CySA+ Lesson 2A: Threat Classification

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What type of threat is characterized by exploits that have yet to be discovered and documented?

Malware

Known threats

Documented exploits

Zero-day exploits (correct)

Which of the following best describes Advanced Persistent Threats (APTs)?

Complex malware that self-replicates

Ongoing efforts by adversaries to maintain access without detection (correct)

Short-term attacks that require minimal resources

One-time attacks aimed at financial loss

What is the primary goal of nation-state actors in cyber operations?

Disruption of services

Financial gain

Espionage and strategic advantage (correct)

Public awareness

Which group is typically involved in activities aimed at promoting a political ideology?

Hacktivists Signup and view all the answers

Which characteristic is NOT associated with organized crime groups in cyber activities?

Espionage for military purposes Signup and view all the answers

Which of the following groups is an example of a hacktivist organization?

Anonymous Signup and view all the answers

In threat modeling, which type of threat is represented by obfuscated malware code?

Zero-day exploits Signup and view all the answers

Which aspect does threat intelligence NOT focus on?

Analyzing employee behavior Signup and view all the answers

What are the two categories of insider threats?

Intentional and Unintentional Signup and view all the answers

What is a common outcome of cyber attacks conducted by organized crime groups?

Financial loss to victims Signup and view all the answers

What is a characteristic of commodity malware?

It is usually prepackaged and available for purchase on the internet. Signup and view all the answers

Which statement accurately describes a zero-day exploit?

A zero-day exploit is a vulnerability exploited before the vendor is aware and can issue a patch. Signup and view all the answers

What is an Advanced Persistent Threat (APT)?

An organized group of attackers or method of sustained attacks targeting specific systems. Signup and view all the answers

What can be considered an example of an unintentional insider threat?

An employee using unauthorized applications leading to a data breach. Signup and view all the answers

Why do adversaries favor using zero-day vulnerabilities for attacks?

They hold significant financial value and are suited for high-value attacks. Signup and view all the answers

Which type of malware is typically used in general circumstances and can be purchased online?

Commodity malware Signup and view all the answers

Study Notes

CySA+ Lesson 2A

Objectives: Classify threats and threat actor types, use attack frameworks and indicator management, and utilize threat modeling and hunting methodologies.

Threat Classification

Known Threats: Malware and documented exploits against software vulnerabilities.
Unknown Threats: Zero-day exploits and obfuscated malware code.

Threat Actor Types

Threat intelligence involves understanding adversary behavior, not just malware signatures or attack vectors.
Organized crime groups, hacktivist groups, and other threat entities are monitored to assess their resource levels and how sophisticated their attacks might be.
Nation-States use financial and technological resources (APTs) for military or commercial goals, often targeting energy and electoral systems, with espionage and strategic advantage as primary goals. They may support multiple adversary groups with different objectives and levels of collaboration.
Organized crime perpetrators may reside outside of a targeted country and may focus on fraud and blackmail. Cybercrime incidents often exceed physical crime in terms of incidence and loss.
Hacktivists promote political agendas or ideologies through actions such as releasing confidential information, DoS attacks, or website defacing. They commonly target adversaries in business, media, or politics.

Insider Threats

Insider threats can be intentional or unintentional. Intentional threats involve malicious actors inside an organization, while unintentional threats stem from negligence or mistakes that inadvertently create vulnerabilities. A common unintentional insider threat is Shadow IT.

Commodity Malware

Commodity malware is prepackaged and readily available for sale on the internet. It is not targeted to a specific entity.
- Examples include Remote Access Trojans (RATs) and DDoS tools.

Zero-Day Threats

Zero-day threats exploit previously unknown vulnerabilities. Adversary groups often discover and exploit these threats before vendors can release patches. These vulnerabilities often have high financial value.

Advanced Persistent Threats (APTs)

APTs are highly organized and sophisticated groups capable of discovering exploits to high-value targets. They often maintain persistence within a system by using backdoors, allowing them to re-connect and exfiltrate data at a later time.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Description

Dive into the world of cybersecurity with Lesson 2A of CySA+. This module covers various threat classifications, known and unknown threats, and the types of threat actors. Understand the motivations and resources behind these entities, including nation-states and organized crime groups.