Classifying Threats Flashcards
(58 cards)
What is a Known Threats?
A threat that can be identified using basic signature or pattern matching
Once we know it and recognize it - we will block it.
What is a Malware?
Any software intentionally designed to cause damage to a computer, server, client, or computer network
What is a Documented Exploits ?
A piece of software, data or sequence of commands that takes advantage of a vulnerability to cause unintended behavior or to gain unauthorized access to sensitive data
What is an Unknown Threats?
A threat that cannot be identified using basic signature or patter.
Those are the threats we need to look out for and investigate.
What is a matching Zero-day Exploit ?
An unknown exploit in the wild that exposes a vulnerability in software or hardware and can create complicated problems well before anyone realizes something is wrong.
What is an Obfuscated Malware Code ?
Malicious code whose execution the malware author has attempted to hide through various techniques such as compression, encryption, or encoding to severely limit attempts to statically analyze the malware.
What is a Behavior-based Detection?
A malware detection method that evaluates an object based on its intended actions before it can actually execute that behavior
What is a Recycled Threats ?
Refers to the process of combining and modifying parts of existing exploit code to create new threats that are not as easily identified by automated scanning
What is a Known Unknowns?
A classification of malware that contains obfuscation techniques to circumvent signature-matching and detection
What is an Unknown Unknowns ?
A classification of malware that contains completely new attack vectors and exploits
What are Threat Actors?
Those who wish to harm networks or steal secure data
What is a Black Hat Hacker?
An unauthorized hacker – criminals
What is a White Hat Hacker?
An ethical or authorized hacker
What is a Grey Hat Hacker?
A semi-authorized hacker where it sometimes acts as a good or bad folk
Basic activities that hackers perform:
▪ Social Media Profiling
▪ Social Engineering
▪ Network Scanning
▪ Fingerprinting
▪ Service Discovery
▪ Packet Capture
Types of threat actors
- Advanced persistent threat (APT)
- Hacktivists
- Organized crime
- Nation-state
- Script kiddie
- Insider threat
o Intentional
o Unintentional - Supply chain
- Competitor
What is a Script Kiddie?
Uses other people’s tools to conduct their attacks as they do not have the skills to make their own tools.
Script kiddies often don’t understand what they’re doing.
What is an Insider threat?
People who have authorized access to an organization’s network, policies, procedures, and business practices
To prevent an insider threat, organizations need to have policies and enforcement technologies such as
● Data Loss Prevention
● Internal Defenses
● SIEM Search
2 different types of insider threats
-Intentional- an actor who deliberately seeks to cause
harm
-Unintentional- an actor who causes harm because of
carelessness
Solid cybersecurity strategy to counter Insider Threats include: Employee Education and Training, Access Controls, Incident Response Plans and Regular Monitoring
What is a Competitor?
A rogue business attempting to conduct cyber espionage against an organization
What is an Organized Crime?
Focused on hacking and computer fraud to achieve financial gains
What is a Hacktivist?
Politically-motivated hacker who targets governments or
individuals to advance their political ideologies
What is a Nation-State?
A group of attackers with exceptional capability, funding, and organization with an intent to hack a network or system. They conducts highly covert hacks over long periods of time.
Not all APT are nation-states, but almost all nation-states are going to be considered an APT
They’re going to be inside of a victimized network for six to nine months.
Many nation-states tried to present themselves as a threat actor inside of the other groups, so they can maintain a plausible deniability.
A nation-state actor refers to a government or government affiliated group that conducts cyber attacks
What is a Advanced Persistent Threat (APT) ?
An attacker that establishes a long-term presence on a network in order to gather sensitive information.
The main goal of an APT is to harvest sensitive data, intellectual property, and other sensitive information.
An attacker’s ability to obtain, maintain, and diversify access to network systems using exploits and malware
APTs are considered a known unknown threat
What are Key difference between Nation-state and APT threat actors ?
▪ Nation-state is affiliated with the government
▪ APT is a generic type of cyber attack that establishes
long-term presence