Podcast
Questions and Answers
The Cyber Kill Chain® is a model developed by academics and professionals to explain the vulnerability of systems to attack.
The Cyber Kill Chain® is a model developed by academics and professionals to explain the vulnerability of systems to attack.
False
MITRE ATT&CK is a model used to illustrate attacks and vulnerabilities in systems.
MITRE ATT&CK is a model used to illustrate attacks and vulnerabilities in systems.
True
The WannaCry ransomware attack was not discussed in the content of the text.
The WannaCry ransomware attack was not discussed in the content of the text.
False
Engaging with external academic and professional resources is not important for a future career in cyber security.
Engaging with external academic and professional resources is not important for a future career in cyber security.
Signup and view all the answers
Using the CLMS resources is mentioned as an important step in understanding advanced persistent threats.
Using the CLMS resources is mentioned as an important step in understanding advanced persistent threats.
Signup and view all the answers
Risk is not a significant topic in the field of cyber security.
Risk is not a significant topic in the field of cyber security.
Signup and view all the answers
An untargeted attack involves selective attacks on organizations.
An untargeted attack involves selective attacks on organizations.
Signup and view all the answers
Phishing, ransomware, and compromised credentials are examples of intentional threats caused by deliberate actions.
Phishing, ransomware, and compromised credentials are examples of intentional threats caused by deliberate actions.
Signup and view all the answers
Reducing the attack surface refers to increasing the vulnerabilities through which unauthorized users can access a system.
Reducing the attack surface refers to increasing the vulnerabilities through which unauthorized users can access a system.
Signup and view all the answers
APTs typically require low levels of investment in time and money due to their simplistic nature.
APTs typically require low levels of investment in time and money due to their simplistic nature.
Signup and view all the answers
The Cyber Kill Chain® is a model designed to enhance APTs and make them more complex.
The Cyber Kill Chain® is a model designed to enhance APTs and make them more complex.
Signup and view all the answers
The attack surface could be divided into physical, digital, and weather-related surfaces.
The attack surface could be divided into physical, digital, and weather-related surfaces.
Signup and view all the answers
The Cyber Kill Chain® has seven stages that can be disrupted or prevented by adopting appropriate cyber security controls.
The Cyber Kill Chain® has seven stages that can be disrupted or prevented by adopting appropriate cyber security controls.
Signup and view all the answers
The Simplified NCSC Kill Chain developed by the UK's National Cyber Security Centre has four stages.
The Simplified NCSC Kill Chain developed by the UK's National Cyber Security Centre has four stages.
Signup and view all the answers
The MITRE ATT&CK model was developed by The MITRE Corporation in 2013 and strictly follows a set order of tactics.
The MITRE ATT&CK model was developed by The MITRE Corporation in 2013 and strictly follows a set order of tactics.
Signup and view all the answers
Each tactic in the MITRE ATT&CK model is further divided into different techniques used by attackers to compromise a computer system.
Each tactic in the MITRE ATT&CK model is further divided into different techniques used by attackers to compromise a computer system.
Signup and view all the answers
The 'Initial Access' tactic within the MITRE ATT&CK model contains five techniques.
The 'Initial Access' tactic within the MITRE ATT&CK model contains five techniques.
Signup and view all the answers
Understanding assets, vulnerabilities, threats, and attacks is not essential in comprehending cyber security concepts.
Understanding assets, vulnerabilities, threats, and attacks is not essential in comprehending cyber security concepts.
Signup and view all the answers
Study Notes
Types of Attacks
- Untargeted attacks: involve indiscriminate attacks on organisations
- Advanced Persistent Threats (APTs): utilise multiple attack vectors over an extended period to compromise a system
Attack Vectors
- Examples of intentional threats caused by deliberate actions
- Include: Phishing, Ransomware, Third-party vendors and business partners, Compromised credentials, Misconfiguration, Unpatched vulnerabilities, No or inadequate encryption, Insider threats
Attack Surface
- The total number of vulnerabilities through which an unauthorised user can access a system
- Systems with large attack surfaces are more vulnerable than those with small surfaces
- Can be divided into three separate surfaces: digital attack surface, physical attack surface, and social engineering attack surface
Cyber Kill Chain
- A model for identifying and neutralising APTs
- Consists of seven steps, all of which must be successful for the attack to succeed
- Developed by Lockheed Martin in 2011
Simplified NCSC Kill Chain
- A simplified version of the Cyber Kill Chain with just four stages
- Developed by the UK's National Cyber Security Centre (NCSC) in 2016
MITRE ATT&CK
- A model developed by the MITRE Corporation in 2013
- Divided into different tactics with no strict order to follow
- Each tactic is further subdivided into techniques used by attackers to compromise a computer system
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Test your knowledge on cybersecurity threats and attack vectors such as phishing, ransomware, compromised credentials, and insider threats. Learn about untargeted attacks, attack vectors, and the concept of attack surface.