Section 4: Classifying Threats Flashcards

1
Q

What are the two highest levels of threat classification categories?

A

Known threats and unknown threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define known threats.

A

Any threat that can be identified using basic signature or pattern matching

Examples include malware and documented exploits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is malware?

A

Any software intentionally designed to cause damage to a computer, server, client, or computer network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

List examples of malware.

A
  • Viruses
  • Rootkits
  • Trojans
  • Botnets
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a documented exploit?

A

A piece of software, data, or a sequence of commands that takes advantage of a vulnerability to cause unintended behavior or gain unauthorized access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How can known threats be detected?

A

Using signatures, hash values, or other detection methods

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an unknown threat?

A

Any threat that cannot be identified using basic signature or pattern matching

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a zero-day exploit?

A

An unknown exploit in the wild that exposes a vulnerability in software or hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What issues can arise from a zero-day vulnerability?

A

It can create complicated problems before anyone realizes something is wrong

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define obfuscated malware code.

A

Malicious code whose execution has been hidden through techniques like compression, encryption, or encoding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is behavior-based detection?

A

A malware detection method that evaluates an object based on its intended actions before it executes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Explain the concept of recycled threats.

A

Combining and modifying parts of existing exploit code to create new threats that are not easily identified

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are known unknowns?

A

A classification of malware that contains obfuscated techniques to circumvent signature matching and detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are unknown unknowns?

A

A classification of malware that contains completely new attack vectors and exploits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the four quadrants in the threat classification chart?

A
  • Known knowns
  • Unknown knowns
  • Known unknowns
  • Unknown unknowns
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are known knowns?

A

Things that we are certain of with established signatures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are unknown knowns?

A

Something known to others but not known to you

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a known unknown?

A

An unknown thing that lacks a signature but is recognized as potentially harmful

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are unknown unknowns?

A

Things that are not known to either party, requiring research to discover

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the Johari Window?

A

A concept with four quadrants: open, blind, hidden, and unknown, aimed at increasing known information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What does the ‘open’ quadrant in the Johari Window represent?

A

Knowledge that is known to both the individual and others

22
Q

What does the ‘hidden’ quadrant in the Johari Window represent?

A

Knowledge that is known to the individual but not known to others

23
Q

What does the ‘blind’ quadrant in the Johari Window represent?

A

Knowledge that is known to others but not known to the individual

24
Q

What does the ‘unknown’ quadrant in the Johari Window represent?

A

Knowledge that is not known to either the individual or others

25
What is the term used to describe individuals who want to harm networks or steal secure data?
Threat actor ## Footnote Threat actors can include various categories of adversaries.
26
What are the two main categories of threat actors based on their structure?
Structured and unstructured ## Footnote These categories reflect the organization and skill level of the threat actors.
27
What is the difference between a hacker and a cracker?
A hacker is a computer enthusiast, while a cracker is a hacker with malicious intent. ## Footnote The terms have been blended in media, but the distinction is important in cybersecurity.
28
What are the three types of hackers based on the 'hats' they wear?
* Black hat hackers * White hat hackers * Gray hat hackers ## Footnote Each type represents a different ethical stance on hacking.
29
What is a script kiddie?
An attacker with the least amount of skill who uses others' tools for attacks. ## Footnote Script kiddies typically do not develop their own hacking tools.
30
What is an insider threat?
An employee or former employee with knowledge of the organization's network who may cause harm. ## Footnote Insider threats can be intentional or unintentional.
31
What are the two types of insider threats?
* Intentional insider threats * Unintentional insider threats ## Footnote Intentional threats involve deliberate harm, while unintentional threats arise from carelessness or errors.
32
What motivates competitors as threat actors?
Stealing proprietary data, disrupting business, or damaging reputation. ## Footnote Competitors may use insider threats to achieve their goals.
33
What characterizes organized crime as a threat actor?
Focus on hacking and computer fraud for financial gain. ## Footnote Organized crime groups often use sophisticated attacks and tools.
34
What defines a hacktivist?
Politically motivated hackers targeting governments and corporations to advance their agendas. ## Footnote Hacktivists can act individually or as part of larger groups.
35
What is a nation-state in the context of cybersecurity?
A highly skilled threat actor with exceptional capability and intent to achieve political motives through cyber attacks. ## Footnote Nation-states often conduct advanced persistent threats (APTs).
36
What is an APT?
Advanced Persistent Threat, a long-term presence on a network to gather sensitive information. ## Footnote APTs can be carried out by various actors, including nation-states and criminal organizations.
37
What is a false flag attack?
An attack designed to appear as if it was conducted by a different group. ## Footnote This tactic is used for plausible deniability by the actual perpetrators.
38
Fill in the blank: A _______ is a simple program often used by script kiddies to conduct denial of service attacks.
Low Orbit Ion Cannon ## Footnote This tool allows users to easily execute attacks without in-depth knowledge.
39
What are key defensive measures against insider threats?
* Employee education and training * Access controls * Incident response plans * Regular monitoring of user activity ## Footnote These measures help mitigate risks associated with insider threats.
40
What was the 2020 SolarWinds attack an example of?
A supply chain attack conducted by nation-state actors. ## Footnote It involved compromising a software update to access numerous networks.
41
What is the impact of unintentional insider threats?
Causes harm unintentionally due to carelessness or lack of knowledge. ## Footnote Examples include falling for phishing emails or using weak passwords.
42
True or False: All APTs are nation-state actors.
False ## Footnote While most nation-state actors are APTs, not all APTs are affiliated with nation-states.
43
What does APT stand for?
Advanced Persistent Threat
44
What is the primary characteristic of an APT?
Establishes a long-term presence on a network
45
What is the main goal of an advanced persistent threat?
Harvest sensitive data, intellectual property, and other sensitive information
46
Who can carry out APTs?
Nation-states, criminal organizations, and individual hackers
47
How long can APTs infiltrate a network?
From weeks to months or even years
48
What does the term 'living off the land' refer to in the context of APTs?
Using tools that already exist on the computer
49
True or False: APTs are typically poorly funded and disorganized.
False
50
What differentiates a nation-state actor from an APT?
A nation-state actor is affiliated with a government, while an APT is a type of cyber attack
51
What level of persistence is associated with APTs?
High level of persistence and determination
52
Fill in the blank: APTs carefully hide their activity and blend in with _______.
normal network traffic