CySA+ Lesson 2A: Threat Classification

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What type of threat is characterized by exploits that have yet to be discovered and documented?

  • Malware
  • Known threats
  • Documented exploits
  • Zero-day exploits (correct)

Which of the following best describes Advanced Persistent Threats (APTs)?

  • Complex malware that self-replicates
  • Ongoing efforts by adversaries to maintain access without detection (correct)
  • Short-term attacks that require minimal resources
  • One-time attacks aimed at financial loss

What is the primary goal of nation-state actors in cyber operations?

  • Disruption of services
  • Financial gain
  • Espionage and strategic advantage (correct)
  • Public awareness

Which group is typically involved in activities aimed at promoting a political ideology?

<p>Hacktivists (C)</p> Signup and view all the answers

Which characteristic is NOT associated with organized crime groups in cyber activities?

<p>Espionage for military purposes (D)</p> Signup and view all the answers

Which of the following groups is an example of a hacktivist organization?

<p>Anonymous (A)</p> Signup and view all the answers

In threat modeling, which type of threat is represented by obfuscated malware code?

<p>Zero-day exploits (A)</p> Signup and view all the answers

Which aspect does threat intelligence NOT focus on?

<p>Analyzing employee behavior (B)</p> Signup and view all the answers

What are the two categories of insider threats?

<p>Intentional and Unintentional (B)</p> Signup and view all the answers

What is a common outcome of cyber attacks conducted by organized crime groups?

<p>Financial loss to victims (C)</p> Signup and view all the answers

What is a characteristic of commodity malware?

<p>It is usually prepackaged and available for purchase on the internet. (A)</p> Signup and view all the answers

Which statement accurately describes a zero-day exploit?

<p>A zero-day exploit is a vulnerability exploited before the vendor is aware and can issue a patch. (A)</p> Signup and view all the answers

What is an Advanced Persistent Threat (APT)?

<p>An organized group of attackers or method of sustained attacks targeting specific systems. (C)</p> Signup and view all the answers

What can be considered an example of an unintentional insider threat?

<p>An employee using unauthorized applications leading to a data breach. (C)</p> Signup and view all the answers

Why do adversaries favor using zero-day vulnerabilities for attacks?

<p>They hold significant financial value and are suited for high-value attacks. (D)</p> Signup and view all the answers

Which type of malware is typically used in general circumstances and can be purchased online?

<p>Commodity malware (A)</p> Signup and view all the answers

Flashcards

Insider Threat

Someone with authorized access to an organization, who poses a security risk.

Intentional Insider Threat

A deliberate attack by someone within an organization.

Unintentional Insider Threat

A security risk caused by negligence or mistake.

Commodity Malware

Generic malware readily available for purchase.

Signup and view all the flashcards

Zero-Day Threat

A vulnerability exploited before a patch is released.

Signup and view all the flashcards

Advanced Persistent Threat (APT)

Highly organized attackers with sustained access to a target.

Signup and view all the flashcards

Hacktivist Group

A group of individuals motivated by social or political agendas.

Signup and view all the flashcards

Shadow IT

Unauthorized IT systems/activities used within an organization.

Signup and view all the flashcards

Nation-State Threat Actor

Groups with cybersecurity expertise, backed by governments, aiming for military or commercial goals. Often have advanced persistent threat (APT) capabilities and resources.

Signup and view all the flashcards

Organized Crime Threat Actor

Groups involved in cybercrime, often focused on fraud, blackmail, and financial gains. May operate internationally.

Signup and view all the flashcards

Hacktivist Threat Actor

Groups using hacking skills to promote an ideology or political agenda, often targeting political adversaries or media outlets, sometimes causing denial-of-service attacks.

Signup and view all the flashcards

Known Threats

Threats with known characteristics, like specific malware or exploits against known vulnerabilities.

Signup and view all the flashcards

Malware

Malicious software designed to damage or disable computer systems.

Signup and view all the flashcards

Threat Intelligence

Understanding adversary behavior to identify relevant threats.

Signup and view all the flashcards

Unknown Threats

Threats with unknown characteristics, like zero-day exploits or obfuscated malware.

Signup and view all the flashcards

Study Notes

CySA+ Lesson 2A

  • Objectives: Classify threats and threat actor types, use attack frameworks and indicator management, and utilize threat modeling and hunting methodologies.

Threat Classification

  • Known Threats: Malware and documented exploits against software vulnerabilities.
  • Unknown Threats: Zero-day exploits and obfuscated malware code.

Threat Actor Types

  • Threat intelligence involves understanding adversary behavior, not just malware signatures or attack vectors.
  • Organized crime groups, hacktivist groups, and other threat entities are monitored to assess their resource levels and how sophisticated their attacks might be.
  • Nation-States use financial and technological resources (APTs) for military or commercial goals, often targeting energy and electoral systems, with espionage and strategic advantage as primary goals. They may support multiple adversary groups with different objectives and levels of collaboration.
  • Organized crime perpetrators may reside outside of a targeted country and may focus on fraud and blackmail. Cybercrime incidents often exceed physical crime in terms of incidence and loss.
  • Hacktivists promote political agendas or ideologies through actions such as releasing confidential information, DoS attacks, or website defacing. They commonly target adversaries in business, media, or politics.

Insider Threats

  • Insider threats can be intentional or unintentional. Intentional threats involve malicious actors inside an organization, while unintentional threats stem from negligence or mistakes that inadvertently create vulnerabilities. A common unintentional insider threat is Shadow IT.

Commodity Malware

  • Commodity malware is prepackaged and readily available for sale on the internet. It is not targeted to a specific entity.
    • Examples include Remote Access Trojans (RATs) and DDoS tools.

Zero-Day Threats

  • Zero-day threats exploit previously unknown vulnerabilities. Adversary groups often discover and exploit these threats before vendors can release patches. These vulnerabilities often have high financial value.

Advanced Persistent Threats (APTs)

  • APTs are highly organized and sophisticated groups capable of discovering exploits to high-value targets. They often maintain persistence within a system by using backdoors, allowing them to re-connect and exfiltrate data at a later time.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Related Documents

CySA+ Lesson 2A PDF

More Like This

Access Control Models
19 questions

Access Control Models

LucrativeMagenta avatar
LucrativeMagenta
Security Threats Classification Quiz
18 questions
Use Quizgecko on...
Browser
Browser