Section 4: Classifying Threats Flashcards
What are the two highest levels of threat classification categories?
Known threats and unknown threats
Define known threats.
Any threat that can be identified using basic signature or pattern matching
Examples include malware and documented exploits.
What is malware?
Any software intentionally designed to cause damage to a computer, server, client, or computer network
List examples of malware.
- Viruses
- Rootkits
- Trojans
- Botnets
What is a documented exploit?
A piece of software, data, or a sequence of commands that takes advantage of a vulnerability to cause unintended behavior or gain unauthorized access
How can known threats be detected?
Using signatures, hash values, or other detection methods
What is an unknown threat?
Any threat that cannot be identified using basic signature or pattern matching
What is a zero-day exploit?
An unknown exploit in the wild that exposes a vulnerability in software or hardware
What issues can arise from a zero-day vulnerability?
It can create complicated problems before anyone realizes something is wrong
Define obfuscated malware code.
Malicious code whose execution has been hidden through techniques like compression, encryption, or encoding
What is behavior-based detection?
A malware detection method that evaluates an object based on its intended actions before it executes
Explain the concept of recycled threats.
Combining and modifying parts of existing exploit code to create new threats that are not easily identified
What are known unknowns?
A classification of malware that contains obfuscated techniques to circumvent signature matching and detection
What are unknown unknowns?
A classification of malware that contains completely new attack vectors and exploits
What are the four quadrants in the threat classification chart?
- Known knowns
- Unknown knowns
- Known unknowns
- Unknown unknowns
What are known knowns?
Things that we are certain of with established signatures
What are unknown knowns?
Something known to others but not known to you
What is a known unknown?
An unknown thing that lacks a signature but is recognized as potentially harmful
What are unknown unknowns?
Things that are not known to either party, requiring research to discover
What is the Johari Window?
A concept with four quadrants: open, blind, hidden, and unknown, aimed at increasing known information
What does the ‘open’ quadrant in the Johari Window represent?
Knowledge that is known to both the individual and others
What does the ‘hidden’ quadrant in the Johari Window represent?
Knowledge that is known to the individual but not known to others
What does the ‘blind’ quadrant in the Johari Window represent?
Knowledge that is known to others but not known to the individual
What does the ‘unknown’ quadrant in the Johari Window represent?
Knowledge that is not known to either the individual or others
What is the term used to describe individuals who want to harm networks or steal secure data?
Threat actor
Threat actors can include various categories of adversaries.
What are the two main categories of threat actors based on their structure?
Structured and unstructured
These categories reflect the organization and skill level of the threat actors.
What is the difference between a hacker and a cracker?
A hacker is a computer enthusiast, while a cracker is a hacker with malicious intent.
The terms have been blended in media, but the distinction is important in cybersecurity.
What are the three types of hackers based on the ‘hats’ they wear?
- Black hat hackers
- White hat hackers
- Gray hat hackers
Each type represents a different ethical stance on hacking.
What is a script kiddie?
An attacker with the least amount of skill who uses others’ tools for attacks.
Script kiddies typically do not develop their own hacking tools.
What is an insider threat?
An employee or former employee with knowledge of the organization’s network who may cause harm.
Insider threats can be intentional or unintentional.
What are the two types of insider threats?
- Intentional insider threats
- Unintentional insider threats
Intentional threats involve deliberate harm, while unintentional threats arise from carelessness or errors.
What motivates competitors as threat actors?
Stealing proprietary data, disrupting business, or damaging reputation.
Competitors may use insider threats to achieve their goals.
What characterizes organized crime as a threat actor?
Focus on hacking and computer fraud for financial gain.
Organized crime groups often use sophisticated attacks and tools.
What defines a hacktivist?
Politically motivated hackers targeting governments and corporations to advance their agendas.
Hacktivists can act individually or as part of larger groups.
What is a nation-state in the context of cybersecurity?
A highly skilled threat actor with exceptional capability and intent to achieve political motives through cyber attacks.
Nation-states often conduct advanced persistent threats (APTs).
What is an APT?
Advanced Persistent Threat, a long-term presence on a network to gather sensitive information.
APTs can be carried out by various actors, including nation-states and criminal organizations.
What is a false flag attack?
An attack designed to appear as if it was conducted by a different group.
This tactic is used for plausible deniability by the actual perpetrators.
Fill in the blank: A _______ is a simple program often used by script kiddies to conduct denial of service attacks.
Low Orbit Ion Cannon
This tool allows users to easily execute attacks without in-depth knowledge.
What are key defensive measures against insider threats?
- Employee education and training
- Access controls
- Incident response plans
- Regular monitoring of user activity
These measures help mitigate risks associated with insider threats.
What was the 2020 SolarWinds attack an example of?
A supply chain attack conducted by nation-state actors.
It involved compromising a software update to access numerous networks.
What is the impact of unintentional insider threats?
Causes harm unintentionally due to carelessness or lack of knowledge.
Examples include falling for phishing emails or using weak passwords.
True or False: All APTs are nation-state actors.
False
While most nation-state actors are APTs, not all APTs are affiliated with nation-states.
What does APT stand for?
Advanced Persistent Threat
What is the primary characteristic of an APT?
Establishes a long-term presence on a network
What is the main goal of an advanced persistent threat?
Harvest sensitive data, intellectual property, and other sensitive information
Who can carry out APTs?
Nation-states, criminal organizations, and individual hackers
How long can APTs infiltrate a network?
From weeks to months or even years
What does the term ‘living off the land’ refer to in the context of APTs?
Using tools that already exist on the computer
True or False: APTs are typically poorly funded and disorganized.
False
What differentiates a nation-state actor from an APT?
A nation-state actor is affiliated with a government, while an APT is a type of cyber attack
What level of persistence is associated with APTs?
High level of persistence and determination
Fill in the blank: APTs carefully hide their activity and blend in with _______.
normal network traffic