Threats, Vulnerabilities, and Mitigations Flashcards
Domain 2, Chapters 5-9
Threat Actors
What is a Nation State type threat actor?
Government-backed cyber operatives.
These are government sponsored entities that engage in cyber operations to further their national interests. Often possessing substantial resources and advanced technical capabilities, nation states can launch sophisticated attacks, such as espionage, data theft, and even sabotage.
Chapter 5
What is an Advanced Persistend Threat (APT)?
An APT is a sophisticated and focused cyberattack launched by well-funded and highly skilled opponents, such as nation-backed agents or organized cybercriminal groups. APTs are recognized for their ability to break into a specific system or network, stay hidden for a long time, and quietly steal important data or cause damage bit by bit over an extended period.
What is an Unskilled attacker?
Novice with limited hacking skills.
Unskilled attackers lack technical prowess and often resort to using off-the-shelf tools or purchasing tools from the dark web. These individuals might include script kiddies or other individuals with minimal understanding of hacking methodologies
Chapter 5
What is a Hactivist?
Activist hacker with political or social agenda.
Hacktivists are individuals or groups driven by ideological, political, or social motives. They employ cyber tactics to promote a cause, raise awareness, or enact change.
Chapter 5
What is an Insider threat?
Trusted insider posing cybersecurity risks.
Insider threats originate from within an organization and can be particularly challenging to detect. These threat actors include employees, contractors, or business partners who misuse their access to compromise data, systems, or networks. Insider threats can be unintentional (such as employees falling victim to phishing attacks) or intentional when disgruntled personnel seek revenge or financial gain.
Chapter 5
What is an Organized crime threat actor?
Criminal group seeking financial gain via cybercrime.
These threat actors operate like cybercriminal enterprises, engaging in activities such as ransomware attacks, credit card fraud, and identity theft. Their operations are characterized by a hierarchical structure, division of labor, and a focus on monetary gains. The increasing monetization of cyberattacks has turned organized crime into a major cybersecurity concern.
Chapter 5
What is Shadow IT?
*Unauthorized, unregulated tech use within an organization. *
Shadow IT refers to technology used within an organization without proper approval or oversight from the IT department. While not necessarily malicious, shadow IT can create
vulnerabilities and expose an organization to security risks.
Chapter 5
Define an Internal threat actor.
These originate from within an organization’s own ranks, often taking advantage of their familiarity with systems, networks, and processes. They can be employees, contractors, or even
business partners.
Chapter 5
Define an External threat actor.
These come from outside the organization and include a wide range of entities, from individual hackers to organized crime groups and nation states. External threat actors typically lack
direct knowledge of the target’s internal systems, which may lead them to rely on reconnaissance and social engineering to gain access.
Chapter 5
What are the three common message based attack vectors?
Email: Phishing, malicious attachments
Short Message Service (SMS): Text-based scams, malicious links, and smishing
Instant messaging (IM): Chat-based phishing, malware distribution, and social engineering
Chapter 6
What is an image-based attack vector?
Malware hidden in images, steganography
Cyber attackers exploit image-based vulnerabilities to embed harmful code or links. These
seemingly harmless images can lead to unauthorized access, ransomware attacks, and system compromises.
Chapter 6
What is a file-based attack vector?
Malicious files, trojans, ransomware distribution
Malicious files exploit software vulnerabilities, launching cyberattacks when opened. These files execute harmful code, enabling hackers to breach systems, steal data, or gain control remotely.
Chapter 6
Explain what a voice call attack vector is.
Vishing, social engineering via voice
Attackers can manipulate voice calls to deceive users into revealing personal information, gaining unauthorized access, or perpetrating financial fraud. An example of this is caller ID spoofing, in which the attacker ingeniously disguises the true origins of a call, making it look like someone else is contacting you.
Chapter 6
What is a removable device attack vector?
Malware on USBs, data theft
Removable devices, from USB drives to external hard drives, offer a convenient means of data transfer. When introduced into a network or system, infected removable devices can spread malware, compromise security, and enable unauthorized access.
Chapter 6
What is vulnerable software attack vector?
Exploiting software vulnerabilities for attacks.
Vulnerabilities often arise from coding errors, design flaws, or outdated components within the software, making it susceptible to various cyber threats such as viruses, malware, and cyberattacks.
Chapter 6
Wha are the two types of software vulerability scanning.
Client-based scanning: Client-based scanning (in which an agent resides on each host) operates as a tool for automating vulnerability discovery and classification, efficiently reporting to a central management server.
Agentless scanning: On the flip side, agentless-based scanning, which is the preferred method for threat actors during reconnaissance, is employed to scan hosts without necessitating any installations. Examples of agentless-based scanning are Nmap and Wireshark.
Chapter 6
What are the vulnerabilities for each of the following unsecured networks:
Wireless
Wired
Bluetooth
Wireless: Hacking via Wi-Fi networks, Bluetooth. A wireless network using open system authentication lacks encryption. This means that any data exchanged between a guest’s device and a hotel’s network, for instance, is sent in plain text that cybercriminals with the right tools can intercept to eavesdrop on this data, potentially accessing sensitive information.
Wired: Attacks on physically connected systems. Without proper encryption and access controls, unauthorized physical access to network ports can lead to data breaches and malware attacks. To preserve the integrity and reliability of these networks, implementing stringent access controls, encryption protocols, and consistent security assessments is crucial. We should also remove the patch cables for ports that are not being used.
Bluetooth: Exploiting device connections, data interception. A personal area network (PAN) is a Bluetooth network. Bluetooth features, such as easy pairing, can open the door to security breaches. While designed to simplify device connections, it can also inadvertently allow unauthorized access when left unchecked. Attackers equipped with specialized tools can exploit the relaxed pairing process, potentially infiltrating devices and compromising sensitive data.
Chapter 6
What are open service ports a weakness?
Exploiting open ports for unauthorized access.
Open ports provide entry points to networked systems and applications. Attackers scan for these openings and exploit them to gain unauthorized access or execute malicious code. Regular port scanning and closing unnecessary ports are vital steps in minimizing this attack surface.
Chapter 6
Why are default credentials a weakness?
Attacks using unchanged factory settings.
Default credentials (often set by manufacturers for ease of installation) are a glaring point of weakness. Attackers leverage default usernames and passwords to gain unauthorized access to systems and applications, and these default credentials are posted on several websites.
Chapter 6
What are the three types of supply chains that can be exploited?
Managed service providers (MSPs): Breaching via service providers
Vendors: Exploiting vulnerabilities through external partners
Suppliers: Attacking through the supply chain network
Chapter 6
What is human vector/social engineering?
Manipulating human psychology for breaches.
Chapter 6
What is (spear) phishing?
Deceptive emails for data theft
Spear phishing is a more targeted variant of phishing. It involves attacks directed at specific groups, such as the board of directors at a company. These emails are tailored to create a sense of authenticity and urgency, enticing the victim to click on a link embedded in the email, which typically leads to a malicious website or triggers a malware download.
Chapter 6
What is smishing?
SMS-based deceptive tactics
Smishing:Smishing extends phishing to text messages, tricking recipients into clicking malicious links. A seemingly harmless SMS might prompt you to click a link that downloads malware onto your device.
Chapter 6
What is Vishing?
Voice-based social engineering attacks
Chapter 6
What is Business email compromise (BEC):
Targeted email scams for fraud
Compromising a legitimate business email account to orchestrate financial fraud. They might carry out an invoice scam where they change payment details on a legitimate invoice, thereby redirecting funds to the attacker’s account.
Chapter 6
What is pretexting attack?
Fabricating scenarios to manipulate targets
Chapter 6
What is a watering hole attack?
Compromising websites for targeted attacks
Chapter 6
What is typosquatting?
Exploiting typos in domain names
To look like the real domain.
Chapter 6
What is a Memory injection application vulnerability?
Unauthorized code inserted into a program’s memory space
Chapter 7
What is a Buffer overflow vulnerability?
Data exceeding allocated memory, leading to potential exploits
Chapter 7
What is a Race condition vulnerability?
Conflicts arise when multiple processes access shared resources
Chapter 7
What is TOC and TOU?
Timing mismatches exploited during checks and usage
Chapter 7
What is a Malicious update?
Attackers introducing harmful code through software updates
Chapter 7
What are Operating System (OS) Vulnerabilities Web-Based
Vulnerabilities?
Weakness in a website or web application
Chapter 7
What is SQL Injection (SQLI)?
Attackers manipulating input to exploit database vulnerabilities
Chapter 7
What is Cross-Site Scripting (XSS)?
Malicious scripts injected into web pages
Chapter 7
Hardware vulnerabilities
What is Firmware?
Low-level software controlling hardware
Chapter 7
What is End-of-life vulnerability?
Security gaps due to discontinued hardware support
Chapter 7
What are Legacy vulnerabilities?
Older hardware with outdated security measures
Chapter 7
What is VM escape?
Unauthorized breakout from a VM to the host system
Chapter 7
What is VM sprawl?
Unmanaged VMs installed on your network
Chapter 7
What is a Resource reuse vulnerability?
Overuse of shared resources, leading to vulnerabilities
Chapter 7
Cloud-specific vulnerabilities are…?
Vulnerabilities unique to cloud computing environments
Chapter 7
What are Service provider Risks?
Risks from third-party services used in the supply chain
Chapter 7
What are Hardware provider risks?
Vulnerabilities originating from hardware suppliers
Chapter 7
What are Software provider Risks?
Risks tied to software components from external providers
Chapter 7
Cryptographic vulnerabilities
Weaknesses in encryption methods that attackers exploit
Chapter 7
Misconfiguration vulnerabilities
Errors in a system setup, leading to security holes
Chapter 7
Side loading
Installing apps from unofficial sources, risking malicious software
Chapter 7
Jailbreaking
Bypassing iOS restrictions, compromising device security
Chapter 7
Zero-day vulnerabilities
Unknown software flaws exploited by attackers before fixes are available
Chapter 7
Ransomware
Attacker demands payment for decryption
Chapter 8
What are the characteristics of Trojans?
Unauthorized system access, unexpected system changes
Chapter 8
What are the characteristics of Worms?
Rapid network congestion, unusual traffic patterns
Chapter 8
What are the characteristics of Spyware?
Unexplained data exfiltration, suspicious process activity
Chapter 8
What are the characteristics of Bloatware?
Excessive resource consumption, slowed system performance
Chapter 8
What are the characteristics of Viruses?
Infected files or software, replication in files and memory
Chapter 8
What are the characteristics of Keyloggers?
Keystroke logging, unusual data transfer
Chapter 8
What are the characteristics of Logic bombs?
Specific trigger events, sudden system crashes
Chapter 8
What are the characteristics of Rootkits?
Hidden processes, unauthorized access
Chapter 8
What are the characteristics of Brute force attacks?
Repeated login attempts, account lockouts
Chapter 8
What is RFID cloning?
Unauthorized RFID tag usage, duplication
Chapter 8
What are physical, Environmental attacks?
Physical damage, tampering with hardware
Chapter 8
DDoS attacks
Service unavailability
Chapter 8
Amplified DDoS
Magnifying attack traffic for greater disruption
Chapter 8
Reflected DDoS
Redirecting and multiplying attack traffic for disruption
Chapter 8
DNS attacks
DNS query anomalies, spoofed responses
Chapter 8
Wireless attacks
Unauthorized network access, signal interference
Chapter 8
On-path attacks
Unauthorized interception of data, traffic redirection
Chapter 8
What is a Credential replay attack?
Reused or intercepted login credentials
Chapter 8
What is a Malicious code network attack?
Altered or malicious scripts, code injection
Chapter 8
What is an Injection attack?
Unauthorized code or data insertion
Chapter 8
Buffer overflow
Excessive data overwrites program memory
Chapter 8
What is a Replay attack?
Repetition of intercepted data
Chapter 8
What is a Privilege escalation attack?
Unauthorized access to higher privileges
Chapter 8
Forgery
Manipulation of data or credentials
Chapter 8
Directory traversal
Unauthorized access to directory paths
Chapter 8
Password spraying
Repeated login attempts with common passwords
Chapter 8
Brute force
Repeated login attempts with various password combinations
Chapter 8
What is a Downgrade cryptographic attack?
Weakening encryption protocols covertly
Chapter 8
What is a Collision cryptographic attack?
Forcing hash functions to collide
Chapter 8
What is a Birthday cryptographic attack?
**Unmasking cryptographic hash collisions secretly
Chapter 8
Account lockout
Repeated failed login attempts
Chapter 8
Concurrent session usage
Simultaneous logins from multiple locations
Chapter 8
Blocked content
Restricted access to specific resources
Chapter 8
Impossible traveling
Logins from geographically distant locations that are too far apart
Chapter 8
Resource consumption
Abnormal system resource usage
Chapter 8
Resource inaccessibility
Critical resources becoming unavailable
Chapter 8
Out-of-cycle logging
Irregular logging patterns
Chapter 8
What is a Published/documented indicator?
Sensitive information unintentionally exposed
Chapter 8
Missing logs
Gaps in log data, potential tampering
Chapter 8
Segmentation
Dividing networks into smaller segments
Chapter 9
Access control
Regulating user access to sensitive resources:
**Access control list (ACL): **Digital gatekeeper with a guest list, filtering authorized access
Permissions: Digital keys, granting entry or locking users from resources
Chapter 9
Application allow list
Allow trusted software, blocks untrusted applications
Chapter 9
Isolation
Separates and protects critical assets
Chapter 9
Patching
Regular updates to fix software vulnerabilities
Chapter 9
Encryption
Secures data by making it unreadable to unauthorized parties
Chapter 9
Monitoring
Dynamically identifies and addresses security threats
Chapter 9
Least privilege
Users and processes get only essential permissions
Chapter 9
Configuration enforcement
Maintains systems per security standards
Chapter 9
Decommissioning
Identifies and retires unneeded assets
Chapter 9
What are 7 Hardening techniques?
*Strengthen host security against various threats:
Encryption: Transforming data into secret code for digital security
Endpoint protection: Safeguarding devices from cyber threats with proactive security
Host-based firewall: Protects individual hosts from network threats
Host-based intrusion prevention system (HIPS): Monitors and blocks intrusions at the host level
Disabling ports/protocols: Closes unused pathways to reduce vulnerabilities
Default password changes: Enhances security by changing initial passwords
Removal of unnecessary software:Reduces attack surface by uninstalling surplus applications*
Chapter 9
