Threat Actors (Section 3) Flashcards

1
Q

Shadow IT

A
  • IT systems, devices, software, or services managed without explicit organizational approval
  • IT-related projects that are managed outside of, and without the knowledge of, the IT department
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Threat Actors and Attack Surfaces

A

Message-based / Image-based / File-based / Voice Calls / Removable Devices / Unsecured Networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Deception and Disruption Technologies

A

Technologies designed to mislead, confuse, and divert attackers from critical assets while simultaneously detecting and neutralizing threats
Like - Honeypots / Honeynets / Honeyfiles / Honeytokens

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Honeyspots / Honeynets / Honeyfiles / Honeytokens

A

Honeypots - Decoy systems to attract and deceive attackers
Honeynets - Network of honeypots to create a more complex system that is designed to mimic an entire network of systems - severs / routers / switches
Honeyfiles - Decoy files to detect unauthorized access or data breaches
Honeytokens - Piece of data or a resource that has no legitimate value or use but is monitored for access or use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Script Kiddie

A
  • Individual with limited technical knowledge
  • use pre-made software or scripts to exploit computer systems and networks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Hactivists / Hactivism

A

Hactivists - Individuals or groups that use their technical skills to promote a cause or drive
social change instead of for personal gain
Hactivism - Activities in which the use of hacking and other cyber techniques is used to
promote or advance a political or social cause

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Hactivists Motivations

A

Hacktivists are primarily motivated by their ideological beliefs rather than trying to achieve financial gains

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Techniques used by Hactivists

A

Website Defacement / DDoS / Doxing / Leaking of Sensitive Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Doxing

A

Attempting to overwhelm the victim’s systems or networks so that they cannot be accessed by the organization’s legitimate users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Website Defacement

A

Form of electronic graffiti and is usually treated as an act of vandalism

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Organized Cybercrime Group

A

organized crime groups possess a very high level
of technical capability and they often employ advanced hacking techniques and tools
- Custom Malware / Ransomware / Sophisticated Phishing Campaigns

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Organized Cybercrime group

A
  • Unlike hacktivists or nation state actors, organized cybercrime groups are not typically driven by ideological or political objectives
  • These groups may be hired by other entities, including governments, to conduct cyber operations and attacks on their behalf
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Nation-state Actor

A
  • Groups or individuals that are sponsored by a government to conduct cyber operations against other nations, organizations, or individuals
  • Nation-state actors possess advanced technical skills and extensive resources, and they are capable of conducting complex, coordinated cyber operations that employ a variety
    of techniques such as - Use zero-day exploits / creating custom malware / Becoming an advanced persistent threats
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

False Flag Attack

A

Attack that is orchestrated in such a way that it appears to originate from a different source or group than the actual perpetrators, with the intent to mislead investigators and attribute the attack to someone else

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Advanced Persistent Threat (APT)

A
  • Term that used to be used synonymously with a nation-state actor because of their long-term persistence and stealth
  • A prolonged and targeted cyberattack in which an intruder gains unauthorized access to a network and remains undetected for an extended period while trying to steal data or monitor network activities rather than cause immediate damage
  • These advanced persistent threats are often sponsored by a nation-state or its proxies, like organized cybercrime groups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How to mitigate threat of an Insider threat?

A
  • Zerot-trust architecture / Employ robust access controls / Conduct regular audits / Provide effective employee security awareness programs
17
Q

Why does Shadow IT exists?

A

An organization’s security posture is actually set too high or is too complex for business operations to occur without be negatively affected eg. BYOD

18
Q

Threat Vector

A

Means or pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload or carry out an unwanted action

19
Q

Attack Surface

A

Encompasses all the various points where an unauthorized user can try to enter data to or extract data from an environment.
Can be minimized by - Restricting access / Removing unnecessary software / Disabling unused protocols

20
Q

Threat Vector and Attack Surface

A

Think of threat vector as the “how” of an attack, whereas the attack surface is the “where” of the attack

21
Q

Bluetooth vulnerabilities used

A

BlueBorne - Set of vulnerabilities in Bluetooth technology that can allow an attacker to take over devices, spread malware, or even establish an on-path attack to intercept
communications without any user interaction
BlueSmack - Type of Denial of Service attack that targets
Bluetooth-enabled devices by sending a specially crafted
Logical Link Control and Adaptation Protocol packet to a
target device

22
Q

Outsmarting Threat Actors

A

One of the most effective ways to learn from the different threat actors that are attacking your network is to set up and utilize deception and disruption technologies

23
Q

TTPs - Outsmarting Threat Actors

A

Specific methods and patterns of activities or behaviors associated with a particular threat actor or group of threat actors

24
Q

Disruption technologies and strategies to help secure networks

A

Bogus DNS entries / Creating decoy directories / Dynamic page generation / Use of port triggering to hide services / Spoofing fake telemetry data /