Chapter 2 - Threat Landscape Flashcards
What are the four characteristics that differentiate different threat actors?
- Internal vs. External
- Level of Sophistication/Capability
- Resources/Funding
- Intent/Motivation
Unskilled Attackers
Unskilled attackers (also often called script kiddies) use easily available hacking techniques/tools but have limited skills.
Hacktivist
Hacktivists use hacking techniques to accomplish some activist goal. They often believe they are motivated by the greater good, even if their activity violates the law.
Organized Crime
Organized crime appears in any case where there is money to be made. The common motive among these groups is simply illegal financial gain.
Nation-State Attackers
Nation-State Attackers are often classified as an Advanced Persistent Threat (APT). These attackers often use advanced techniques and are persistent (ongoing for years). These attackers often conduct their own vulnerability research and store these discovered vulnerabilities in a private repository to eventually use for Zero-Day Attacks.
Insider Threat
Insider attacks occur when an employee, contractor, vendor, or other individual with authorized access to information and systems uses that access to wage an attack against the organization. This often occurs via the disclosing of confidential information.
Shadow IT
A situation where individuals and groups seek out their own technology solutions. This puts sensitive information inside the hands of vendors outside of the organization’s control.
Competitors
Competitors may engage in corporate espionage designed to steal sensitive information from your organization and use it to their own business advantage.
Attack Surface
An attack surface is a system, application, or service that contains a vulnerability that one might exploit.
Threat Vector
A threat vector is the means through which threat actors obtain access to a vulnerable system/application.
List some of the common types of threat vectors.
- Message-Based Threat Vectors (email, SMS, Instant Messaging)
- Wired Networks (plugging into unsecured network jacks on the wall)
- Wireless Networks (attacking company network from nearby parking lot)
- Systems (unnecessarily open ports)
- Files and Images (malware/scripts embedded in files)
- Removable Devices (USB drives with viruses/malare)
- Cloud (improper access controls/accidentally published API keys)
- Supply Chain (intercepting vendor hardware/software and installing secret backdoors)
Threat Intelligence
Threat intelligence is the set of activities and resources available to cybersecurity professionals seeking to learn about changes in the threat environment.
Vulnerability Database
Vulnerability databases store reports of vulnerabilities to help direct an organization’s defensive efforts.
Indicators of Compromise (IoC)
Indicators of Compromise (IoCs) are the telltale signs that an attack has taken place and may include file signatures, log patterns, and other evidence left behind by attackers.
What is a threat map?
A threat map provides a geographic view of threat intelligence. Many security vendors offer high-level maps that provide real-time insight into the cybersecurity threat landscape.
