CompTIA Security+ 24.3.2 Threat Intelligence Quiz and Flashcards

Study Notes

Threat actors can be classified based on their attributes, including known threats versus adversary behaviors, internal/external, intent/motivation, maliciously targeted versus opportunistic, accidental/unintentional, and level of sophistication, resources, and funding.

Hackers can be classified as white hats, black hats, or gray hats, and may be authorized or unauthorized.
Script kiddies are novice hackers who use existing tools and scripts to launch attacks.
Hacktivists are motivated by a desire for social or political change.
State actors are highly sophisticated and attached to military or secret services.
Advanced Persistent Threats (APTs) are highly targeted and motivated by espionage and strategic advantage.
Criminal syndicates operate across legal jurisdictions and are motivated by criminal profit.
Competitors may engage in cyber espionage and combine with insider threats.
Insider threats can be malicious or unintentional, and may be motivated by sabotage, financial gain, or business advantage.

Attack surface refers to the points where an attacker can discover or exploit vulnerabilities in a network or application.
Attack vectors include direct access, removable media, email, remote and wireless, supply chain, web, and social media.

Threat research sources include counterintelligence, tactics, techniques, and procedures (TTPs), threat research, academic research, analysis of attacks on customer systems, honeypots/honeynets, and dark nets and the dark web.

Threat intelligence providers offer narrative analysis and commentary, reputation/threat data feeds, and platforms and feeds, including closed/proprietary, vendor websites, public/private information sharing centers, and open source intelligence (OSINT) threat data sources.

Other sources include academic journals, conferences, Request for Comments (RFC), and social media.

Tactics, Techniques, and Procedures (TTPs) include campaign strategy and approach, generalized attack vectors, and specific intrusion tools and methods.
Indicators of Compromise (IoCs) include specific evidence of intrusion, individual data points, and correlation of system and threat data.

Threat data feeds include Structured Threat Information expression (STIX), Trusted Automated Exchange of Indicator Information (TAXII), Automated Indicator Sharing (AIS), threat maps, file/code repositories, and vulnerability databases and feeds.

Artificial intelligence (AI) and machine learning (ML) can be used for correlation between security intelligence/event monitoring and threat data, and predictive analysis, including threat forecasting and monitoring "chatter".