Section 4: Classifying Threats

Question 1

What are the two highest levels of threat classification categories?

Answer 1

Known threats and unknown threats

Question 2

Define known threats.

Answer 2

Any threat that can be identified using basic signature or pattern matching

Examples include malware and documented exploits.

Question 3

What is malware?

Answer 3

Any software intentionally designed to cause damage to a computer, server, client, or computer network

Question 4

List examples of malware.

Answer 4

• Viruses
• Rootkits
• Trojans
• Botnets

Question 5

What is a documented exploit?

Answer 5

A piece of software, data, or a sequence of commands that takes advantage of a vulnerability to cause unintended behavior or gain unauthorized access

Question 6

How can known threats be detected?

Answer 6

Using signatures, hash values, or other detection methods

Question 7

What is an unknown threat?

Answer 7

Any threat that cannot be identified using basic signature or pattern matching

Question 8

What is a zero-day exploit?

Answer 8

An unknown exploit in the wild that exposes a vulnerability in software or hardware

Question 9

What issues can arise from a zero-day vulnerability?

Answer 9

It can create complicated problems before anyone realizes something is wrong

Question 10

Define obfuscated malware code.

Answer 10

Malicious code whose execution has been hidden through techniques like compression, encryption, or encoding

Question 11

What is behavior-based detection?

Answer 11

A malware detection method that evaluates an object based on its intended actions before it executes

Question 12

Explain the concept of recycled threats.

Answer 12

Combining and modifying parts of existing exploit code to create new threats that are not easily identified

Question 13

What are known unknowns?

Answer 13

A classification of malware that contains obfuscated techniques to circumvent signature matching and detection

Question 14

What are unknown unknowns?

Answer 14

A classification of malware that contains completely new attack vectors and exploits

Question 15

What are the four quadrants in the threat classification chart?

Answer 15

• Known knowns
• Unknown knowns
• Known unknowns
• Unknown unknowns

Question 16

What are known knowns?

Answer 16

Things that we are certain of with established signatures

Question 17

What are unknown knowns?

Answer 17

Something known to others but not known to you

Question 18

What is a known unknown?

Answer 18

An unknown thing that lacks a signature but is recognized as potentially harmful

Question 19

What are unknown unknowns?

Answer 19

Things that are not known to either party, requiring research to discover

Question 20

What is the Johari Window?

Answer 20

A concept with four quadrants: open, blind, hidden, and unknown, aimed at increasing known information

Question 21

What does the ‘open’ quadrant in the Johari Window represent?

Answer 21

Knowledge that is known to both the individual and others

Question 22

What does the ‘hidden’ quadrant in the Johari Window represent?

Answer 22

Knowledge that is known to the individual but not known to others

Question 23

What does the ‘blind’ quadrant in the Johari Window represent?

Answer 23

Knowledge that is known to others but not known to the individual

Question 24

What does the ‘unknown’ quadrant in the Johari Window represent?

Answer 24

Knowledge that is not known to either the individual or others

Question 25

What is the term used to describe individuals who want to harm networks or steal secure data?

Answer 25

Threat actor ## Footnote Threat actors can include various categories of adversaries.

Question 26

What are the two main categories of threat actors based on their structure?

Answer 26

Structured and unstructured ## Footnote These categories reflect the organization and skill level of the threat actors.

Question 27

What is the difference between a hacker and a cracker?

Answer 27

A hacker is a computer enthusiast, while a cracker is a hacker with malicious intent. ## Footnote The terms have been blended in media, but the distinction is important in cybersecurity.

Question 28

What are the three types of hackers based on the 'hats' they wear?

Answer 28

* Black hat hackers * White hat hackers * Gray hat hackers ## Footnote Each type represents a different ethical stance on hacking.

Question 29

What is a script kiddie?

Answer 29

An attacker with the least amount of skill who uses others' tools for attacks. ## Footnote Script kiddies typically do not develop their own hacking tools.

Question 30

What is an insider threat?

Answer 30

An employee or former employee with knowledge of the organization's network who may cause harm. ## Footnote Insider threats can be intentional or unintentional.

Question 31

What are the two types of insider threats?

Answer 31

* Intentional insider threats * Unintentional insider threats ## Footnote Intentional threats involve deliberate harm, while unintentional threats arise from carelessness or errors.

Question 32

What motivates competitors as threat actors?

Answer 32

Stealing proprietary data, disrupting business, or damaging reputation. ## Footnote Competitors may use insider threats to achieve their goals.

Question 33

What characterizes organized crime as a threat actor?

Answer 33

Focus on hacking and computer fraud for financial gain. ## Footnote Organized crime groups often use sophisticated attacks and tools.

Question 34

What defines a hacktivist?

Answer 34

Politically motivated hackers targeting governments and corporations to advance their agendas. ## Footnote Hacktivists can act individually or as part of larger groups.

Question 35

What is a nation-state in the context of cybersecurity?

Answer 35

A highly skilled threat actor with exceptional capability and intent to achieve political motives through cyber attacks. ## Footnote Nation-states often conduct advanced persistent threats (APTs).

Question 36

What is an APT?

Answer 36

Advanced Persistent Threat, a long-term presence on a network to gather sensitive information. ## Footnote APTs can be carried out by various actors, including nation-states and criminal organizations.

Question 37

What is a false flag attack?

Answer 37

An attack designed to appear as if it was conducted by a different group. ## Footnote This tactic is used for plausible deniability by the actual perpetrators.

Question 38

Fill in the blank: A _______ is a simple program often used by script kiddies to conduct denial of service attacks.

Answer 38

Low Orbit Ion Cannon ## Footnote This tool allows users to easily execute attacks without in-depth knowledge.

Question 39

What are key defensive measures against insider threats?

Answer 39

* Employee education and training * Access controls * Incident response plans * Regular monitoring of user activity ## Footnote These measures help mitigate risks associated with insider threats.

Question 40

What was the 2020 SolarWinds attack an example of?

Answer 40

A supply chain attack conducted by nation-state actors. ## Footnote It involved compromising a software update to access numerous networks.

Question 41

What is the impact of unintentional insider threats?

Answer 41

Causes harm unintentionally due to carelessness or lack of knowledge. ## Footnote Examples include falling for phishing emails or using weak passwords.

Question 42

True or False: All APTs are nation-state actors.

Answer 42

False ## Footnote While most nation-state actors are APTs, not all APTs are affiliated with nation-states.

Question 43

What does APT stand for?

Answer 43

Advanced Persistent Threat

Question 44

What is the primary characteristic of an APT?

Answer 44

Establishes a long-term presence on a network

Question 45

What is the main goal of an advanced persistent threat?

Answer 45

Harvest sensitive data, intellectual property, and other sensitive information

Question 46

Who can carry out APTs?

Answer 46

Nation-states, criminal organizations, and individual hackers

Question 47

How long can APTs infiltrate a network?

Answer 47

From weeks to months or even years

Question 48

What does the term 'living off the land' refer to in the context of APTs?

Answer 48

Using tools that already exist on the computer

Question 49

True or False: APTs are typically poorly funded and disorganized.

Answer 49

False

Question 50

What differentiates a nation-state actor from an APT?

Answer 50

A nation-state actor is affiliated with a government, while an APT is a type of cyber attack

Question 51

What level of persistence is associated with APTs?

Answer 51

High level of persistence and determination

Question 52

Fill in the blank: APTs carefully hide their activity and blend in with _______.

Answer 52

normal network traffic