Threat Actors Flashcards
What is Espionage?
- Spying on individuals, organizations, or nations to gather sensitive or classified information.
What is the popular term used to classify the lowest skilled threat actors?
Script kiddies
What method are script kiddies likely to adopt?
Pre-made software or scripts to exploit computer systems and networks.
What are hactivists?
Individuals or groups that use their technical skills to promote a cause or drive social change instead of for personal gain.
What is hacktivism?
Activities in which the use of hacking and other cyber techniques is used to promote or advance a political or social cause.
What is Website Defacement?
Form of electronic graffiti and is usually treated as an act of vandalism.
What is Doxing?
Involves the public release of private information about an individual or organisation.
What are organised cybercrime groups?
Sophisticated and well structured entities that leverage resources and technical skills for illicit gain.
What is a Nation-state Actor?
- Groups or individuals that are sponsored by a government to conduct cyber operations against other nations, organizations, or individuals.
What is a False Flag Attack?
- Attack that is orchestrated in such a way that it appears to originate from a different source or group than the actual perpetrators, with the intent to mislead investigators and attribute the attack to someone else.
What is Distributed Denial of Service (DDoS) Attacks?
Attempting to overwhelm the victim’s systems or networks so that they cannot be accessed by the organization’s legitimate users
Name 3 techniques used by nation-state actors?
■ Creating custom malware
■ Using zero-day exploits
■ Becoming an advanced persistent threats
What does ATP stand for?
Advanced Persistent Threat (APT)
What does the term ATP describe?
A prolonged and targeted cyberattack in which an intruder gains unauthorised access to a network and remains undetected for an extended period while trying to steal data or monitor network activities rather than cause immediate damage
To mitigate the risk of an insider threat being successful, organizations should implement the following
(4)
● Zero-trust architecture
● Employ robust access controls
● Conduct regular audits
● Provide effective employee security awareness programs
What is shadow IT?
Use of information technology systems, devices, software, applications, and services without explicit organizational approval outside of, and without the knowledge of, the IT department.
Why does Shadow IT exist?
An organization’s security posture is actually set too high or is too complex for business operations to occur without be negatively affected.
What is a Threat Vector?
Means or pathway by which an attacker can gain unauthorised access to a computer or network to deliver a malicious payload or carry out an unwanted action.
What does the term Attack Surface describe?
Encompasses all the various points where an unauthorized user can try to enter data to or extract data from an environment.
What are three ways an attack surface can be minimised?
● Restricting Access
● Removing unnecessary software
● Disabling unused protocols
What is a message-based threat vector?
Message-based threat vectors include threats delivered via email, simple message service (SMS text messaging), or other forms of instant messaging
What are Image-based threat vectors?
Image-based threat vectors involve the embedding of malicious code inside of an image file by the threat actor.
What is vhishing?
Use of voice calls to trick victims into revealing their sensitive information to an attacker
What is baiting?
Attacker might leave a malware-infected USB drive in a
location where their target might find it, such as in the parking lot or the lobby of the targeted organization
What is the BlueBorne technique?
Set of vulnerabilities in Bluetooth technology that can allow an attacker to take over devices, spread malware, or even establish an on-path attack to intercept communications without any user interaction
What is the BlueSmack technique?
Type of Denial of Service attack that targets Bluetooth-enabled devices by sending a specially crafted Logical Link Control and Adaptation Protocol packet to a target device
List 6 threat vectors that can be used to attack your enterprise networks
- Messages
- Images
- Files
- Voice Calls
- Removable Media
- Unsecure Networks
What does TTPs stand for?
Tactics, Techniques, and Procedures (TTPs)
What is meant by Tactics, Techniques, and Procedures (TTPs) ?
Specific methods and patterns of activities or behaviors associated with a particular threat actor or group of threat actors.
What are Honeypots?
Decoy system or network set up to attract potential hackers.
What are Honeynets?
Network of honeypots to create a more complex system that is designed to mimic an entire network of systems.
What are Honeyfiles?
Decoy file placed within a system to lure in potential attackers.
What are Honeytokens?
Piece of data or a resource that has no legitimate value or use but is monitored for access or use.x
What is port triggering
Security mechanism where specific services or ports on a network device remain closed until a specific outbound traffic pattern is detected
