Show Recommended textbook solutions
Anderson's Business Law and the Legal Environment, Comprehensive Volume23rd EditionDavid Twomey, Marianne Jennings, Stephanie Greene 369 solutions Operations Management: Sustainability and Supply Chain Management12th EditionBarry Render, Chuck Munson, Jay Heizer 1,698 solutions
Human Resource Management15th EditionJohn David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine 249 solutions
Operations Management: Sustainability and Supply Chain Management12th EditionBarry Render, Chuck Munson, Jay Heizer 1,698 solutions Recommended textbook solutions
Anderson's Business Law and the Legal Environment, Comprehensive Volume23rd EditionDavid Twomey, Marianne Jennings, Stephanie Greene 369 solutions
Social Psychology10th EditionElliot Aronson, Robin M. Akert, Samuel R. Sommers, Timothy D. Wilson 525 solutions Human Resource Management15th EditionJohn David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine 249 solutions
Operations Management: Sustainability and Supply Chain Management12th EditionBarry Render, Chuck Munson, Jay Heizer 1,698 solutions Recommended textbook solutions
Operations Management: Sustainability and Supply Chain Management12th EditionBarry Render, Chuck Munson, Jay Heizer 1,698 solutions
Social Psychology10th EditionElliot Aronson, Robin M. Akert, Samuel R. Sommers, Timothy D. Wilson 525 solutions
Information Technology Project Management: Providing Measurable Organizational Value5th EditionJack T. Marchewka 346 solutions Anderson's Business Law and the Legal Environment, Comprehensive Volume23rd EditionDavid Twomey, Marianne Jennings, Stephanie Greene 369 solutions
Topic 2A: Explain Threat Actor Types and Attack Vectors Terms in this set (41)Vulnerability This is a weakness that can be set off accidentally or on purpose Improperly configured hardware or software, delays in
applying Threat This is the potential for someone or thing to exploit a vulnerability. This may be intentional or unintentional Threat Actor/Agent The person or thing posing the threat Attack Vector The path or tool used by a malicious threat actor Risk This is the likelihood or impact, aka consequence, of a threat actor exploiting a vulnerability. In order to assess [], you need to first identify a vulnerability and then evaluate how likely it is to be exploited by a threat, and how that would impact you. External Threat Actor has no account or authorized access to the system they Internal or Insider Threat Actor is
one that does have some sort The typical example of this is an employee, but business partners and contractors fall under this too. Intent describes what the attacker hopes to achieve from the attack. Do they want to exfiltrate data? Plant a keylogger? Set up a backdoor? Motivation
the attacker's reason for carrying out the attack. Greed, curiosity, Structured Attacks Sophisticated hacking techniques to identify, penetrate, probe, and carry out malicious activities. Unstructured Attacks Moderately skilled attackers initially attack simply for personal gratification. Can lead to more malicious attacks. Targeted Attack An attack that sends specially developed bot only to one or a few IP Addresses in the target organization opportunistic Someone acting on their own, very new and inexperienced in hacking just launching a pre-made email worm attack Capability refers to a threat actor's ability to actually create their own exploit tends to be closely tied with funding. More capable actors are going to need more of a budget more often than not. So sophisticated threat actor groups will need to cultivate plenty of resources: custom attack tools, skilled coders, designers, hackers, social engineers - you can imagine that'll take a far amount Hacker describes someone who has the skills necessary to
gain Black Hat Hackers are completely unauthorized White Hat Hackers, aka Ethical Hackers, are authorized Gray Hat Hackers tend to be in between. They may try and
find Script Kiddies These are the folks who use premade hacker tools and scripts without necessarily understanding or caring how they work. They also do not have the ability to craft new attacks themselves. [] usually don't have a specific structure or target, and their Hacktivist Groups Uses cyber weapons to promote a political agenda. Examples Political, media, and financial groups tend to be the most at risk targets from these kinds of groups, but environmental and animal advocacy groups may also Advanced Persistent Threat (APT) Rather than focusing on a State Actors A person or group that is acting on behalf of a governmental tend to target energy and health network systems, and the goals are primarily espionage and strategic advantage. Will work somewhat independently from the national government, Criminal Syndicates Create organized crime. Will seek any chance for criminal profit, the typical activities we see are financial fraud and extortion. Competitor Attack attributed to state actors, but it isn't out of the realm of possibility for a business to use cyber espionage against a [] These attacks may be carried out by employees who change companies, bringing a certain level of insider knowledge along with them.
Insider Threat Actors A current or former employee, contractor, or business partner who has or had authorized access to an organization's network, Come from an actor who has been IDed by the organization and does have some sort of legitimate access to the network. Of these, you can have Unintentional Insider Threats Create vectors for an external actor to exploit, rather than being the threat actor themselves. This is usually seen by admins who have poor password management or Shadow IT when a user brings in their own hardware or software to the workplace without getting permission to do so. That hardware or software doesn't get looked over for security analysis, so it may Attack Surface All the points and places where a malicious threat actor could try Types of Attack Vectors - Direct Access This would be a kind of local or physical attack. The attacker Types of Attack Vectors - Removable Media An attacker could hide malware on a USB thumb drive or memory card and attempt to trick employees into connecting the drive or card to a PC, laptop, phone ,etc. In some cases just connecting the media is enough to infect the device. In others, the employee might have to try and open a file or app on the drive to trigger the attack Types of Attack Vectors - Email Everyone's heard of phishing emails, right? Attackers send some sort of malicious attachment via email or similar means of communication. Typically the attacker will use elements of social engineering to trick the user into opening the file. Types of Attack Vectors - Remote & Wireless The attacker either gets credentials for a remote access Types of Attack Vectors - Supply Chain Instead of going directly after the target, an attacker may try and Types of Attack Vectors - Web & Social Media I think we're pretty used to the idea of someone accidentally getting a virus from a shady website. Malware can be hidden in files attached to website posts, or as a part of a download. Social media can also be used for social engineering purposes. Types of Attack Vectors - Cloud Almost everyone or every company has some sort of network component An attacker would only need to find one account, service, or host with weak credentials in order to gain access. Accounts used to manage cloud systems or develop services tend to be targeted more often. Which of the following would be assessed by likelihood and impact: vulnerability, threat, or risk? Risk. To assess likelihood and impact, you must identify both the True or false? Nation state actors primarily only pose a risk to other states. False—nation state actors have targeted commercial interests for theft, espionage, and extortion. You receive an email with a screenshot showing a command prompt at one This is either gray hat (semi-authorized) hacking or black hat (nonauthorized) hacking. If the request for compensation via consultancy is an extortion threat (if refused, the hacker sells the exploit on the dark web), then the motivation is purely financial gain and can be categorized as If the consultancy is refused and the hacker takes no further action, it can be classed as gray hat. Which type of threat actor is primarily motivated by the desire for Hacktivist Which three types of threat actors are most likely to have high levels of funding? State actors, criminal syndicates, and competitors. You are assisting with writing an attack surface assessment report for a small company. Following the CompTIA syllabus, which two potential attack vectors have been omitted from the following headings in the report? Direct access, Email, Remote and wireless, Web and social media, Cloud. Removable media and supply chain. Sets found in the same folderLesson 1A: Comparing Security Roles and Security C…22 terms idrissking Lesson 1B: Comparing Security Roles and Security C…39 terms idrissking Lesson 2B: Explaining Threat Actors and Threat Int…29 terms idrissking Other sets by this creator(Week 9) - Lesson 16D - Identifying Site Policies…28 terms idrissking
(Week 9) - Lesson 16C - Identifying Site Policies…41 terms idrissking (Week 9) - Lesson 16B - Identifying Site Policies…18 terms idrissking
(Week 9) - Lesson 16A - Identifying Site Policies…24 terms idrissking Verified questions
SOCIOLOGY What is downsizing? In general, what can be said about the relationship between the disadvantages of downsizing and the advantages of downsizing? Verified answer
SOCIOLOGY Match the situation below with the key term (a-e) it illustrates. A corporate chief executive officer is economically forced to terminate employees who are her friends. a. role b. role conflict c. role performance d. role strain e. social interaction. Verified answer
SOCIOLOGY Complete the sentence using each term once. a. monogamy b. polyandry c. polygyny d. exogamy e. endogamy f. homogamy g. patrilineal h. blended family i. dual-employed marriage j. boomerang kids. are young adults who live with their parents Verified answer
SOCIOLOGY What can older Americans do to increase their impact on government policy and legislation? Verified answer Recommended textbook solutionsOperations Management: Sustainability and Supply Chain Management12th EditionBarry Render, Chuck Munson, Jay Heizer 1,698 solutions
Anderson's Business Law and the Legal Environment, Comprehensive Volume23rd EditionDavid Twomey, Marianne Jennings, Stephanie Greene 369 solutions
Social Psychology10th EditionElliot Aronson, Robin M. Akert, Samuel R. Sommers, Timothy D. Wilson 525 solutions Operations Management13th EditionWilliam Stevenson 980 solutions Other Quizlet setsIFSTA 5th - ch 1120 terms ENG11540PLUS CE Shop Final Exam120 terms ellaanderson9 NRSG 1600 Exam 1 practice questions 1224 terms flickchelseaPLUS Weather and Climate Exam 2-Topics 6-10159 terms madgwil Which term refers to the path or tool used by an attacker to attack a target?An attack vector is a path or means by which an attacker or hacker can gain access to a computer or network server in order to deliver a payload or malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities, including the human element.
What command can he use on one system to identify the network path to the second system?Traceroute – The traceroute command is used to determine the path between two connections. Often a connection to another device will have to go through multiple routers. The traceroute command will return the names or IP addresses of all the routers between two devices.
Which term refers to a risk that remains after implementing controls?Residual risk is the risk that remains after efforts to identify and eliminate some or all types of risk have been made. Residual risk is important for several reasons. First to consider is that residual risk is the risk "left over" after security controls and process improvements have been applied.
Which of the following are considered passive online attacks?Internet security threats/vulnerabilities are divided into passive and active attacks. Examples of passive attacks include network analysis, eavesdropping and traffic analysis.
|