Anderson's Business Law and the Legal Environment, Comprehensive Volume
23rd EditionDavid Twomey, Marianne Jennings, Stephanie Greene
369 solutions
Operations Management: Sustainability and Supply Chain Management
12th EditionBarry Render, Chuck Munson, Jay Heizer
1,698 solutions
Human Resource Management
15th EditionJohn David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine
249 solutions
Operations Management: Sustainability and Supply Chain Management
12th EditionBarry Render, Chuck Munson, Jay Heizer
1,698 solutions
Recommended textbook solutions
Anderson's Business Law and the Legal Environment, Comprehensive Volume
23rd EditionDavid Twomey, Marianne Jennings, Stephanie Greene
369 solutions
Social Psychology
10th EditionElliot Aronson, Robin M. Akert, Samuel R. Sommers, Timothy D. Wilson
525 solutions
Human Resource Management
15th EditionJohn David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine
249 solutions
Operations Management: Sustainability and Supply Chain Management
12th EditionBarry Render, Chuck Munson, Jay Heizer
1,698 solutions
Recommended textbook solutions
Operations Management: Sustainability and Supply Chain Management
12th EditionBarry Render, Chuck Munson, Jay Heizer
1,698 solutions
Social Psychology
10th EditionElliot Aronson, Robin M. Akert, Samuel R. Sommers, Timothy D. Wilson
525 solutions
Information Technology Project Management: Providing Measurable Organizational Value
5th EditionJack T. Marchewka
346 solutions
Anderson's Business Law and the Legal Environment, Comprehensive Volume
23rd EditionDavid Twomey, Marianne Jennings, Stephanie Greene
369 solutions
- Social Science
- Sociology
-
Flashcards
-
Learn
-
Test
-
Match
-
Flashcards
-
Learn
-
Test
-
Match
Topic 2A: Explain Threat Actor Types and Attack Vectors
Terms in this set (41)
Vulnerability
This is a weakness that can be set off accidentally or on purpose
to cause a security breach.
Improperly configured hardware or software, delays in
applying
patches, misuse of software or protocols, poor network design, bad physical security, bad password policies, etc.
Threat
This is the potential for someone or thing to exploit a vulnerability. This may be intentional or unintentional
Threat Actor/Agent
The person or thing posing the threat
Attack Vector
The path or tool used by a malicious threat actor
Risk
This is the likelihood or impact, aka consequence, of a threat actor exploiting a vulnerability.
In order to assess [], you need to first identify a vulnerability and then evaluate how likely it is to be exploited by a threat, and how that would impact you.
External Threat Actor
has no account or authorized access to the system they
are targeting. This actors have to infiltrate the security system of a
network using malware and/or social engineering. This can be done remotely or on-premises, though I'd wager you'll see remote far more often as it is less risky.
Internal or Insider Threat Actor
is
one that does have some sort
of access and permissions on the system.
The typical example of this is an employee, but business partners and contractors fall under this too.
Intent
describes what the attacker hopes to achieve from the attack.
Do they want to exfiltrate data? Plant a keylogger? Set up a backdoor?
Motivation
the attacker's reason for carrying out the attack. Greed, curiosity,
maybe some sort of revenge scheme, like an angry ex-employee.
Structured Attacks
Sophisticated hacking techniques to identify, penetrate, probe, and carry out malicious activities.
Unstructured Attacks
Moderately skilled attackers initially attack simply for personal gratification. Can lead to more malicious attacks.
Targeted Attack
An attack that sends specially developed bot only to one or a few IP Addresses in the target organization
opportunistic
Someone acting on their own, very new and inexperienced in hacking just launching a pre-made email worm attack
is
an example of an unstructured [] threat
Capability
refers to a threat actor's ability to actually create their own exploit
techniques and tools. Someone who relies on pre-made, widely available attack tools is a least capable threat actor. More capable actors can create their own exploits. Even more capable would be actors than can bring in non-cyber tools, like political or military assets.
tends to be closely tied with funding. More capable actors are going to need more of a budget more often than not.
So sophisticated threat actor groups will need to cultivate plenty of resources: custom attack tools, skilled coders, designers, hackers, social engineers - you can imagine that'll take a far amount
of funding to pull together.
Hacker
describes someone who has the skills necessary to
gain
access to a system through unauthorized or unapproved methods.
Black Hat
Hackers are completely unauthorized
White Hat
Hackers, aka Ethical Hackers, are authorized
Gray Hat
Hackers tend to be in between. They may try and
find
vulnerabilities in a network without asking for approval first, but they may not actively try to exploit those vulnerabilities. They may seek compensation for their finds, such as with bug bounties, but they won't extort anyone over an exploit.
Script Kiddies
These are the folks who use premade hacker tools and scripts without necessarily understanding or caring how they work. They also do not have the ability to craft new attacks themselves.
[] usually don't have a specific structure or target, and their
overall goal usually isn't anything other than gaining attention or notoriety. They just want to try and look cool.
Hacktivist Groups
Uses cyber weapons to promote a political agenda. Examples
would be Anonymous or WikiLeaks. [] may try and get access to and then leak confidential information to
the public, perform denial of service (DoS) attackers, or deface websites.
Political, media, and financial groups tend to be the most at risk targets from these kinds of groups, but environmental and animal advocacy groups may also
target a wide range of industries.
Advanced Persistent Threat (APT)
Rather than focusing on a
system being infected with a virus, this refers to an adversary's ongoing
ability to compromise a network's security. To both obtain and maintain access, using an array of different tools and methods.
State Actors
A person or group that is acting on behalf of a governmental
body. So when we say nation state, we're typically going to hear countries called out by name.
tend to target energy and health network systems, and the goals are primarily espionage and strategic advantage.
Will work somewhat independently from the national government,
military, or secret service that sponsors and protects them in order to keep up
"plausible deniability." Many times they'll even pose as independent groups or
hacktivists.
Criminal Syndicates
Create organized crime. Will seek any chance for criminal profit, the typical activities we see are financial fraud and extortion.
Competitor Attack
attributed to state actors, but it isn't out of the realm of possibility for a business to use cyber espionage against a []
business. They could aim to steal from or disrupt a competitor, or maybe just try and damage their reputation.
These attacks may be carried out by employees who change companies, bringing a certain level of insider knowledge along with them.
Insider Threat Actors
A current or former employee, contractor, or business partner who has or had authorized access to an organization's network,
system, or data, and intentionally exceeded or misused that access.
Come from an actor who has been IDed by the organization and does have some sort of legitimate access to the network.
Of these, you can have
those with permanent privileges - employees, for example - or temporary
privileges, like
contractors and guests.
Unintentional Insider Threats
Create vectors for an external actor to exploit, rather than being the threat actor themselves. This is usually seen by admins who have poor password management or
something.
Shadow IT
when a user brings in their own hardware or software to the workplace without getting permission to do so.
That hardware or software doesn't get looked over for security analysis, so it may
present holes in security.
Attack Surface
All the points and places where a malicious threat actor could try
to exploit a vulnerability. To calculate, you have to consider the kind of attacker. This should be much smaller for external actors than for an insider
threat.
Types of Attack Vectors - Direct Access
This would be a kind of local or physical attack. The attacker
could exploit an unattended workstation, attempt to steal a device, cut cables between servers, etc.
Types of Attack Vectors - Removable Media
An attacker could hide malware on a USB thumb drive or memory card and attempt to trick employees into connecting the drive or card to a PC, laptop, phone ,etc. In some cases just connecting the media is enough to infect the device. In others, the employee might have to try and open a file or app on the drive to trigger the attack
Types of Attack Vectors - Email
Everyone's heard of phishing emails, right? Attackers send some sort of malicious attachment via email or similar means of communication.
Typically the attacker will use elements of social engineering to trick the user into opening the file.
Types of Attack Vectors - Remote & Wireless
The attacker either gets credentials for a remote access
or wireless connection to a network, or they crack the security protocols being
used for authentication. The attacker could also put up a fake trusted access point and then
harvest people's credentials when they connect to it.
Types of Attack Vectors - Supply Chain
Instead of going directly after the target, an attacker may try and
infiltrate via companies in its []. Big example is the Target data breach, made possible through infiltrating via the company's HVAC supplier.
Types of Attack Vectors - Web & Social Media
I think we're pretty used to the idea of someone accidentally getting a virus from a shady website. Malware can be hidden in files attached to website posts, or as a part of a download. Social media can also be used for social engineering purposes.
Types of Attack Vectors - Cloud
Almost everyone or every company has some sort of network component
hosted via Internet-accessible
clouds.
An attacker would only need to find one account, service, or host with weak credentials in order to gain access. Accounts used to manage cloud systems or develop services tend to be targeted more often.
Which of the following would be assessed by likelihood and impact: vulnerability, threat, or risk?
Risk. To assess likelihood and impact, you must identify both the
vulnerability and the threat
posed by a potential exploit.
True or false? Nation state actors primarily only pose a risk to other states.
False—nation state actors have targeted commercial interests for theft, espionage, and extortion.
You receive an email with a screenshot showing a command prompt at one
of your application servers. The email suggests you engage the hacker for a day's
consultancy to patch the vulnerability. How should you categorize this threat?
This is either gray hat (semi-authorized) hacking or black hat (nonauthorized) hacking.
If the request for compensation via consultancy is an extortion threat (if refused, the hacker sells the exploit on the dark web), then the motivation is purely financial gain and can be categorized as
black hat.
If the consultancy is refused and the hacker takes no further action, it can be classed as gray hat.
Which type of threat actor is primarily motivated by the desire for
social change?
Hacktivist
Which three types of threat actors are most likely to have high levels of funding?
State actors, criminal syndicates, and competitors.
You are assisting with writing an attack surface assessment report for a small company. Following the CompTIA syllabus, which two potential attack vectors have been omitted from the following headings in the report? Direct access, Email, Remote and wireless, Web and social media, Cloud.
Removable media and supply chain.
Sets found in the same folderLesson 1A: Comparing Security Roles and Security C…
22 terms
idrissking
Lesson 1B: Comparing Security Roles and Security C…
39 terms
idrissking
Lesson 2B: Explaining Threat Actors and Threat Int…
29 terms
idrissking
Other sets by this creator(Week 9) - Lesson 16D - Identifying Site Policies…
28 terms
idrissking
(Week 9) - Lesson 16C - Identifying Site Policies…
41 terms
idrissking
(Week 9) - Lesson 16B - Identifying Site Policies…
18 terms
idrissking
(Week 9) - Lesson 16A - Identifying Site Policies…
24 terms
idrissking
Verified questions
SOCIOLOGY
What is downsizing? In general, what can be said about the relationship between the disadvantages of downsizing and the advantages of downsizing?
Verified answer
SOCIOLOGY
Match the situation below with the key term (a-e) it illustrates. A corporate chief executive officer is economically forced to terminate employees who are her friends. a. role b. role conflict c. role performance d. role strain e. social interaction.
Verified answer
SOCIOLOGY
Complete the sentence using each term once. a. monogamy b. polyandry c. polygyny d. exogamy e. endogamy f. homogamy g. patrilineal h. blended family i. dual-employed marriage j. boomerang kids. are young adults who live with their parents
Verified answer
SOCIOLOGY
What can older Americans do to increase their impact on government policy and legislation?
Verified answer
Recommended textbook solutionsOperations Management: Sustainability and Supply Chain Management
12th EditionBarry Render, Chuck Munson, Jay Heizer
1,698 solutions
Anderson's Business Law and the Legal Environment, Comprehensive Volume
23rd EditionDavid Twomey, Marianne Jennings, Stephanie Greene
369 solutions
Social Psychology
10th EditionElliot Aronson, Robin M. Akert, Samuel R. Sommers, Timothy D. Wilson
525 solutions
Operations Management
13th EditionWilliam Stevenson
980 solutions
Other Quizlet setsIFSTA 5th - ch 11
20 terms
ENG11540PLUS
CE Shop Final Exam
120 terms
ellaanderson9
NRSG 1600 Exam 1 practice questions 12
24 terms
flickchelseaPLUS
Weather and Climate Exam 2-Topics 6-10
159 terms
madgwil