Threats, Vulnerabilities, and Mitigations Flashcards
Domain 2, Chapters 5-9
Threat Actors
What is a Nation State type threat actor?
Government-backed cyber operatives.
These are government sponsored entities that engage in cyber operations to further their national interests. Often possessing substantial resources and advanced technical capabilities, nation states can launch sophisticated attacks, such as espionage, data theft, and even sabotage.
Chapter 5
What is an Advanced Persistend Threat (APT)?
An APT is a sophisticated and focused cyberattack launched by well-funded and highly skilled opponents, such as nation-backed agents or organized cybercriminal groups. APTs are recognized for their ability to break into a specific system or network, stay hidden for a long time, and quietly steal important data or cause damage bit by bit over an extended period.
What is an Unskilled attacker?
Novice with limited hacking skills.
Unskilled attackers lack technical prowess and often resort to using off-the-shelf tools or purchasing tools from the dark web. These individuals might include script kiddies or other individuals with minimal understanding of hacking methodologies
Chapter 5
What is a Hactivist?
Activist hacker with political or social agenda.
Hacktivists are individuals or groups driven by ideological, political, or social motives. They employ cyber tactics to promote a cause, raise awareness, or enact change.
Chapter 5
What is an Insider threat?
Trusted insider posing cybersecurity risks.
Insider threats originate from within an organization and can be particularly challenging to detect. These threat actors include employees, contractors, or business partners who misuse their access to compromise data, systems, or networks. Insider threats can be unintentional (such as employees falling victim to phishing attacks) or intentional when disgruntled personnel seek revenge or financial gain.
Chapter 5
What is an Organized crime threat actor?
Criminal group seeking financial gain via cybercrime.
These threat actors operate like cybercriminal enterprises, engaging in activities such as ransomware attacks, credit card fraud, and identity theft. Their operations are characterized by a hierarchical structure, division of labor, and a focus on monetary gains. The increasing monetization of cyberattacks has turned organized crime into a major cybersecurity concern.
Chapter 5
What is Shadow IT?
*Unauthorized, unregulated tech use within an organization. *
Shadow IT refers to technology used within an organization without proper approval or oversight from the IT department. While not necessarily malicious, shadow IT can create
vulnerabilities and expose an organization to security risks.
Chapter 5
Define an Internal threat actor.
These originate from within an organization’s own ranks, often taking advantage of their familiarity with systems, networks, and processes. They can be employees, contractors, or even
business partners.
Chapter 5
Define an External threat actor.
These come from outside the organization and include a wide range of entities, from individual hackers to organized crime groups and nation states. External threat actors typically lack
direct knowledge of the target’s internal systems, which may lead them to rely on reconnaissance and social engineering to gain access.
Chapter 5
What are the three common message based attack vectors?
Email: Phishing, malicious attachments
Short Message Service (SMS): Text-based scams, malicious links, and smishing
Instant messaging (IM): Chat-based phishing, malware distribution, and social engineering
Chapter 6
What is an image-based attack vector?
Malware hidden in images, steganography
Cyber attackers exploit image-based vulnerabilities to embed harmful code or links. These
seemingly harmless images can lead to unauthorized access, ransomware attacks, and system compromises.
Chapter 6
What is a file-based attack vector?
Malicious files, trojans, ransomware distribution
Malicious files exploit software vulnerabilities, launching cyberattacks when opened. These files execute harmful code, enabling hackers to breach systems, steal data, or gain control remotely.
Chapter 6
Explain what a voice call attack vector is.
Vishing, social engineering via voice
Attackers can manipulate voice calls to deceive users into revealing personal information, gaining unauthorized access, or perpetrating financial fraud. An example of this is caller ID spoofing, in which the attacker ingeniously disguises the true origins of a call, making it look like someone else is contacting you.
Chapter 6
What is a removable device attack vector?
Malware on USBs, data theft
Removable devices, from USB drives to external hard drives, offer a convenient means of data transfer. When introduced into a network or system, infected removable devices can spread malware, compromise security, and enable unauthorized access.
Chapter 6
What is vulnerable software attack vector?
Exploiting software vulnerabilities for attacks.
Vulnerabilities often arise from coding errors, design flaws, or outdated components within the software, making it susceptible to various cyber threats such as viruses, malware, and cyberattacks.
Chapter 6
Wha are the two types of software vulerability scanning.
Client-based scanning: Client-based scanning (in which an agent resides on each host) operates as a tool for automating vulnerability discovery and classification, efficiently reporting to a central management server.
Agentless scanning: On the flip side, agentless-based scanning, which is the preferred method for threat actors during reconnaissance, is employed to scan hosts without necessitating any installations. Examples of agentless-based scanning are Nmap and Wireshark.
Chapter 6
What are the vulnerabilities for each of the following unsecured networks:
Wireless
Wired
Bluetooth
Wireless: Hacking via Wi-Fi networks, Bluetooth. A wireless network using open system authentication lacks encryption. This means that any data exchanged between a guest’s device and a hotel’s network, for instance, is sent in plain text that cybercriminals with the right tools can intercept to eavesdrop on this data, potentially accessing sensitive information.
Wired: Attacks on physically connected systems. Without proper encryption and access controls, unauthorized physical access to network ports can lead to data breaches and malware attacks. To preserve the integrity and reliability of these networks, implementing stringent access controls, encryption protocols, and consistent security assessments is crucial. We should also remove the patch cables for ports that are not being used.
Bluetooth: Exploiting device connections, data interception. A personal area network (PAN) is a Bluetooth network. Bluetooth features, such as easy pairing, can open the door to security breaches. While designed to simplify device connections, it can also inadvertently allow unauthorized access when left unchecked. Attackers equipped with specialized tools can exploit the relaxed pairing process, potentially infiltrating devices and compromising sensitive data.
Chapter 6
What are open service ports a weakness?
Exploiting open ports for unauthorized access.
Open ports provide entry points to networked systems and applications. Attackers scan for these openings and exploit them to gain unauthorized access or execute malicious code. Regular port scanning and closing unnecessary ports are vital steps in minimizing this attack surface.
Chapter 6
Why are default credentials a weakness?
Attacks using unchanged factory settings.
Default credentials (often set by manufacturers for ease of installation) are a glaring point of weakness. Attackers leverage default usernames and passwords to gain unauthorized access to systems and applications, and these default credentials are posted on several websites.
Chapter 6
What are the three types of supply chains that can be exploited?
Managed service providers (MSPs): Breaching via service providers
Vendors: Exploiting vulnerabilities through external partners
Suppliers: Attacking through the supply chain network
Chapter 6
What is human vector/social engineering?
Manipulating human psychology for breaches.
Chapter 6
What is (spear) phishing?
Deceptive emails for data theft
Spear phishing is a more targeted variant of phishing. It involves attacks directed at specific groups, such as the board of directors at a company. These emails are tailored to create a sense of authenticity and urgency, enticing the victim to click on a link embedded in the email, which typically leads to a malicious website or triggers a malware download.
Chapter 6
What is smishing?
SMS-based deceptive tactics
Smishing:Smishing extends phishing to text messages, tricking recipients into clicking malicious links. A seemingly harmless SMS might prompt you to click a link that downloads malware onto your device.
Chapter 6
What is Vishing?
Voice-based social engineering attacks
Chapter 6
