Chapter 6: Comparing Threats, Vulnerabilities, and Common Attacks

Question 1

What are Nation-state Attackers?

Answer 1

Cyber actors sponsored by a government/nation-state, targeting other nations’ critical infrastructure or intellectual property for political or strategic purposes.

Question 2

What is an Advanced Persistent Threat (APT)?

Answer 2

A prolonged and targeted cyber attack where attackers gain unauthorized access and maintain persistent access to a network to steal sensitive information or compromise systems.

Question 3

In the context of Cybersecurity, what is Organized Crime?

Answer 3

Typically composed of a group of individuals working together in criminal activities. These groups are typically organized with a hierarchy composed of a leader and workers. The primary motivation of organized crime is money.

Question 4

What is a Hacker?

Answer 4

Commonly refers to a malicious individual who gains unauthorized access to systems or networks, with motivations ranging from malicious intent to curiosity, personal challenge, or ideological reasons.

Question 5

What is an Unskilled Attacker?

Answer 5

Someone who lacks advanced technical knowledge but uses basic tools, scripts, or social engineering to exploit vulnerabilities.

Question 6

What is a Hacktivist?

Answer 6

An individual or group who uses hacking to protest or promote political, social, or environmental causes.

Question 7

What is an Insider Threat?

Answer 7

A security risk posed by individuals within an organization who misuse their authorized access, either maliciously or accidentally, to harm the organization.

Question 8

What is a Competitor?

Answer 8

A business or individual who may conduct cyber espionage or attacks to gain advantage by stealing sensitive information or intellectual property.

Question 9

Name the three major attributes that distinguish different attackers?

Answer 9

Internal vs. External, Resources/funding, and level of sophistication/capability.

Question 10

Name a couple of threat actor motivations.

Answer 10

Data exfiltration, disruption/chaos, financial gain, blackmail, service disruption, philosophical, political beliefs, ethical, revenge, espionage, and war.

Question 11

What is a Threat Vector?

Answer 11

A method or pathway used by attackers to gain unauthorized access to a system or network.

Question 12

What is a Message-based threat vector?

Answer 12

Cyberattacks delivered through email, messaging apps, or other communication channels, often using phishing or malicious links.

Question 13

What is an Image-based threat vector?

Answer 13

Cyberattacks delivered through image files (PNGs, JPEG) to hide malicious code, exploiting vulnerabilities in image-rendering software to deliver malware.

Question 14

What is a File-based threat vector?

Answer 14

Cyberattacks delivered through files with malicious code such as executables, documents, or scripts that are opened or executed on a system.

Question 15

What is a Voice Call-based threat vector?

Answer 15

Cyberattacks delivered through phone calls (like vishing) to trick victims into giving up sensitive info by impersonating trusted sources.

Question 16

What is a removable device threat vector?

Answer 16

Cyberattacks delivered through removable media such as USBs or SD cards to deliver malware directly to a system when plugged in.

Question 17

What is a System-based threat vector?

Answer 17

Cyberattacks delivered through the exploitation of vulnerabilities in operating systems or applications, like unpatched software or weak configurations.

Question 18

What is a Network-based threat vector?

Answer 18

Cyberattacks delivered through a network channel to attack systems, such as via packet injection, sniffing, or DoS attacks.

Question 19

What is a Supply-chain threat vector?

Answer 19

Compromising third-party vendors or software providers to indirectly attack the target organization.

Question 20

What is Shadow Information Technology (IT)?

Answer 20

Unauthorized hardware or software used without IT’s knowledge or approval, often creating security risks.

Question 21

What is Malware?

Answer 21

Software designed to harm systems or steal data.

Question 22

What is a Virus?

Answer 22

Malware that attaches to files and spreads when the host file is run.

Question 23

What is a Worm?

Answer 23

Self-replicating malware that spreads across systems without needing a host file.

Question 24

What is a Logic Bomb?

Answer 24

Malicious code activated by specific conditions or actions.

Question 25

What is a Trojan?

Answer 25

Malware that pretends to be legitimate software to deceive users into running it.

Question 26

What is Scareware?

Answer 26

Malware that tricks users with fake warnings to install other malicious software or pay money.

Question 27

What is a Remote Access Trojan (RAT)?

Answer 27

A Trojan that lets attackers remotely control the infect device.

Question 28

What is a Keylogger?

Answer 28

Software that captures everything a user types to steal sensitive data.

Question 29

What is Spyware?

Answer 29

Malware that secretly gather user info and sends it to an attacker.

Question 30

What is a Rootkit?

Answer 30

A stealthy malware that hide its existence and provides administrative access to attackers.

Question 31

What is Ransomware?

Answer 31

Malware that locks or encrypts data and demands payment to restore access.

Question 32

What is Bloatware?

Answer 32

Unnecessary software that slows systems and may pose security risks.

Question 33

What are some potential indicators of a malware attack?

Answer 33

Extra traffic, data exfiltration, encrypted traffic, traffic to specific IPs, and outgoing spam.

Question 34

What are Human Vectors?

Answer 34

Attacks that target people through manipulation and deception rather than technical exploits.

Question 35

What is Social Engineering?

Answer 35

Psychological manipulation used to trick people into giving sensitive info or access.

Question 36

What is Impersonation?

Answer 36

Pretending to be someone trusted to gain unauthorized access or information.

Question 37

What is Shoulder Surfing?

Answer 37

Observing someone's private info by watching over their shoulder.

Question 38

What is Disinformation?

Answer 38

Intentionally spreading false information to mislead or manipulate.

Question 39

What is Tailgating?

Answer 39

Gaining physical access by closely following someone with authorized entry.

Question 40

What is Dumpster Diving?

Answer 40

Retrieving discarded data from trash to gain useful or sensitive information.

Question 41

What is Watering Hole Attack?

Answer 41

Infecting a trusted site to compromise visitors from a specific group.

Question 42

What are Business Email Compromises (BEC)?

Answer 42

A scam using fake executive email to trick employees into sending money or sensitive info.

Question 43

What is Typosquatting?

Answer 43

Registering a fake domain name that looks like a real one to trick users who mistype URLs, often for phishing or malware.

Question 44

What is Brand Impersonation?

Answer 44

Faking a trusted brand to trick users into revealing data or installing malware.

Question 45

What is Elicitation?

Answer 45

Subtle questioning techniques used to get sensitive information from someone.

Question 46

What is Pretexting?

Answer 46

Creating a fake scenario to manipulate someone into providing information or acess.

Question 47

What is Spam?

Answer 47

Unsolicited messages sent over the Internet, often for ads or scams.

Question 48

What is Spam Over Instant Messaging (SPIM)?

Answer 48

Spam sent over instant messaging platforms instead of email.

Question 49

What is Phishing?

Answer 49

Fraudulent emails or sites designed to steal personal info or install malware.

Question 50

What is Spear Phishing?

Answer 50

Targeted phishing aimed at a specific person or organization.

Question 51

What is Whaling?

Answer 51

A phishing attack targeting high-level executives using personalized and high-stakes messages.

Question 52

What is Vishing?

Answer 52

Voice phishing--using phone calls to deceive victims into giving personal or financial information.

Question 53

What is Smishing?

Answer 53

SMS-based phishing attack using fake text messages to steal info or spread malware.

Question 54

What is a Spam Filter?

Answer 54

A tool that blocks unsolicited or harmful emails from reaching your inbox.

Question 55

What is Anti-malware?

Answer 55

Software that protects against, detects, and removes malware.

Question 56

What is a Signature File?

Answer 56

A database of known malware patterns used by anti-malware to detect threats.

Question 57

What is Heuristic-based Detection?

Answer 57

Malware detection using behavior and code analysis to find new or unknown threats.

Question 58

What is a File Integrity Monitor?

Answer 58

A tool that detects unauthorized changes to files or system by comparing current and baseline states.

Question 59

What are the different aspects of Social Engineering?

Answer 59

Authority, Intimidation, Consensus, Urgency, Familiarity, and Trust.

Question 60

What are Threat Intelligence Sources?

Answer 60

Services providing data on current threats, helping organizations prevent or respond to attacks.

Question 61

What is the Open-Source Intelligence (OSINT)?

Answer 61

Intelligence collected from publicly available sources like websites, social media, and news.

Question 62

What is Close/Proprietary Intelligence?

Answer 62

Paid, exclusive threat data gathered and distributed by private cybersecurity organizations.

Question 63

What are Vulnerability Databases?

Answer 63

A public repo of known software and hardware security weaknesses.

Question 64

What is a Trusted Automated eXchange of Intelligence Information (TAXII)?

Answer 64

A secure protocol for sharing cyber threat intelligence over HTTPS.

Question 65

What is a Structured Threat Information eXpression (STIX)?

Answer 65

A structured format for representing and sharing threat intelligence in a machine-readable way.

Question 66

What is Automated Indicator Sharing (AIS)?

Answer 66

A CISA-led program that enables automatic sharing of cyber threat indicators between government and industry.

Question 67

What is the Dark Web?

Answer 67

A hidden part of the Internet accessible only with special tools, often used for anonymous and illicit activities.

Question 68

What are Public/Private Information Sharing Organizations?

Answer 68

Groups that foster cybersecurity info exchange between government and private sector.

Question 69

What are Indicators of Compromise (IoC)?

Answer 69

Forensic evidence like file hashes or IP addresses that suggest a system has been compromised.

Question 70

What is Predictive Analysis?

Answer 70

A method of using data and trends to forecast and prevent future threats.

Question 71

What are Threat Maps?

Answer 71

Visual tools that display real-time global cyberattack data to help monitor threat activity.

Question 72

What are File/Code Repos?

Answer 72

Centralized storage for source code or files, used for development, threat analysis, or secure sharing.

Question 73

What are some research sources one can consult?

Answer 73

Vendor Websites, Conferences, Local Industry Groups, Pubic/Private Sharing Centers, Academic Journals, and Request for Comments (RFC).