Vocabulary Flashcards
What are types of Malaware?
Ransomware, Trojans, Adware
What is Ransomware?
Ransomware is a type of malware from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.
Define Trojan
In computing, a Trojan horse, or trojan, is any malware which misleads users of its true intent. The term is derived from the Ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy.
Define Adware
Adware, or advertising-supported software, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the user during the installation process.
What are examples of Social Engineering?
Phishing, Vishing
Define Phishing
Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication.
Examples of Application Attacks
DDOS, Cross Site Scripting, DNS Poisening
What is DDOS
In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet
Define Cross site Scripting
Cross-site scripting is a type of security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
What is DNS Poisening
DNS spoofing, also referred to as DNS cache poisoning, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver’s cache, causing the name server to return an incorrect result record, e.g. an IP address
Examples of Wireless Attacks
Bluejacking, Evil Twin
What is Bluejacking?
Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field to another Bluetooth-enabled device via the OBEX protocol.
Define Evil Twin
An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications. The evil twin is the wireless LAN equivalent of the phishing scam.
Examples of Cryptographic Attacks
Birthday Attacks, Rainbow Tables
What are Birthday Attacks?
A birthday attack is a type of cryptographic attack that exploits the mathematics behind the birthday problem in probability theory. This attack can be used to abuse communication between two or more parties.
What are Rainbow Tables?
A rainbow table is a precomputed table for caching the output of cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering a key derivation function up to a certain length consisting of a limited set of characters.
Examples of Threat Actors
Script Kiddies, Hactivists
What is a Script Kiddie?
In programming and hacking cultures, a script kiddie, skiddie, skid or haxor is an unskilled individual who uses scripts or programs, such as a web shell, developed by others to attack computer systems and networks and deface websites.
What is a Hactivists?
In Internet activism, hacktivism, or hactivism, is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change.
What is Vulnerability Scanning?
A vulnerability scanner is a computer program designed to assess computers, networks or applications for known weaknesses. In plain words, these scanners are used to discover the weaknesses of a given system.
Examples of Vulnerability Scanning
ID-ing MisConfigurations, lack o f security controls
Vulnerability Types?
Improper Input Handling, Improper Error Handling
What is considered Improper Input Handling?
Improper Input Handling is the term used to describe functions such as validation, sanitization, filtering, or encoding and/or decoding of input data. Improper Input Handling is a leading cause of critical vulnerabilities that exist in today’s systems and applications.
What is considered Improper Error Handling
Improper error handling results when security mechanisms fail to deny access until it’s specifically granted. This may occur as a result of a mismatch in policy and coding practice. It may also result from code that lacks appropriate error handling logic. For example, a system may grant access until it’s denied.
What is a Rootkit?
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a compound from “root” and the word “kit”.
What is a APT attack?
An advanced persistent threat is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period.
Define Kill Chain?
The term kill chain was originally used as a military concept related to the structure of an attack; consisting of target identification, force dispatch to target, decision and order to attack the target, and finally the destruction of the target.
Define Reconnaissance
Cyber Reconnaissance can be defined as the tracking, analysing, and countering of digital and cyber security threats. This type of cyber reconnaissance or cyber intelligence is a mixture if physical espionage and defense with modern information technology.
What are some various external threat actors?
The Lone Hacker (Black Hat / Script kiddies), Organized Cyber Crime, Nation State / Advanced Persistent Threat (APT), Hacktivists, Competitor
What are some various internal threat actors?
Inside threats are affiliated with the organization: staff, partners, stakeholders, etc.Motivations include: sabotage, revenge, financial or business gains.
nside actors are more likely to bypass technical controls, meaning strong operational and management controls are needed to mitigate threats, such as:
– Comprehensive on and off-boarding
– Mandatory vacations
– User awareness / training
– Principle of least privilege
Which of the following threat actors or threat actor groups is most likely to have the best funding to hire and sustain a group of hackers?
NATION STATES
Organized crime
Script kiddies
Hacktivist groups
What are nation states?
Nation states have tax revenues, backing from large companies, and/or wealthy benefactors who fund malicious activities.
Well-funded, organized crime does not have the resources of an entire
nation behind them.
Script kiddies do not have any funding because they are typically young
and inexperienced and do not qualify for any backing.
Hacktivist groups might have minor funding from opposing viewpoint factions but the funding is not significant nor comparable to nation states.
Of the several types of threat actors, which one
is a novice with little experience as a hacker?
Insider
Script kiddie
Competitor
Hacktivist groups
Script kiddie
Which threat actor is most likely to be highly skilled in launching attacks involving advanced persistent threats (APTs) against targets? Script kiddie Nation state Insider Organized crime
Nation state
Extended Explanation
A nation state has the most sophisticated and highly skilled hackers available for launching APTs.
A script kiddies is not highly skilled nor capable of launching APTs
against targets.
An insider can be highly skilled but does not use APTs because it would give away their positions and intent.
Organized crime rings are highly skilled but they do not launch APTs against a target.
A group known as “Takedown” hacked into your political action committee website and defaced it. Which type of threat actor is most likely responsible for the attack? Hacktivist Script kiddie Competitor Insider
Hacktivist
“Takedown” is a hacktivist group. Its motivations seem political and it is interested in defacing websites of those who have opposing viewpoints from their own.
Script kiddies typically do not deface websites, but instead use scripts and applications to break into systems or applications with known vulnerabilities.
Although a malicious insider might have the ability to deface the site, it’s unlikely they would do so. Insiders usually exfiltrate data rather than deface sites.
It’s unlikely that a competitor would deface the site. They’d more likely look for a list of donors or other sensitive information
What aspect of cybercrime often motivates script kiddies to hack into systems or into a company?
Confidential company information
Financial motivation and ability to sell information
Collaboration with government and other agencies
Bragging rights, publicity, or other form of notoriety
Bragging rights, publicity, or other form of notoriety
Extended Explanation
Script kiddies generally only want to be able to tell their friends that they have hacked some company or hear their names on the news.
Script kiddies are not generally profit seekers because they do not have
the resources for acquisition or the sale of these items.
Script kiddies are not involved with government entities or agencies and therefore do not seek this type of information or activity.
Private or secret information motivates insiders to become threats.
Script kiddies do not gain profits by having access to private or
secret information.
Which of the following motivates a hacktivist
to perpetrate a website defacing or an
informational breach?
Reputational damage to the target
Extended Explanation
Hacktivists are interested in damaging or exposing their ideological opposites but not generally for monetary gain or other accolades.
Hacktivists are primarily concerned with damaging the reputations of
their targets.
Hacktivists have no interest in military tactics or political upheaval.
Their interest is purely ideological.
A boost in recognition is only important to script kiddies who want to
show off to friends or rival script kiddie groups.
What is a virus?
A virus is a program that copies itself onto another computer systems.
When the user runs the infected application, the virus also runs and copies itself onto other applications on the system as well.
Viruses can cause what
Slowing down the host
by using up a computer’s resources, such as
CPU and RAM.
Denial of Service Attacks (DoS):
Shutting down the host
by using up all of its resources or destroying
essential files
Ransomware:
“Scrambling” data on
the host so that users can’t read it, and demanding money to “unscramble” it.
What is a vulnerability
An aspect of a business that can be exploited to compromise a systems CIA.
What is a threat
An actor that might exploit a vulnerability
Define Risk
The possibility of losing something valueable
What is risk analysis
Understanding what risks face an organization, which are most severe, and which are most likely.
What is risk management
Using the results of risk analysis to create a plan for preventing likely risks.
What is threat modeling
Determining which attacks an organization is most likely to experience, who is most likely to launch them, and what actions can be done to prevent them.
What is PASTA
PASTA: Process for Attack Simulation & Threat Analysis
PASTA focuses on aligning considerations of business objectives with technical requirements.
What is STRIDE
STRIDE: Spoofing, Tampering, Repudiation, Information Disclosure, DoS (Denial of Service), Elevation of Privilege
STRIDE focuses on identifying what can fail in the system being modeled.
What is OWASP
OWASP: Open Web Application Security Project
OWASP focuses on identifying possible threats, prioritizing risks, and planning mitigation strategies. It is mainly used with web and desktop applications.
What are the Six steps to OWASP
Determine assessment scope Identify threat agents Identify potential attacks Identify exploitable vulnerabilities Prioritize identified risks Mitigate Risks
How do you determine the scope? (OWASP)
List the assets under consideration, determine their value, and define objectives for your threat modeling assessment.
How do you determine threat agents? (OWASP)
Determine which attackers would be interested in the relevant assets.
How do you identify potential attacks? (OWASP)
Identify the attacks each agent is likely to perform.
How do you identify exploitable vulnerabilities? (OWASP)
Identify the most vulnerable points in a system, how the agent will deliver the attack, and where an attack is most likely to occur.
What is Qualitative Analysis?
Evaluating risk based on intangible, unmeasurable factors.
Used when analysis leads to decisions without the need of cost-benefit analysis.Used when a complex evaluation of cost vs. benefit is unnecessary.
What is Quantitative Analysis?
Evaluating each risk based on its measured likelihood and impact.
Likelihood: The probability an event will take place.
Impact: The measure of damage done if a risk takes place.
What is exposure factor?
how much of an asset will be affected in the event of a breach.
Define asset value
how much money an asset is worth in currency.
WHat is SLE?
Single Loss Expectancy-Estimated cost of the risk occurring on a given asset.
SLE = AVE x EF
What is AV?
AV = Asset Value
What is EF?
EF = Exposure Factor
What is ARO?
Annual Rate of Occurrence.
Estimated number of times the risk is likely to occur in a given year.
What is ALE?
Annual Loss of Expectancy
ALE = SLE x ARO
Define Governance
Codifying and enforcing proper behavior and operations. That is, establishing standards of “right” and “wrong,” and enforcing those standards.
Define compliance
Enforcing the policies in order to meet those standards.
What is Governance Framework?
defines the policies an organization must have in place.
Governance frameworks must comply with these frameworks in order to remain compliant with federal regulations and industry standards.
What is GDPR
European Union Standard
What is PCI
Card Processing standard
What is Rule 30 of Regulation S-P (Safeguard Rule)
Mandated organizations to establish written policies and procedures designed to protect pi
What is GDPR?
General Data Protection Regulation -protects the private data of all citizens of the EU and EEA
What is the EU
European Union
What is the EEA
European Economic Area
What is HIPPA
Health Insurance Portability Accountability Act -mandates protection of medical information
What is PCI DSS
Payment Card Industry Data Security Standard -requires that companies handling credit card transactions do so securely
What is National Provider Identifier Standard:
Requires all healthcare entities (people, healthcare providers, health plans, and employers) to have an ID, called the National Provider Identifier (NID).
Transactions and Code Set Standard:
Standardizes health insurance claims
Define Incremental Backup
ncremental backups are completed after a full backup is performed on a system, only capturing what has changed since the last incremental backup.
What is BCP and DR
Business Continuity Planning and Disaster Relief
