Chapter 3: Threat Actors
Criminal activity on the Internet can include which of the following? (Choose all that apply.) A. Fraud B. Extortion C. Theft D. Embezzlement E. Forgery
A, B, C, D, and E. Criminal activity on the Internet at its most basic is no different from criminal activity in the physical world. Fraud, extortion, theft, embezzlement, and forgery all take place in the electronic environment.
Which of the following are reasons that the insider threat is considered so dangerous? (Choose all that apply.) A. Insiders have the access and knowledge necessary to cause immediate damage to an organization. B. Insiders may actually already have all the access they need to perpetrate criminal activity such as fraud. C. Insiders generally do not have knowledge of the security systems in place, so system monitoring will allow for any inappropriate activity to be detected. D. Attacks by insiders are often the result of employees who have become disgruntled with their organization and are looking for ways to disrupt operations.
A, B, and D. Insiders frequently do have knowledge of the security systems in place and are thus better able to avoid detection.
What is the name given to the group of individuals who not only have the ability to write scripts that exploit vulnerabilities but also are capable of discovering new vulnerabilities? A. Elite hackers B. Hacktivists C. Uber hackers D. Advanced persistent threat actors
A. Elite hackers is the name given to those who not only have the ability to write scripts that exploit vulnerabilities but also are capable of discovering new vulnerabilities.
Warfare conducted against the information and information processing equipment used by an adversary is known as which of the following? A. Information warfare B. Cyber warfare C. Offensive cyber operations D. Computer espionage
A. Information warfare is warfare conducted against the information and information processing equipment used by an adversary. Cyber warfare and offensive cyber operations are terms that you may encounter, but the more generally accepted term for this type of activity is information warfare. Computer espionage is generally associated with intelligence gathering and not general computer warfare.
Which of the following is the term used to refer to individuals who do not have the technical expertise to develop scripts or discover new vulnerabilities in software but who have just enough understanding of computer systems to be able to download and run scripts that others have developed? A. Script kiddies B. Hackers C. Simple intruders D. Intermittent attackers
A. Script kiddies is the label used to refer to individuals who do not have the technical expertise to develop scripts or discover new vulnerabilities in software but who have just enough understanding of computer systems to be able to download and run scripts that others have developed. Hackers is the more general term used to refer to individuals at all levels who attempt to gain unauthorized access to computer systems and networks. The other two answers are not terms used in the security community.
Which of the following are true concerning attacker skill and sophistication? (Choose all that apply.) A. The level of complexity for modern networks and operating systems has grown so that it is nearly impossible for anyone but the most skilled of hackers to gain unauthorized access to computer systems and networks. B. Attackers do not have magic skills, but rather the persistence and skill to keep attacking weaknesses. C. With the introduction of cloud computing during the last decade, attackers now primarily focus on the cloud, thus reducing the level of sophistication required to conduct attacks since they can focus on a more limited environment. D. There is a surprising number of attacks being performed using old attacks, old vulnerabilities, and simple methods that take advantage of "low-hanging fruit."
B and D. While the complexity of systems is indeed increasing, there still exists a large number of computers and networks that have not been adequately protected, making it possible for less sophisticated attackers to gain unauthorized access. Additionally, while cloud computing has added another focus for attackers, it has not eliminated computer systems and networks in general as potential targets.
What is the term used to define attacks that are characterized by using toolkits to achieve a presence on a target network, with a focus on the long game—maintaining a persistence on the target network? A. Covert network threat B. Advanced persistent threat C. Covert channel attack D. Concealed network presence
B. Advanced persistent threats (APTs) are attacks characterized by using toolkits to achieve a presence on a target network and then, instead of just moving to steal information, focusing on the long game, maintaining a persistence on the target network. Their tactics, tools, and procedures are focused on maintaining administrative access to the target network and avoiding detection. Covert channels are indeed a concern in security but are a special category of attack. The other terms are not generally used in the security community.
When discussing threat concerns regarding competitors, which of the following is true? A. There are no known cases of criminal activity involving people moving from competitor to competitor, taking insider information with them for years. B. Where in the past it would take significant risk to copy the detailed engineering specifications of a major process for a firm, today it can be accomplished with a few clicks and a USB drive. C. Modern search engines make it less likely that a competitor could steal intellectual property without being detected. D. With increases in digital forensics, it is now more difficult to copy and steal proprietary digital information or disrupt operations.
B. In today's world of global economic activity, much of it is enabled by the interconnected nature of businesses. Many businesses have an information component that is easier to copy, steal, or disrupt than older, more physical assets. Additionally, there have been cases of people moving from competitor to competitor, taking insider information with them for years, even decades, before the Internet was developed.
Which of the following is the term used to describe the processes used in the collection of information from public sources? A. Media exploitation B. Open source intelligence C. Social media intelligence D. Social engineering
B. Open source intelligence is the term used to describe the processes used in the collection of intelligence from public sources. Human intelligence (HUMINT) is a specific category of intelligence gathering focused on obtaining information directly from individuals. The other terms are not generally used by security professionals.
What is the name given to a group of hackers who work together for a collectivist effort, typically on behalf of some cause? A. Script kiddies B. Hacktivists C. Motivated hackers D. Organized intruders
B. When hackers work together for a collectivist effort, typically on behalf of some cause, they are referred to as hacktivists. Hacktivist groups may include script kiddies, but in general script kiddies do not have the skills to participate in a meaningful manner in advancing a hacktivist cause, although they may be enlisted as ground troops to add volume to an attack. The other two terms are not generally used in the security community.
Attacks by individuals from organized crime are generally considered to fall into which threat category? A. Highly structure threats B. Unstructured threat C. Structured threat D. Advanced persistent threat
C. Attacks by criminal organizations usually fall into the structured threat category characterized by a greater amount of planning, a longer period of time to conduct the activity, more financial backing to accomplish it, and possibly corruption of, or collusion with, insiders. Highly structured threats require greater planning, while unstructured threats require less, and APT attacks are typically nation state in origin, not organized criminals.
What term is used to describe the gathering of information from a variety of sources, including non-public sources, to allow an entity to properly focus their defenses against the most likely threat actors? A. Infosec analysis B. Data intelligence C. Threat intelligence D. Information warfare
C. Threat intelligence is the gathering of information from a variety of sources, including non-public sources, to allow an entity to properly focus their defenses against the most likely threat actors. Information warfare is conducted against the information and information processing equipment used by an adversary and consists of a larger range of activities. The other two terms are not generally used by security professionals.
What term is used to describe the type of threat that is characterized by a much longer period of preparation (years is not uncommon), tremendous financial backing, and a large and organized group of attackers? A. Advanced capability threat B. Structured threat C. Nation-state threat D. Highly structured threat
D. A highly structured threat is characterized by a much longer period of preparation (years is not uncommon), tremendous financial backing, and a large and organized group of attackers. The threat may include attempts not only to subvert insiders but also to plant individuals inside of a potential target in advance of a planned attack. This type of threat generally is much more involved and extensive than a structured threat. The other terms are not commonly used in the security industry.
Which of the following is the term generally used to refer to the act of deliberately accessing computer systems and networks without authorization? A. Phishing B. Threat C. Vulnerability D. Attack
D. Attack is the term that is now generally accepted when referring to the act of gaining unauthorized access to computer systems and networks. The terms phishing, threat, vulnerability all relate to attacks, but are not the act of attacking.
Attacks by an individual or even a small group of attackers fall into which threat category? A. Unorganized threat B. APT C. Singular threat D. Hactivist
D. Attacks by an individual or even a small group of attackers fall into the hactivist threat category. Attacks by criminal organizations usually fall into the structured threat category. The other two answers are not categories of threats used by the security community.
