Module 1 - Cybersecurity Threats, Vulnerabilities, and Attacks

Question 1

What is a Threat Domain?

Answer 1

• An area of control, authority, or protection that attackers can use to gain access to a system.
• Organisations needs to know what vulnerabilities exist within their threat domains.

Question 2

Examples of exploitation of Threat Domains

Answer 2

• Direct physical access to systems and networks
• Wireless network that extends beyond an organisations boundaries
• Bluetooth or NFC (Near Field Connection) devices
• Malicious email attachments
• Less secure elements within an organisation’s supply chain
• An organisation’s social media accounts
• Removable media such as flash drives
• Cloud based applications

Question 3

List types of cyber threats with examples

Answer 3

• Software attacks
  
  • A successful DoS attack
• Software errors
  
  • A software bug
• Sabotage
  
  • An authorised user successfully accessing and compromising an organisation’s database
• Human error
  
  • A firewall misconfiguration
• Theft
  
  • Laptops or other equipment being stolen
• Hardware Failures
  
  • A hard drive failure
• Utility interruption
  
  • A power outage
• Natural disasters
  
  • Earthquake

Question 4

What are Internal Threats?

Answer 4

• Usually carried out from within the organisation
• Maybe by a former employee or a contractor who, for example, mishandles confidential data or allows malicious software onto a network
• Normally end up being worse than External Threats since they would have intimate knowledge of internal services and direct access to resources

Question 5

What are External Threats?

Answer 5

• Usually carried out from outside the organisation
• Normally a hacker of some kind that exploits vulnerabilities in equipment/software or uses social engineering to get what they need

Question 6

What is a User Domain?

Answer 6

• Includes anyone with access to an organisation’s systems
• May include employees, customers, and contract partners

Question 7

What is a Private Cloud Domain?

Answer 7

• Includes any private servers, resources and IT infrastructure available to members of a single organization via the Internet.

Question 8

What is a LAN Domain?

Answer 8

• Includes any devices connected locally via Wifi or Ethernet

Question 9

What is a Public Cloud Domain?

Answer 9

• The entirety of computing services hosted by a cloud, service or Internet provider that are available to the public and shared across organizations.
• Includes the SaaS, PaaS, and IaaS models.

Question 10

What is an Application Domain?

Answer 10

• Includes all of the critical systems, applications and data used by an organization to support operations.

Question 11

What is an APT?

Answer 11

• Advanced Persistence Threat
• A continuouse attack that uses elaborate espionage tactics along with multiple actors or sophisticated malware to access and analyse a target’s network.
• Attackers will attempt to go under the radar for an extended period of time
• Typically targets high-level organisations and are well fund and well organised

Question 12

What is an Algorithm Attack?

Answer 12

• Takes advantage of algorithms in legitimate software to generate unintended behaviors
• For example, tracking and reporting how much power a computer uses to show false alerts or select targets. Can also be used to disable a computer by forcing it to use up all its RAM/CPU.

Question 13

What is OSINT?

Answer 13

• Open Source Intelligence
• Security data that doesn’t require a paid subscription to access

Question 14

Examples of Backdoors

Answer 14

• Netbus
• Back Orifice

Question 15

What is a Rootkit?

Answer 15

• Malware that modifies the OS of a device to create a backdoor. Not a backdoor in and of itsself.
• Can modify system forensics and monitoring tools making themselves hard to detect.

Question 16

What is CVE?

Answer 16

• Common Vulnerabilities and Exposures
• Sponsored by US-CERT (United States Computer Emergency Readiness Team) and the Department of Homeland Security
• Maintained by the MITRE Corporation

Question 17

List threat intelligence and research sources

Answer 17

• CVE
• The Dark Web - Content not indexed by conventional search engines. Researchers monitor the dark web for threat intelligence.
• IOCs (Indicators of Compromise) - For example malware signatures and domain names can provide evidence of security breaches and information about them
• AIS (Automated Indicator Sharing) - A capability of CISA (Cybersecurity and Infrastructure Security Agency) that enables the real time exchange of cybersecurity threat indicators using a standardised language called STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated Exchange of Intelligence Information).

Question 18

What is Social Engineering?

Answer 18

• A non-technical strategy that attempts to manipulate users into performing certain actions or divulging certain sensitive information

Question 19

List types of Social Engineering

Answer 19

• Pretexting - An individual lies to gain access to sensitive data (e.g. Someone asking you to confirm personal information to validate you when they don’t need to)
• Quid Pro Quo - Requesting sensitive information in exchange for something else (e.g. Money)
• Identity Fraud - The use of a person’s stolen identity to obtain information. (e.g. Issuing a credit card in someone else’s name)