SON 3 Flashcards
Threat actors?
Nation-state
Unskilled attacker
Hacktivist
Insider threat β¦ Organized crime
Shadow IT
What factor determines the financial strength of a threat actor?
Threat actors vary in resources, with nation-states having significant funding.
Where can threat actors originate from?
Internal vs External
What determines a threat actorβs level of sophistication?
Skill levels differ; nation-states and organized crime are highly skilled, while unskilled attackers have low capability.
What are the key characteristics of a nation-state threat actor?
πΉ Nation-State β Government-backed cyber actor.
πΉ Goals β Political, economic, or military advantage.
πΉ Well-funded & skilled β Uses top-tier resources.
πΉ APTs β Long-term stealth attacks for spying or disruption.
What defines an unskilled attacker, and why can they still be a threat?
πΉ Unskilled Attacker β Lacks expertise, uses othersβ tools.
πΉ βScript kiddieβ β Relies on pre-made scripts.
πΉ No new exploits β Canβt create advanced attacks.
πΉ Still dangerous β Easy tools + weak security = risk.
What are the key traits of organized cybercrime groups?
πΉ Organized Crime β Criminal groups using cyber attacks for profit.
πΉ Well-funded & strategic β Structured operations with advanced tools.
πΉ Common crimes β Fraud, identity theft, ransomware, data theft.
πΉ Targets β Banks, businesses, and individuals.
What motivates hacktivists, and how do they operate?
πΉ Hacktivist β Hacker driven by political or social causes.
πΉ Tech + activism β Uses hacking for protests.
πΉ Common attacks β Website defacement, DDoS, data leaks.
πΉ Goal β Raise awareness or disrupt targets.
Why are insider threats difficult to prevent?
πΉ Insider Threat β Risk from people inside an organization.
πΉ Types β Malicious (intentional harm) or unintentional (careless mistakes).
πΉ Hard to detect β Insiders already have legitimate access.
πΉ Example β Phishing victim or a rogue employee stealing data.
Why is Shadow IT a security risk?
Shadow IT β Unapproved tech used within an organization.
πΉ Bypasses IT oversight β No security checks or compliance.
πΉ Risks β Data breaches, non-compliance, security gaps.
πΉ Examples β Unauthorized cloud storage, personal software, unsanctioned apps.
How can attackers use messaging services to deliver threats?
πΉ Email β Used for phishing, malware, ransomware, and spam.
πΉ SMS (Smishing) β Phishing links or malicious content via text.
πΉ Instant Messaging (IM) β Malware or phishing attacks in real-time chats.
How can attackers use messaging services to deliver threats?
πΉ Email β Used for phishing, malware, ransomware, and spam.
πΉ SMS (Smishing) β Phishing links or malicious content via text.
πΉ Instant Messaging (IM) β Malware or phishing attacks in real-time chats.
How can images be used as a cyber threat vector?
πΉ Malicious Images β Exploits can be hidden in image files.
πΉ Viewing = Risk β Simply opening an infected image can trigger an attack.
Question: Why is opening untrusted files a security risk?
πΉ Embedded Malware β Files can contain hidden malicious software.
πΉ Execution = Compromise β Opening an infected file can lead to an attack.
What is vishing, and how do attackers use it?
πΉ Vishing β Phone-based phishing scams.
πΉ Tricks victims β Attackers impersonate trusted entities.
πΉ Goal β Steal personal info or spread malware.
Why are USBs and other removable devices a security risk?
πΉ USBs & External Devices β Can carry malware.
πΉ Plugging in = Risk β May exploit system vulnerabilities.
πΉ Common attack β Auto-run malware when connected.
How do vulnerabilities in software expose systems to attacks?
πΉ Client-based β Installed software can have exploitable flaws.
πΉ Agentless β Runs without installation, harder to monitor.
πΉ Risk β Unpatched or outdated software increases threats.
