Cybersecurity Threats: Elite Hackers vs Insiders Quiz

Questions and Answers

What distinguishes a structured threat from an unstructured threat?

The reliance on threat intelligence sources

The involvement of insiders or outsiders

The short duration and small number of individuals

The amount of planning and financial backing (correct)

Which term refers to the methods used by an adversary in a structured threat?

Tactics, techniques, and procedures (TTPs) (correct)

Collusion with outsiders

Unstructured threat intelligence

Corruption of insiders

What characterizes an unstructured threat according to the text?

Short duration and small number of individuals (correct)

Reliance on non-public threat intelligence sources

Extensive financial backing and insider collusion

Highly structured planning and tactics

Which type of hacker is likely to engage in a structured threat?

A hacker with more planning and financial resources

What is the significance of involving insiders in a cyber-attack?

It presents a higher risk of corruption or collusion

How has the Internet impacted the nature of the computer security problem?

Millions of people now perform online transactions daily

Why are elite hackers considered highly dangerous?

They can write scripts to exploit vulnerabilities and discover new ones.

How do insiders differ from outside intruders?

Insiders have knowledge of security systems and can cause immediate damage.

What makes criminal activity on the Internet similar to the physical world?

The type of attacks they employ.

Why do insiders pose a significant threat to organizations?

Insiders have knowledge of security systems and can avoid detection.

What differentiates attacks by criminal organizations from other types of threats?

They tend to fall into the structured threat category.

What can make an 'attack' by an insider particularly risky?

The attack may be an accident and unintended.

What is the basis of understanding adversary tactics, techniques, and procedures (TTPs)?

Open source intelligence

Which incident led to the first large-scale attack on the Internet in November 1988?

Morris Worm in Nov 1988

What type of public sources are commonly used to collect threat intelligence information?

News articles and blogs

How did the hacker Vladimir Levin break into the bank's cash management system?

Dialing into the system

What was the outcome for Vladimir Levin after breaking into Citibank's cash management system?

$10 million stolen, sentenced to 3 years in jail

What type of threat intelligence collection involves processes from public sources like news articles and blogs?

Open source intelligence

Study Notes

Types of Hackers

• Elite hackers are highly technical individuals who can write scripts to exploit vulnerabilities and discover new ones.

Insider Threats

• Insiders are more dangerous than outside intruders because they have access and knowledge to cause immediate damage.
• Insiders often know the security systems and can avoid detection.
• Insider attacks can be accidental or intentional.
• Examples: Chelsea Manning and Edward Snowden.

Physical Access

• Numerous individuals have physical access to company facilities, including custodial crews, contractors, and partners.

Criminal Organizations

• Criminal organizations employ structured threats with planning, financial backing, and possibly collusion with insiders.
• Structured threats involve greater planning, more financial backing, and possibly corruption of insiders.
• Tactics, techniques, and procedures (TTPs) are methods used by adversaries to assist in identification and defense.

Threat Intelligence

• Threat intelligence gathers information from various sources to focus defenses against likely threat actors.
• Threat intelligence is crucial for detecting threats and prioritizing responses.
• There are two comprehensive forms: Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs).

Open Source Intelligence

• Open source intelligence collects threat intelligence information from public sources.
• Public sources include news articles, blogs, and government reports.
• Open source intelligence helps in understanding adversary TTPs.

Historical Incidents

• Morris Worm (1988): first large-scale attack on the Internet; 6000 infected, $100 million in damage.
• Citibank and Vladimir Levin (1994): broke into bank's cash management system; stole $10 million, recovered $9.6 million; 3 years in jail.

Description

Test your knowledge about elite hackers and insider threats in cybersecurity. Learn about the technical skills and vulnerabilities exploited by elite hackers, as well as the dangers posed by insiders who have access to sensitive information and security systems.