1
Q
Unskilled Attackers
A
- Individuals with limited technical expertise who use readily available tools like downloaded scripts or exploits to carry out attacks
2
Q
Hacktivists
A
- Cyber attackers who carry out their activities driven by political, social, or environmental ideologies who often want to draw attention to a specific cause
3
Q
Organized Crime
A
- Well structured groups that execute cyber attacks for financial gain, usually through methods like ransomware, identity theft, or credit card fraud
4
Q
Nation-State Actors
A
- Highly skilled attackers that are sponsored by governments to carry out cyber espionage, sabotage, or cyber warfare against other nation states or specific target in a variety of industries
5
Q
Insider Threats
A
- Security threats that originate within an organization
- Careless staff members or disgruntled employees
6
Q
Shadow IT
A
- IT systems, devices, software, applications, and services that are managed and utilized without explicit organizational approval
- Also known as “Stealth IT” or “Client IT”
7
Q
Honeypots
A
- Decoy systems or servers designed to attract and deceive potential attackers, simulating real-world IT assets to study their techniques
8
Q
Honeynets
A
- Creates an entire network of decoy systems to observe, complex multi-stage attacks
9
Q
Honeyfiles
A
- Decoy files placed within systems to detect unauthorized access or data breaches
10
Q
Honeytokens
A
- Fake pieces of data, like a fabricated user credential, inserted into databases or systems to alert administrators when they are either accessed or used
- Fake user account, bogus URL
11
Q
Data exfiltration
A
- The unauthorized transfer of data from a computer
EXAMPLE: Logs into employee computer and takes PII, IP, or trade secrets
12
Q
What is one of the most common motivations of cyber criminals?
A
- Financial gain
13
Q
What are some common motivations of threat actors?
A
- Data exfiltration
- Philisophical or political beliefs
- Blackmail
- Ethical reasons
- Espionage
- Revenge
- Service disruption
- Disruption or chaos
- Financial gain
- War
14
Q
Service disruption
A
- Often achieved by conducting a Distributed Denial of Service (DDoS) attack to overwhelm a network, service, or server with excessive amounts of traffic so it becomes unavailable to its normal users
15
Q
Ethical Hackers
A
- Known as Authorized Hackers
- Motivated by a desire to improve security through penetration testing
16
Q
What’s the difference between internal and external threat actors?
A
- Internal are within an organization being attacked (contractors, former employees, business associates)
- External are outside an org and attempt to breach its cyber security defenses (criminals, hacktivists, competitors)
17
Q
What kind of attributes are used to describe a threat actor?
A
- Internal vs. External
- Resources and funding available
- Level of sophistication and capabilities
18
Q
Unskilled attackers are less likely to be motivated by __________ or __________
A
- Financial gain and political ideologies
- More opportunistic in targets and motivated by recognition
19
Q
DDoS Attack
A
- Overwhelming a system or network to deny legitimate users access
20
Q
Doxing
A
- The public release of private information about an individual or organization such as name, home address, phone number, or email
- This is done in hopes someone will take real world action against the victim
21
Q
Hacktivists are primarily motivated by their __________ rather than trying to achieve __________
A
- Ideological Beliefs
- Financial Gains
22
Q
The most sophisticated threat actors are…?
A
- Nation state actors
23
Q
False Flag Attack
A
- An attack orchestrated in such a way that it appears to originate from a different source or group
24
Q
Advanced Persistent Threat (APT)
A
- Associated with nation-state actors and organized cyber crime syndicates due to their long-time persistence and stealth during an attack
- Intruder gains access to a network and remains there for an extended period of time to steal data or monitor activities
25
Stuxnet Worm
- Sophisticated piece of malware designed to sabotage the Iranian government's nuclear program
- You read part of a book on this
26
Why does Shadow IT exist?
- An organization's security posture is actually being set too high or is too complex for business operations to occur without being negatively affected
EXAMPLE: Request for hardware takes too long, so you buy your own... That's shadow IT
27
Threat Vector
- Also called “Attack Vector”
- The specific paths or methods an attacker uses to exploit vulnerabilities in your attack surface
EXAMPLE: Phising emails, SQL injection, Malware/ransomware
28
Attack Surface
- Organization’s total exposure
- Possible entry points where an attacker could get in
EXAMPLE: API’s, databases, USB ports, legacy systems
29
What are ways in which attack surfaces can be minimized?
- Restricting access
- Removing unnecessary software
- Disabling unused protocols
30
What are some examples of threat vectors that can be used against your network?
- Messages: Email phishing links
- Images: Embedding malicious code inside image file
- Files: Disguised as legitimate software
- Voice Calls: Also known as "Vishing"
- Removable devices: Similar to USB uploads... "Baiting"
- Unsecure networks: Wireless networks... Bluetooth
31
BlueBorne
- Set of vulnerabilities in Bluetooth technology that can allow an attacker to take over devices or spread malware
32
BlueSmack
- DOS attack targeting Bluetooth-enabled devices
- Sends Logical Link Control and Adaption Protocol Packet to a targeted device
33
Tactics, Techniques, and Procedures (TTPs)
- Specific methods and patterns of activities and behaviors associated with a particular threat actor or group of threat actors
34
Deception and Disruption Technologies
- Designed to mislead, confuse, and divert attackers from critical assets while simultaneously detecting and neutralizing threats
35
What are some disruption technologies that can be used to help secure networks?
- Using bogus DNS entries
- Creating decoy directories
- Generating dynamic pages
- Using port triggering
- Spoofing fake telemetry data
36
Bogus DNS Entries
- Fake DNS entries introduced into a system's DNS server to mislead or waste attacker's time
37
Decoy Directories
- Fake folders or files placed within a system's storage to mislead attackers to gather false data
38
Dynamic Page Generation
- Used in a website to present every-changing content to web crawlers to confuse and slow down the threat-actor
39
Port Triggering
- Security mechanism where specific services or ports on a network device remain closed until a specific outbound traffic pattern is detected
40
Fake telemetry Data
- A system responding to an attacker's network scan attempt by sending out fake telemetry data or network data
EXAMPLE: Send data that indicates I'm using a different OS than what's really being used
Comptia Security+ Flashcards
flashcards
Decks in class (14)
# Cards
