Outsmarting Threat Actors

Question 1

What is one of the most effective ways to learn from different threat actors attacking your network?

Answer 1

Set up and utilize deception and disruption technologies

Deception technologies help to mislead attackers while disruption technologies neutralize threats.

Question 2

What does TTPs stand for in the context of threat actors?

Answer 2

Tactics, Techniques, and Procedures

TTPs refer to specific methods and patterns of activities associated with particular threat actors.

Question 3

What are deceptive and disruption technologies designed to do?

Answer 3

Mislead, confuse, and divert attackers while detecting and neutralizing threats

These technologies protect critical assets from attacks.

Question 4

What is a honeypot?

Answer 4

A decoy system or network set up to attract potential hackers

Honeypots are used to gather information about attackers’ methods.

Question 5

What is a honeynet?

Answer 5

A network of honeypots designed to mimic an entire network of systems

Honeynets create a more complex environment for attackers.

Question 6

What are honeyfiles?

Answer 6

Decoy files placed within a system to lure in potential attackers

Honeyfiles help in identifying intrusions by monitoring access.

Question 7

What are honeytokens?

Answer 7

A piece of data or resource that has no legitimate value but is monitored for access or use

Honeytokens help in detecting unauthorized access.

Question 8

What are bogus DNS entries?

Answer 8

Fake Domain Name System entries introduced into your system’s DNS server

These entries can mislead attackers and protect real DNS data.

Question 9

What is the purpose of creating decoy directories?

Answer 9

To place fake folders and files within a system’s storage

Decoy directories can distract and confuse attackers.

Question 10

What is dynamic page generation effective against?

Answer 10

Automated scraping tools or bots trying to index or steal content

This technique helps protect web content from being misused.

Question 11

What is port triggering?

Answer 11

A security mechanism where specific services remain closed until a specific outbound traffic pattern is detected

Port triggering helps to hide services from unauthorized access.

Question 12

What does spoofing fake telemetry data involve?

Answer 12

Sending out fake telemetry or network data when a network scan is detected

This can mislead attackers about the network’s actual status.