1.5 Threat Actors, Vectors & Intelligence Sources Flashcards
(39 cards)
Define Advanced Persistent Threat (APT)
An advanced threat designed to infiltrate a network, stay there without detection, and perform a specific malicious action
Example of an APT
A worm
Define Insider Threat Actors
- Threat agent has direct and potentially authorized access
- May intentionally or unintentionally facilitate an attack or breach
- Can be an internal employee or an external person who gains internal physical access
Define State Threat Actors
- Nation state or government based
- External
- Have significant resources to wage an all-out-war attack
- Can be an act or war or done to influence policy of another nation
Define Hacktivist threat actors
- A hacker/activist with a specific agenda
- External
- Can be very sophisticated, but often lack funding
- Intent/Motivation is to send a political or social message
Define Script Kiddies threat actors
- An unsophisticated attacker who downloads attacks from the Internet
- External
- Unsophisticated, lacks funding
- Motivation is notoriety or self-satisfaction of breaching an organization
Define Criminal Syndicates threat actors
- Organized crime hires hackers for financial gain
- External
- Sophisticated, well-funded
- Motivation is financial gain
Define Authorized Hackers
AKA Ethical hackers, given permission to analyze and penetrate a network to identify and strengthen any weak points
Define Un-Authorized Hackers
Malicious hackers who breach networks without permission seeking to cause damage or steal information
Define Semi-Authorized Hackers (2)
- Hackers who breach networks without permission, or malicious intent
- Often done as a type of personal research, but doesn’t take advantage of the targets
Define Shadow IT
When employees bypass the IT Dept to implement their own technology solutions without approval or authorization
Examples of Shadow IT (2)
- Using a web-application not approved for company use by IT
- Bringing personal equipment to use on the job without IT approval
Define Competitors threat actors
- A competitor organization
- External
- Sophisticated, well-funded
- Motivation is damage the business or its reputation to gain a competitive edge
Define Attack Vector
Method or vulnerability used by an attacker to breach a network or computer
7 most common Attack Vectors
- Direct access
- Wireless
- Supply chain
- Social Media
- Removable media
- Cloud
Define Open-source Intelligence
Researching new threats through open sources, such as the Internet and discussion groups, social media sites, or government sites
Define Closed/Proprietary intelligence
Companies that research and provide compiled security threat information for a cost
Define Vulnerability Databases as source of threat intelligence
Publicly available databases of vulnerabilities and threats
Define CVE, who sponsors it, and where it is found
- Common Vulnerabilities and Exposures database
- Sponsored by Dept of Homeland Security (DHS) and Cybersecurity and Infrastructure Security Agency (CISA)
- Published as the Us National Vulnerability Database (NVC) on the NIST website
Define public/private information sharing centers
Can be public government sites, private sites, or a membership-based organization that researches and shares data about threats and vulnerabilities
What is the Cyber Threat Intelligence (CTA)?
Membership-based organization that provides the sharing and evaluation of network traffic to determine if there is an active threat or attack
Define Automated Indicator Sharing (AIS)
the process to process and transfer threat information securely between organizations over the Internet
Define Structured Threat Information eXpression (STIX)
a standardized format to transfer threat information details
Define TAXII
A secure, trusted transport to exchange STIX over public networks
