12 Questions
What is the main purpose of defining a new Activity Group?
To track how intrusions are carried out
Why is it emphasized that Activity Groups are not about attribution?
To avoid carrying too much analytical baggage related to Threat Actors
What would be disrupted if another adversary pretends to be another adversary (false flag)?
The tracking of how intrusions are done
Why are defenders told to defend against Activity Groups rather than Threat Actors?
To simplify the defense strategy for defenders
What is the focus of threat intelligence?
The figurative fingerprint left by adversaries
How are targets and victims defined in the context of cyber threats?
Targets are the ultimate goal of the adversary, while victims are anything compromised along the way
What do Tactics, Techniques, and Procedures (TTPs) represent in the context of adversary activity?
High-level methods to achieve a goal, steps to achieve that goal, and granular steps describing the steps taken in achieving the goal
What is the difference between targets and victims in a cyber threat context?
Targets are the ultimate goal of the adversary, while victims are anything compromised along the way
What do most people mean when they refer to signatures in the security industry?
Indicators of potential threats
In the context of security, what does behavioral analytics aim to identify?
Behaviors exhibited by threats
What is an example of a simple behavioral analytic mentioned in the text?
Files dropping into the TEMP directory and elevating privileges
How should indicators and past events be leveraged according to the text?
To think about the behaviors exhibited
Learn about defining new Activity Groups for intrusions and the mathematical formula to define them. Understand that Activity Groups are not about attribution but about analyzing intrusions based on infrastructure and victim changes.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
