Threat Landscape Flashcards
(21 cards)
What are Cyber Stalkers / Bullies primarily associated with?
Social media and text messages
Includes activities like trolling.
Who are Hacktivists?
Cyber vigilantes engaged in political activism
Often operate in loosely affiliated groups.
What techniques do Thieves use?
Techniques that have worked for years
Organized crimes range from theft to hacking to distribution of illicit materials.
What types of espionage are conducted by Spies?
International, corporate, and research
Sometimes conducted by insiders.
What activities do Terrorists engage in within the cyber domain?
Promotional/marketing, communications, raise funds, defacement, cyber attacks
These activities aim to disrupt and create fear.
What does the acronym APT stand for?
Advanced Persistent Threats
Refers to nation-state cyber warfare.
What are the two enablers for the current complexity of the cyber ecosystem?
Sharing of information and protection of information
These factors contribute to both threats and defenses.
What characterizes unstructured attacks?
Opportunistic or for reconnaissance purposes
Targets are selected based on automated scans and blanket vulnerabilities.
How are structured attacks different from unstructured attacks?
More organized and elegant, conducted in phases
Can cause significant damage.
What defines direct attacks?
Attacks looking to compromise specific flaws in real time
Often targeted and intentional.
What are indirect attacks characterized by?
Indiscriminate actions, such as spreading a worm or email
Typically not aimed at a specific target.
What does MITRE ATT&CK stand for?
Tactics, techniques, and procedures used by cyber threat actors
It provides a framework for understanding cyber threats.
What are tactics in the context of MITRE ATT&CK?
Patterns, activities, and methods a cyber threat actor may use
Examples include reconnaissance and exploitation.
What are techniques in MITRE ATT&CK?
Intermediate steps in a cyber threat actor’s plan of attack
Includes actions like network infiltration and lateral movements.
What are procedures in MITRE ATT&CK?
Specific steps of a technique, unique to a specific attack
They detail how techniques are executed.
What is a primary goal of a threat actor when gaining access to a system?
Consolidation and Exploitation, Evading Defenses and Detection, Discovery and Lateral Movement, harm CIA and accomplish attack outcomes
This often involves multiple steps and techniques.
What does consolidation and exploitation involve?
Escalate access to administrative access and maintain remote access
This is crucial for long-term control of compromised systems.
What tactics are used for evading defenses and detection?
Clearing of logs
Helps maintain stealth during an attack.
What is involved in the discovery and lateral movement phase?
Assessing local system information and improving access to administrative levels
This often includes credential manipulation.
What is the purpose of reconnaissance in cyber attacks?
To gather information for creating payloads and exploiting systems
Enables further attacks by identifying vulnerabilities.
Fill in the blank: Once stable access is achieved, a threat actor can harm ______ and accomplish attack outcomes.
CIA
CIA stands for Confidentiality, Integrity, and Availability.
