Sec+ Chapter 02: Cybersecurity Threat Landscape

Question 1

f

Script kiddie

Answer 1

People who use hacking techniques but have limited skills

Lack of skill != not dangerous

Relies on free or automated tools from the internet, but those are impactful if you’re vulnerable

Question 2

Hactivists

Answer 2

Hackers who want to accomplish a specific goal

They believe they’re engaged in a just crusade, so your defense might not impact them the same way it would other threat actors

Question 3

Organized cybercriminals

Answer 3

Threat actors or groups that want to generate as much illegal profit as they can

Can be moderately or highly skilled, but have a lot of resources and money to buy the best hackers they can

Question 4

APT

Answer 4

Advanced persistent threats

Attackers that use advanced techniques and persist in their attacks, which occur over a significant period of time

Question 5

Nation state attack

Answer 5

Governments or nations that engage in attacks

EX: China and Russia botnets for DDoS

Question 6

Zero day attack

Answer 6

Attacks that exploit a vulnerability not known to other attackers or cybersecurity teams

Usually carried out by APT

Question 7

Insider atack

Answer 7

Employee, contractor, vendor, or someone with access uses their permissions to attack an org

Question 8

Shadow IT

Answer 8

When someone seeks out their own tech solutions instead of using company approved ones

EX: What I did with my home computer vs laptop at Classy during pandemic

Question 9

Competitor attack

Answer 9

When competitors engage in corporate espionage to steal sensitive info and use it to their business advantage

Question 10

Threat vectors

Answer 10

1) Email and social media

2) Direct access

3) Wireless networks

4) Removable media

5) Cloud

6) Third party / supply chain

Question 11

Threat intelligence

Answer 11

Activities and resources available to learn about changes in the threat environment

Question 12

OSINT

Answer 12

Open source intelligence

Intel acquired from publicly available sources

Question 13

Closed source intelligence

Answer 13

When commercial, govt, or security orgs do their own research and maintain threat feeds with custom tools, analysis models, etc

Question 14

3 questions to assess threat intel

Answer 14

1) Is it timely?

2) Is it accurate?

3) Is it relevant?

Question 15

STIX

Answer 15

Structured threat information eXpression

XML language that defines things like motivations, abilities, capabilities, attack patterns, identities, malware, threat actors, tools, etc

Currently STIX 2.0

Question 16

OASIS

Answer 16

Organization for the advancement of structured information standards

Question 17

TAXII

Answer 17

Trusted automated eXchange of indicator information

Allows for the secure transfer of STIX data between organizations

Question 18

OpenIOC

Answer 18

Open indicators of compromise

XML based framework like STIX that includes metadata like author, name of IOC, and description of indicator

Question 19

ISACs

Answer 19

Information sharing and analysis centers

Orgs that help infrastructure owners and operators share threat info and provide tools or assistance to members

Question 20

CTA

Answer 20

Cyber threat alliance

Members upload specifically formatted threat intel

CTA scores each submission and validates across other subs

Other members can extract the validated data

Question 21

IoC

Answer 21

Indicators of compromise

Events that indicate a potential intrusion:

EX: Unusual amount of network activity, change to file hash values, irregular international traffic, DNS data changes, uncommon login patterns, etc