Section 4: Classifying Threats Flashcards
What are the two highest levels of threat classification categories?
Known threats and unknown threats
Define known threats.
Any threat that can be identified using basic signature or pattern matching
Examples include malware and documented exploits.
What is malware?
Any software intentionally designed to cause damage to a computer, server, client, or computer network
List examples of malware.
- Viruses
- Rootkits
- Trojans
- Botnets
What is a documented exploit?
A piece of software, data, or a sequence of commands that takes advantage of a vulnerability to cause unintended behavior or gain unauthorized access
How can known threats be detected?
Using signatures, hash values, or other detection methods
What is an unknown threat?
Any threat that cannot be identified using basic signature or pattern matching
What is a zero-day exploit?
An unknown exploit in the wild that exposes a vulnerability in software or hardware
What issues can arise from a zero-day vulnerability?
It can create complicated problems before anyone realizes something is wrong
Define obfuscated malware code.
Malicious code whose execution has been hidden through techniques like compression, encryption, or encoding
What is behavior-based detection?
A malware detection method that evaluates an object based on its intended actions before it executes
Explain the concept of recycled threats.
Combining and modifying parts of existing exploit code to create new threats that are not easily identified
What are known unknowns?
A classification of malware that contains obfuscated techniques to circumvent signature matching and detection
What are unknown unknowns?
A classification of malware that contains completely new attack vectors and exploits
What are the four quadrants in the threat classification chart?
- Known knowns
- Unknown knowns
- Known unknowns
- Unknown unknowns
What are known knowns?
Things that we are certain of with established signatures
What are unknown knowns?
Something known to others but not known to you
What is a known unknown?
An unknown thing that lacks a signature but is recognized as potentially harmful
What are unknown unknowns?
Things that are not known to either party, requiring research to discover
What is the Johari Window?
A concept with four quadrants: open, blind, hidden, and unknown, aimed at increasing known information
What does the ‘open’ quadrant in the Johari Window represent?
Knowledge that is known to both the individual and others
What does the ‘hidden’ quadrant in the Johari Window represent?
Knowledge that is known to the individual but not known to others
What does the ‘blind’ quadrant in the Johari Window represent?
Knowledge that is known to others but not known to the individual
What does the ‘unknown’ quadrant in the Johari Window represent?
Knowledge that is not known to either the individual or others