Threat Actors Vectors and Intelligence Sources. Flashcards

1
Q

Actors and Threats:
Advanced Persistent Treat (API):

A

Actor: Typically state-sponsored groups or highly organized cybercriminals.
Threat: Long-term, targeted attacks with advanced techniques aimed at stealing sensitive data or disrupting critical systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Actors and Threats:
Insider Threats:

A

Actor: Individuals within an organization.
Threat: Employees, contractors, or business partners with access to internal systems may intentionally or unintentionally harm the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Actors and Threats:
State Actors:

A

Actor: Government-sponsored entities.
Threat: Engage in cyber espionage, cyber warfare, or political influence campaigns on behalf of a nation-state.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Actors and Threats
Hacktivists:

A

Actor: Social or political activists.
Threat: Conduct cyberattacks to promote a specific cause or raise awareness, often defacing websites or disrupting services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Actors and Threats
Script Kiddies:

A

Actor: Inexperienced individuals.
Threat: Use readily available hacking tools and scripts to launch unsophisticated attacks for fun or personal gain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Actors and Threats
Criminal Syndicates:

A

Actor: Organized criminal groups.
Threat: Engage in cybercrime activities such as ransomware attacks, financial fraud, and identity theft.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Actors and Threats
Hackers (Authorized, Unauthorized, Semi-Authorized):

A

Authorized Hackers: Security professionals hired to test and improve an organization’s security.
Unauthorized Hackers: Individuals or groups conducting illegal activities.
Semi-Authorized Hackers: Employees who may exploit their access for personal gain or curiosity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Actors and Threats
Shadow IT:

A

Actor: Employees or departments within an organization.
Threat: The use of unauthorized software or services that can introduce security vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Actors and Threats
Competitors:

A

Actor: Rival organizations.
Threat: Engage in corporate espionage or cyberattacks to gain a competitive advantage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Attributes of Actors
Internal/External:

A

Whether the threat actor is affiliated with the organization (internal) or an external entity (external).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Attributes of Actors
Level of Sophistication/Capability:

A

The actor’s skill level and the complexity of their attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Attributes of Actors
Resources/Funding:

A

The financial and technological resources available to the actor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Attributes of Actors
Intent/Motivation:

A

The actor’s goals and motivations, which can range from financial gain to political objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Vectors
Direct Access:

A

Physical or remote access to a system or network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Vectors
Wireless:

A

Exploiting vulnerabilities in wireless networks or devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Vectors
Email:

A

Phishing, spear-phishing, or email-based attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Vectors
Supply Chain:

A

Targeting vulnerabilities in the supply chain to compromise products or services.

18
Q

Vectors
Social Media:

A

Leveraging social engineering or malware through social media platforms.

19
Q

Vectors
Removable Media:

A

Attacks through USB drives or external storage devices.

20
Q

Vectors
Cloud:

A

Exploiting cloud service misconfigurations or vulnerabilities.

21
Q

Threat Intelligence Sources
Open-Source Intelligence (OSINT):

A

Publicly available information from sources like news, forums, and social media.

22
Q

Threat Intelligence Sources
Closed/Proprietary:

A

Non-public information shared within organizations or industry groups.

23
Q

Threat Intelligence Sources
Vulnerability Databases:

A

Repositories of known software vulnerabilities.

24
Q

Threat Intelligence Sources
Public/Private Information Sharing Centers:

A

Organizations and government agencies that share threat information.

25
Threat Intelligence Sources Dark Web:
Monitoring illicit online communities and forums.
26
Threat Intelligence Sources Indicators of Compromise (IoC):
Data points that indicate a security incident.
27
Threat Intelligence Sources Automated Indicator Sharing (AIS):
Systems for sharing IoCs among organizations.
28
Threat Intelligence Sources Structured Threat Information eXpression (STIX)/Trusted Automated eXchange of Intelligence Information (TAXII):
Standards for sharing threat intelligence.
29
Threat Intelligence Sources Predictive Analysis:
Using data analytics to predict future threats.
30
Threat Intelligence Sources Threat Maps:
Visual representations of real-time threat activity.
31
Threat Intelligence Sources File/Code Repositories:
Analyzing malware samples and code repositories.
32
Research Sources Vendor Websites:
Security updates and patches from software and hardware vendors.
33
Research Sources Vulnerability Feeds:
Real-time feeds of newly discovered vulnerabilities.
34
Research Sources Conferences:
Security conferences where experts share research and insights.
35
Research Sources Academic Journals:
Scholarly research on cybersecurity.
36
Research Sources Request for Comments (RFC):
Technical standards and protocols.
37
Research Sources Local Industry Groups:
Regional organizations focused on cybersecurity.
38
Research Sources Social Media:
Monitoring discussions and trends in the security community.
39
Research Sources: Threat Feeds:
Real-time threat data from various sources.
40
Research Sources Adversary Tactics, Techniques, and Procedures (TTP):
Analyzing known methods used by threat actors to infiltrate systems.