Chapter 2 Flashcards
Cybersecurity Threat Landscape (24 cards)
Internal vs External
Classifying Cybersecurity Threats
Threats, risks, or controls, which can be categorized as either internal vs external.
Internal:
-Malicious insider stealing data.
-poor internal security practices or non-compliance
-Threats rely on having access to internal
External:
-Outside Hackers
-Often more straightforward and easier to detect
-External actors do not inherently have acess, they must bypass defenses.
Levels of Sophistication/Capabililty
“Classifying Cybersecurity Threats”
The degree of expertise, resources, and technology employed by threat actors or defensive measures.
* noob to pro hackers
* Script Kiddies, Hacktivists, or criminal groups, nation states, or advanced persistent threats.
Resources/Funding
“Classifying Cybersecurity Threats”
The level of financial support, personnel, and tools available to threat actors, or defenders, influencing their ability to execute attacks or implement security measures.
Intent/Motivation
“Classifying Cybersecurity Threats”
The driving purpose or objective behind a cybersecurity attack, ranging from financial gain to political agendas, personal grudges, or intellectual property.
Script Kiddie
“Threat Actors”
An inexperienced hacker who uses pre-made tools, scripts, or exploits created by others to carry out attacks without a deep understanding of how they work.
Organized Crime
“Threat Actors”
Appears in any case where there is money to be made.
Hacktivists
“Threat Actors”
Individuals or groups who use hacking techniques to promote a political, social, or ideological cause.
Nation-State Attackers
“Threat Actors”
Attacks by nation-state actors hacking into foreign governments or corporations.
Advanced Persistent Threats (APTs)
Cybersecurity adversary characterized by a sophisticated series of related attacks taking place over extended period of time.
- APT29 (“Cozy Bear”)
Zero-Day Attacks
An attack on a system that exploits vulnerabilites that are unknown to others including the vendor.
-Unpacthed Vulnerabilities
Attacker Motivations
- Data Exfiltration
- Espionage
- Service Distribution
- Blackmail
- Financial Gain
- Philosophical/Political Beliefs
- Ethical attacks
- Revenge
- Distruption/Chaos
- War
Attack Surface
A system application, or service, that contains a vulnerability that can get exploit.
Threat Vector
The means that threat actors use to obtain access.
Threat Intelligence
Gathering and analyzing cyber threat data to predict, detect, and counter attacks. Examples: threat feeds, attack pattern analysis, adversary profiling.
Predictive Analysis
The use of data to attempt to predict events, used in security context to identify potential compromises and attacks.
Vulnerability Databases
A data base of vulnerabilities, including information like the severity, fixes, and other information useful for both attackers and defenders.
Indicators of Compromise (IoCs)
The telltale signs that an attack has taken place and may include file signatures, log patterns, and other evidence left behind by attackers.
File and Code Repositories
Platforms, or systems, used for storing, managing, and sharing files or code. IOCs may be found in file and code repositories that offer intelligence information.
Open Source Threat Intelligence
Threat intelligence that is acquired from publicly available sources.
Closed-Source Intelligence
Intelligence information, typically from a commercial vendor, that is provided only to specific groups.
Structured Threat Information Expression (Stix)
“XML Language”
A language that identifies things like attack patterns, identities, malware, threat actors, and tools.
Trusted Automated Exchange of Intelligence Information (TAXII)
Intended to allow cyberthreat information to be communicated at the application layer via HTTPS.
-Designed to support STIX data exchange.
Information Sharing and Analysis Centers (ISACs)
Helps Infrastructure owners and operators share threat information and provide tools and assistance to their members.
Tactics, Techniques, and Procedures (TTPs)
Describes the behaviours and methods used by threat actors during an attack.
