1.5 Explain different threat actors, vectors, and intelligence sources. Flashcards
What is an ISAC
Information Sharing and Analysis Centers (ISACs) share threat intelligence and promote best practice in many critical industries, such as the auto industry. Auto-ISAC operates as a private organization made of a board of directors.
An ISAC is set up and operated under a government body, such as the Department of Homeland Security (DHS), and would be considered a public sharing center. For example, the Communications ISAC is also known as the DHS National Coordinating Center.
What is DNS harvesting?
DNS harvesting uses Open Source Intelligence (OSINT) to gather information about a domain (subdomains, hosting provider, administrative contacts, and so on).
When performing host discovery on an internetwork (a network of routed IP subnets), the attacker will want to discover how the routers connect the subnets, and whether any misconfigured gateways between subnets exist.
A host discovery tool, such as Nmap, can use methods of host discovery. Some can operate stealthily and serve to defeat security mechanisms like firewalls and intrusion detection.
The ping command can detect the presence of a host on a particular IP address or one that responds to a particular host name. Users can apply a simple script to perform a ping sweep.
What is APT?
Advanced Persistent Threats (APTs) are cyber nation state adversaries that have developed cybersecurity expertise and use cyber weapons to compromise network security and achieve military and commercial goals. Usually usd by Nation state hackers.
What is the dark web andwhat can it help to provide?
The dark web provides sites, content, and services, such as “hacker for hire” that are only accessible over a dark net. This is a good place to start asking around for specific hackers by their names or avatar.
What is a file/code repository?
A file/code repository, such as virustotal.com, holds signatures of known malware code. The code samples derive from live customer systems and (for public repositories) files uploaded by subscribers.
What is a threat map?
A threat map is an animated graphic showing the source, target, and type of attacks detected by a cyber threat intelligence (CTI) platform.
What is a Vulnerability feed?
ulnerability feeds or databases are stored like Common Vulnerabilities and Exposures (CVE), and operated by Mitre (cve.mitre.org). A security breach can be alerts of new CVEs
What are all of the Attack vectors and describe them?
E-mail as an attack vector involves attaching malicious files and using social engineering to persuade or trick the user into opening the attachment.
A wireless attack vector can involve spoofing a trusted resource, such as an access point, and use it to perform credential harvesting. The harvested credentials can then access the legitimate network.
A direct access attack vector involves a physical or local attack to a target system or network. The threat actor can exploit an unlocked workstation or steal a device, for example.
