Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Analyzing Application & Network Attacks > Threat Actors (Threat Actors, Intelligence Sources, & Vulnerabilities) > Flashcards

Threat Actors (Threat Actors, Intelligence Sources, & Vulnerabilities) Flashcards

1
Q

Actors and Threats

A

Agents or actors are the persons, the methods, the operations, the techniques, the systems. It could be a substance or entity that acts or has the potential to act in order to initiate transport, carry out or in any way support a particular threat or exploit. And remember, malware and exploits are not the same thing. All malware is part of an exploit, but not all exploits involve malicious code.

Threats are not realized without some agent, actor or catalyst.

It could be an individual or a group. The attack can be random.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Common Actors and Threats

A
  • Human errors
  • Hostile cyber attacks
  • Data breaches and theft
  • Cognitive threats via social networking
  • Exploiting consumer electronics
  • Interference with critical infrastructure (SCADA, PLCs)
  • Natural Disasters and infrastructural damage
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Advanced Persistent Threats (APT)

A

A long-term planned malware campaign

Pre-planned with cost-benefit analysis
–There’s typically a high degree of information gathering and reconnaissance, and then decisions are made to follow through with the kill chain based on a detailed cost benefit analysis. (is the data they’re trying to steal or the systems they are trying to undermine? Is it going to be worth the cost for them?)

Persistent in activity and system state existence

  • -Persistent in activity in the sense that if they aren’t successful penetrating the organization through e-mail, they may try a hoax or some other scam. So they’ll continue to try different threat vectors and different variants persisting over a matter of weeks and months and even years.
  • -Also persistent in the sense that the payload, or the download, the malware will maintain system state existence, often surviving a reboot of the system or residing in memory only and not leaving any artifacts on disk.

Often from nation state actors
–Part of World War C or World War Cyber.

Sophisticated multi phased polymorphic attacks
–Instead of using script kiddie tools and common attacks, they’re often much more sophisticated and complex, multi-phased polymorphic attacks operating in a stealthy manner, using different stages of encryption and decryption, compression and decompression.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Insider threats

A

look for disgruntled employees or possibly desperate employees with elevated privileges

Possible Blackstortion or intimidation
–An insider could conduct their campaign because of blackstortion which is a combination of blackmail and extortion or intimidation.

Consider ex-employees after a breach
–That’ll be part of the forensic investigation process.

APTs can involve employee with fake ID or someone using “Shadow IT”
–Shadow IT” is a term that refers to information technology, applications and infrastructure that are managed and used without the knowledge of the enterprises I.T. Department, typically brought in by privileged insiders from the outside.

Background checks and ongoing audits are critical as mitigation techniques

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

State Actors

A

State actors are part of World War C involving many of the same activities as criminal syndicates

This involves cyber warfare, corporate espionage, blackmail and extortion, or blackstortion

Zero-day code is sitting on systems in every country placed by different state actors

distributed DoS attacks are of a great concern today for government agencies and industries along with ransomware campaigns

State actors are often the threat vector of ransomware campaigns

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Hacktivism

A

Hacktivism means activists-hackers, and it officially began in the late 1980s when viruses and worms spread messages of protest

The term hacktivism was coined by the cult of the dead cow, cDc, which also gave birth to “Hacktivismo”. A group of international crackers protesting human rights abuses

Many Vectors
environmental hacktivists and political hacktivists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Script Kiddies

A

The term script kiddies originates from the combination of inexperienced cracker’s using script viruses and prepackaged malicious code, for example, exploit kits and Malware-as-a-service campaigns.

The most common script viruses are spread via e-mail attachments using scripts and modules from these e. ks.

Techniques are often learned on YouTube and other social media sites in the dark web, through browsing with the ToR browser.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Organized Crime Groups

A

White hat hackers
-have extensive knowledge of the target system and application

Gray hat hackers
-will have some level of information about the target, but they need more

Black hat hacker
-has very little or no knowledge of the victim and are most often external.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Analyzing Application & Network Attacks (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions