors? Define the attributes
Internal/External => Degree of access of the actor
Sophistication/Capability => Ability to attack
Resources/Funding => Support to the attack
What are the general strategies of threat actors?
- Service disruption
- Data exfiltration
- Disinformation
What are the motivations of threat actors?
- Chaotic motivation
- Financial motivation
- Political motivation
What kind of attack could be done when there’s a financial motivation?
- Blackmail
- Extortion
- Fraud
- Commercial espionage
What’s the difference between Blackmail and Extortion?
Blackmail is when trying to prevent the release of confidential information.
Extortion is trying to prevent some type of attack
What are the threat actor types?
- Hackers
- Unskilled hackers [Script Kiddie]
- Hacker groups [Hacktivists]
- Nation-state actors [APT]
- Organized crime
- Internal [Whitleblower]
Acronym:
APT
Advanced Persistent Threat
What’s a whistleblower?
Internal threat actor with an political motivation to release confidential information
What are the steps of an attack?
- Reconnaissance
- Social Engineering
- Technical approaches
- Breach the system
- Escalate privilege
- Backdoor
- Stage computers
- Exploit vulnerabilities
What’s reconnaissance?
The process of gathering information about an organization, its users, hardware and software
What’s Social Engineering?
The process of manipulating others into providing sensitive information or doing unauthorized procedures
What’s to stage computers?
The process of preparing computers to perform additional tasks in the attack
List:
Defense security concepts
- Layering [Defense in depth]
- Principle of least privilege
- Variety
- Randomness
- Simplicity
Define the concept of layering (Defense in depth)
It’s the implementation of multiple security strategies to protect the same asset.
If one is bypassed, there’s multiple others to protect
Define the concept of Variety
It’s the variety of methods in defensive layers, for the multiple use of the same method isn’t secure
Define the concept of ‘Principle of least privilege’
Users have only the access they need to do their jobs and nothing more.
Define the concept of ‘Radomness’
Constant change in personal habits, passwords, in order do prevent predictability
What’s an attack surface?
Potential vector for attempting an intrusion
How can vulnerabilities be exploited?
Remote and local.
Remote are exploited unauthenticated
Local are exploited with valid credentials
What’s a secure network?
Identifies, authenticate, authorize and audit network users, hosts and traffic.
What’s a threat vector?
A path an attacker might use to attack
What’s the difference between threat vector and attack vector?
Threat vector is the potential path of an attack.
Attack vector is the path used in a successful attack
What are the attack vector types?
- Vulnerable software
- Network vector
- Lure-based vector
- Message-based vectors
- Supply chain
- Human vector
What are the network vectors?
- Direct access (physical)
- Wired network
- Remote network
- Cloud access
- Bluetooth network
- Default credentials
- Open service ports
What is the ‘Cloud access’ network vector?
The compromise of an administrative cloud account
What’s the ‘Direct access’ network vector?
It’s the compromise the physical place where network devices are
What’s the ‘Wired network’ network vector?
The attaching of unauthorized devices to the physical network, with permitted communication
What’s the ‘Open service port’ network vector?
Being able to establish a unauthenticated connection in a TCP, or UDP, port
What are lure-based vectors?
Are vectors that are attractive and fools users to go for it
What’s a drop attack?
Threat actor leaves infected USB sticks on the floor, waiting one employee to plug it into a computer, initiating an attack
What are message-based vectors?
The sending of infected files within messages that tricks users into opening.
[Phising]
What’s the attack surface of message based vectors?
- Short Message Service - SMS
- Instant Messaging - IM
- Web and social media
What’a zero-click exploit?
It’s an exploit triggered by no user action.
What’s a supply chain?
End-to-end process of designing, manufacturing and distributing goods or services to customers
What’s a ‘procurement management’ process?
The process of ensuring reliable sources are in the supply chain
What’s social engineering?
Means of extracting information or to perform actions through the human factor.
What are the manipulation techniques?
- Moral obligation
- Innate human trust
- Threatening
- Very little to nothing
- Ignorance
- Authority and fear
- Social proof
- Scarcity
- Likeability
- Urgency
- Common ground
What is the social engineering process?
- Research
- Development
2.1 Selecting individuals
2.2 Relating to the targets - Exploitation
What’s footprinting?
The process of extracting information on any resource available
What are the social engineering techniques?
- Impersonation and pretexting
- Phishing and pharming
- Typosquatting
- Brand impersonation and disinformation
What’s a business email compromise?
It’s a sophisticated phishing attack where a valid account of vendor are spoofed or compromised.
What’s the difference between disinformation and misinformation?
Disinformation is when the purpose is to deceive.
Misinformation is repeating false information without the intent to deceive.
What’s a watering hole attack?
The compromise of a third-party resource used by the target’s system or by it’s employees.
(Supply chain attack)
What’s a malware?
Software that does “bad things” in the system from the owner’s perspective
What are the types of malware?
- Virus and worms
- Trojans
- PUP/PUA
What’s a virus?
It’s a type of malware designed to replicate and spread from computer to computer, executed only when a user performs an action
What are the types of viruses?
- Non-resident
- Memory resident
- Boot
- Script and macro
- Fileless
What’s a polymorphic virus?
Virus that dynamically change, or obfuscate, their code to evade detection
What’s a multipartite virus?
Viruses that use multiple vectors
What’s a worm?
Virus that replicates and runs withou user intervention
Acronym:
AVT
Advanced Volatile Threat
What’s a AVT or APT virus kind?
It’s a fileless and live-off-the-land malware.
What’s a spyware?
Malware that spies on the target’s system
What are the most common spyware kinds of virus?
- Adware
- Keylogger
- Tracking cookies
- Supercookies
- Beacons
What’s a supercookie [Spyware]?
It’s the storing of tracking data without declaring or through header requests
What are beacons [Spyware]?
Single-pixel image embedded into a site; When loaded, footprints, collects metadata and could even run scripts
What’s a backdoor?
Access method that circumvents the usual authentication method.
Acronym:
RAT
Remote Access Trojan
What’s a RAT - Remote Access Trojan?
Backdoor malware that pretends to be a legitimate program
What’s a zombie? In the context of RATs
A host controlled by a RAT
What’s a botnet?
A group of computers under the control of the same malware instance.
Acronym:
What C2 or C&C?
Command and Control
What’s a Command and Control
Infrastructure of hosts and services where attacker distributes, direct and controls malwares over botnets
What are the commonly used protocols in C2?
IRC, HTTP and DNS
Acronym:
IRC [Protocol]
Internet Relay Chat
What’s a rootkit?
Malware that runs with highest privilege on a system
What’s a ransomware?
Extorts money from victims by making devices, or data, unavailable and demanding payment.
What’s crypto-ransomware?
Ransomware that encrypts the data, the private encryption key is held by the attacker
What’s a cryptojacking malware?
Steals physical resources to mine cryptocurrency.
What’s a logic bomb?
Malicious code that waits a trigger to be executed.
What are good strategies in malware prevention?
- Patches
- Anti-malware soluctions
- Browser settings
- Firewall
- Training
- Web filter
