Lesson 2 Threat Actors and Threat Intelligence

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

CERT's main motivators for malicious insider threats: ----, ----, and ----

sabotage, financial gain, and business advantage.

AI

science of creating machine systems that can stimulate or demonstrate a similar general intelligence capability to humans.

Public/private information sharing centers

sector specific resources (information sharing and analysis centers - ISACs) for companies and agencies working in critical industries.

Attack Vendor

the person or thing that poses the threat.

Three primary research forms undertaken by security solutions providers/academics:

Behavioral Threat Research, Reputational Threat Intelligence, Threat data

Threat

the potential for someone or something to exploit a vulnerability and breach security

Threat intelligence platforms and feeds are supplied as 1 of 3 different commercial models

Closed/Proprietary, Public/private information sharing centers, Open Source Intelligence

the attacker sends malicious file attachment via email/other communication that allows attachments.

Email attack vendor

restricting access so that only a few known endpoints, protocols/ports, and services/methods are permitted.

Minimizing the attack surface

To assess ----, you identify ---- and then evaluate the likelihood of it being exploited by a ___ and the impact that a successful exploit would have.

Risk, vulnerability, threat

"----" known threats such as Trojans, botnets, etc. can be scanned via 'signature-based scanning.'

Static

TTPS Acronym

Tactics techniques and procedures

Other sources of best practice advice and new research:

academic journals, conferences, requests for comments (published by the W3C), social media

State Actors

acting on behalf of a governmental body, their goals are primarily espionage and strategic advantage but occasionally economic gain and pride.

An Indicator of Compromise (IOC)

residual sign that an asset or network has been successfully attacked or is continuing to be attacked.

Malicious insider

a current or former employee, contractor, or business partner who has/had authorized access to an organization's network system, or data and intentionally exceeded or misused that access in a manner that negatively affected the CIA triad of the organization's information/info systems

Dark Net

a network established as an overlay to the internet infrastructure by software such as TOR, freenet, or I2P that acts to anonymise usage and prevent a 3rd party from knowing about the existence of the network/analyze the activity taking place over the network.

Automated Indicator Sharing (AIS)

a service offered by DHS for companies to participate in threat intelligence sharing.

Zero day

a software vulnerability unknown to those who should be interested in its mitigation. Once the software vendor/organization becomes aware of the attack, thus starts 1-day, 2-day, etc.

Capability

a threat actor's ability to craft novel exploit techniques and tools.

An unintentional/inadvertent insider threat

a vector for an external actor or separate - malicious - internal actor to exploit rather than a threat actor in its own right.

Vulnerability

a weakness that could be triggered accidentally or exploited intentionally to cause a security breach. (Improperly configured hardware/software, insecure password usage, inadequate physical security)

Attack Surface

all points at which a malicious threat actor could try to exploit a vulnerability

Threat Map

an animated graphic showing the source, target, and type of attacks that have been detected by a CTI platform

Hacker

an individual who has the skills to gain access to computer systems through unauthorized or unapproved means

threat forecasting

anticipate a particular attack and possibly identify the threat actor before the attack is fully realized

Deep Web

any part of the world wide web that is not indexed by a search engine (ie. requires registration, blocks search indexing, pages using nonstandard DNS)

Remote and Wireless attack vendor

attacker either obtains credentials for remote access or wireless connection to the network OR cracks security protocols for authentication. An attacker can also spoof a trusted resource like an access point to perform credential harvesting.

Cloud attack vendor

attacker finds an account, service, or host with weak credentials to gain access to a cloud network OR try to attack the cloud service provider directly.

White Hat

authorized hacker who always seeks authorization to perform penetration testing of private servers

Tactic

campaign strategy and approach

Predictive Analysis

can inform risk assessment by giving more accurate, qualified measurements of the likelihood and impact of breach-type events

Cybercrime Syndicate

can operate across the internet from different jurisdictions than its victim, increasing difficulty of prosecution. Typical activities are financial fraud and extortion.

Open Source Intelligence (OSINT)

companies that operate threat intelligence services publically, earning income from consultancy rather than their platform/research effort.

Threat Data

computer data that can correlate events observed on a customer's own networks and logs with known TTP and threat actor indicators.

Removable Media attack vendor

conceals malware on a USB drive/memory card and tricks employees into connecting the media to a PC. laptop, etc.

Threat Research

counterintelligence gathering effort in which security companies and researchers attempt to discover TTPS

Attack Vector

the path that a threat actor uses to gain access to a secure system.

Structured Threat Information EXpression

describes standard terminology for IOCs and ways of indicating relationships between them.

Technique

generalized attack vectors

A Tactic, technique or procedure (TTP)

generalized statement of adversary behavior.

Hacktivist Group

hackers working together and using cyber weapons to promote a political agenda.

file/code repository

holds signatures of known malware code.

Primary sources of threat intelligence

honeynets, dark web

A threat may be ---- or ----

intentional or unintentional

Reputational Threat Intelligence

lists of IP addresses and domains associated with malicious behavior, plus signatures of known file-based indicators.

Common Vulnerabilities and Exposures

lists of vulnerabilities, operated by MITRE

Analyzing behaviors of threat actors involves identifying ---, ---, and ---.

location, intent and capability

Web and social media attack vendor

malware can be concealed in files attached to posts/presented as downloads OR an attacker may compromise a site so that it infects vulnerable browsers.

Behavioral Threat Research

narrative commentary describing examples of attacks and TTPs gathered through primary research sources.

Advanced Persistent Threat (APT)

ongoing ability of an adversary to compromise network security - to obtain and maintain access - using a variety of tools and techniques.

Direct access attack vendor

physical or local attack.

One of the goals of using AI-backed threat intelligence is to perform ---- ----, or threat forecasting - anticipate a particular attack and possibly identify the threat actor before the attack is fully realized

predictive analysis

Trusted Automated EXchange of Indicator Information (TAXII)

provides a means for transmitting CTI data between servers and clients

Supply Chain attack vendor

rather than attack a target directly, the attack is aimed at a company in the target's supply chain

Threat data can be packaged as feeds that integrate with a ------- platform - typically described as ------- data

security information and event management (SIEM), cyber threat intelligence (CTI)

Gray Hat

semi-authorized hacker might try to find vulnerabilities they find. May seek voluntary compensation (bug bounties) but will not extort.

Dark Web

sites, content, and services accessible only over the darknet.

Script Kiddie

someone who uses hacker tools without understanding how they work or being able to craft new attacks. May have no specific target or reasonable goal other than gaining attention/proving technical abilities.

Procedures

specific intrusion tools and methods

Artificial Neural Network

structure that facilitates the machine learning process.

Threats can be characterized as ---- or ---- (ie targeted vs. opportunistic)

structured, unstructured

Motivation

the attacker's reason for perpetrating the attack.

Risk

the likelihood and impact/consequence of a threat actor exploiting a vulnerability

The person or thing that poses the threat is called a ---- or ----

threat actor, threat agent

Closed/Proprietary

threat research and CTI data available only as a paid subscription. They will make the most valuable research available early to platform subscribers in the form of blogs, white papers, webinars.

Internal Threat (aka Insider)

threat that has been granted permissions on the system (ie. employee, contractors, business partners).

External Threat

threat that has no account or authorized access to the target system. Typically infiltrates using malware and/or social engineering.

Black Hat

unauthorized hacker usually associated with illegal or malicious system intrusions.

Name some common IoCs

unauthorized software/files, suspicious emails, suspicious registry and file system changes, excessive bandwidth usage, rogue hardware, service disruption/defacement, suspicious/unauthorized account usage

Shadow IT

users purchase or introduce computer hardware/software to the workplace without the sanction of the IT department and without going through a procurement and security analysis process.

Machine Learning

uses algorithms to parse input data and then develop strategies for using that data. Can modify the algorithm it uses to parse data and develop strategies, gradual improving the decision-making process.

Security assessments must identify ways in which their systems could be attacks, these assessments involve ----, ----, and ----.

vulnerabilities, threats and risk

Intent

what an attacker hopes to achieve from the attack.


Ensembles d'études connexes

BUS102 SU04 Organisational Design: Evolving Structures

View Set

Muscles That Move the Pectoral Girdle and Upper Limb

View Set

Evolve: Urinary/Reproductive System

View Set

1.2.1 Study: How Governments Function

View Set

Nutrition Chp 10: ENERGY BALANCE

View Set