Threat Actors

Question 1

An individual or entity responsible for incidents that impact security and data protection.

Answer 1

Threat Actor

Question 2

Specific characteristics or properties that define and differentiate various threat actors from one another are known as:

Answer 2

Threat Actor Attributes

Question 3

Individuals with limited technical expertise who use readily available tools like downloaded scripts or exploits to carry out attacks are known as:

Answer 3

Unskilled Attackers

Question 4

Cyber Attackers who carry out their activities driven by political, social change, or environmental ideologies who often want to draw attention to a specific cause instead of personal gain are known as:

Answer 4

Hacktivists

Question 5

Well structured groups that execute cyberattacks for financial gain, usually through methods like ransomware, identity theft or credit card fraud are known as:

Answer 5

Organized Crime

Question 6

Highly skilled attackers that are sponsored by governments to carry out cyber espionage, sabotage, or cyber warfare against other nation states or specific targets in a variety of industries.

Answer 6

Nation State Attackers

Question 7

Security threats that originate from within the organization

Answer 7

insider Threats

Question 8

What is IT systems, devices, software, applications, and services called that are managed and utilized without explicit organizational approval?

Answer 8

Shadow IT ( Stealth IT or Client IT )

Question 9

Decoy systems or servers designed to attract and deceive potential attackers, simulating real-world IT assets to study their techniques. They can be used against insider threats to detect internal fraud, snooping, and malpractice. Place it within a screened subnet or isolated segment that is easily accessed by potential attackers are called:

Answer 9

Honeypots

Question 10

normally used by big organizations where these are a network of Honeypots used to create an entire network of systems like servers, routers, and switches of decoy systems to observe complex, multi-stage attacks logs all activities to provide a wealth of data about both successful and unsuccessful attacks:

Answer 10

Honeynets

Question 11

Decoy files placed within systems to detect unauthorized access, lures attackers, or data breaches are known as

Answer 11

Honeyfiles

Question 12

Fake pieces of data, like a fabricated user credential, great for insider threats and inserted into databases or systems to alert administrators when they are accessed or used are called:

Answer 12

Honeytokens

Question 13

examples of Threat Actor Motivations include:

Answer 13

Data Exfiltration - unauthorized transfer of data from a PC
Blackmail
Espionage - committed by nation state actors
Service Disruption - Distributed Denial of Service (DDOS)
Financial Gain - ransomware attacks / Banking Trojans
Philosophical or Political Beliefs
Ethical Reasons
Revenge
Disruption or chaos
War

Question 14

These refer to the tools, skills, and personnel at the disposal of a given threat actor

Answer 14

Resources and Funding

Question 15

Internal vs. External
Resources and Funding
Level of sophistication and capability are examples of:

Answer 15

Threat Actor Attributes

Question 16

Unskilled attackers who depend on other peoples scripts or hacking tools, who are motivated by a desire for recognition or the thrill are also known as:

Answer 16

Script Kiddies

Question 17

Software tools like DDOS, low orbit ion cannon

Answer 17

Unskilled attackers

Question 18

Hacktivists use the following:

Answer 18

Website Defacement -
DDOS Attacks - where the attack is to stop your organizations legitimate users to be able to access
Doxing - involves public release about an individual or org
Leaking of Sensitive Data -

Question 19

Some Hacktivists groups include:

Answer 19

LulzSec - 50 Days of Lulz
Anonymous - Operation Payback

Question 20

Sophisticated and well-structured entities that leverage resources and technical skills for illicit gain

Answer 20

Organizied Cyber Crime Groups

Question 21

Organized Cyber Crime Groups employ advanced hacking techniques and tools like:

Answer 21

Custom malware
Ransomware
Sophisticated phishing campaigns

Question 22

Organized Cyber Crime Groups also utilize the following to facilitate their activities and evade detection.

Answer 22

Cryptocurrencies
Dark Web
Cellular Collection Devices

Question 23

Organizied Cyber Crime Groups are known to:

Answer 23

Data Breaches
Identity Theft
Online Fraud
Ransomware Attacks

Question 24

A well known Organizied Cyber Crime Group that has been linked to numerous high-profile data breaches using phishing campaigns is known as:

Answer 24

FIN7

Question 25

A well known Organizied Cyber Crime Group that has said to have stolen over 1 billion dollars from banks all around the world is know as:

Answer 25

Carbanak

Question 26

Nation-state actors deploy this type of attack that is orchestrated in such a way that it appears to originate from a different source or group:

Answer 26

False Flag Attack

Question 27

You will find that these type of actors are some of the most sophisticated, dangerous, and troublesome you will run across:

Answer 27

Nation-state actors
Advanced Persistent Threats

Question 28

Nation-state actors

Answer 28

Creating Custom Malware
Using Zero-Day Exploits
Become an Advanced Persistent Threat - persistent and stealth

Question 29

APT is a prolonged and targeted cyberattack is also known as:

Answer 29

Advanced Persistent Threat

Question 30

__________ are not in it for financial gain, only to achieve their intended goals.

Answer 30

Nation-state actors

Question 31

Nation-state actors objectives are to:

Answer 31

Gather Intelligence
Disrupt Critical Infrastructure
Influence Political Processes

Question 32

in 2011 this sophisticated piece of malware was designed to sabotage the Iranian government’s nuclear program is:

Answer 32

Stuxnet Worm

Question 33

Insider threats can include:

Answer 33

Data Theft
Sabotage
Misuse of Access Privileges

Question 34

In 2013 __________ leaked a vast amount of info from a National Security Agency to the media

Answer 34

Edward Snowden

Question 35

To mitigate an __________ __________from being successful, organizations should implement a zero trust, employ robust access controls, conduct regular audits, and provide effective employee security awareness programs.

Answer 35

Insider attack

Question 36

Shadow IT could be one of the following:

Answer 36

Use of Personal Devices “BYOD” for Work Purposes - monitors, laptops, smart phones,
Installation of Unapproved Software - plugins extensions
Use of Cloud Services that have not been approved by org - using: DropBox, iDrive, amazon drive.

Question 37

The means or Pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload or carry out an unwanted action is known as a:

Answer 37

Threat Vector ( or how of the attack )

Question 38

This encompasses all the various points where an unauthorized user can try to enter data to or extract data from an environment:

Answer 38

Attach surface ( or the aware of the attack )

Question 39

to help significantly increase the security posture and minimize the attack surface you can:

Answer 39

Restricting access
Removing Unnecessary Software
Disabling Unused Protocols

Question 40

Some examples of Threat Vectors include:

Answer 40

Messages - phishing
Images - embedding of malicious code inside the image
Files - downloaded from websites
Voice Calls
Removable Devices - baiting, like finding a USB lying around
Unsecure Networks - Mac Address cloning or VLAN hopping. By Bluetooth, like BlueBorne or the BlueSmack Exploits.

Question 41

A set of vulnerabilities in Bluetooth technology that can allow an attacker to take over devices or spread malware is known as:

Answer 41

Blueborne

Question 42

A type of Denial of Service attack that targets Bluetooth-enabled devices by sending a specially crafted Logical Link Control and Adaptation Protocol packet to a target device is known as:

Answer 42

BlueSmack

Question 43

To help prevent threat actors from entering your network you should utilize deception technologies like:

Answer 43

Honeypots
Honeynets
Honeyfiles
Honeytokens

To help log, monitor, and track threat actors.

Question 44

using, Honeypots, Honeynets, Honeyfiles, and Honeytokens we can learn threat actors:

Answer 44

( TTPs ) or Tactics, Techniques, and Procedures

Question 45

What is specific methods and patterns of activities or behaviors associated with a particular threat actor or group of threat actors called?

Answer 45

( TTPs ) or Tactics, Techniques, and Procedures

Question 46

Examples of disruption technologies include:

Answer 46

Using bogus DNS entries
Creating decoy directories
Generating dynamic page- Used in websites to present ever-changing content to web crawlers to confuse and slow down the threat actor
Using port triggering
Spoofing fake telemetry data - used normally when a system sees that a attacker’s trying to scan the network