Understanding Cyber Threat Actors and Attack Vectors

Questions and Answers

What is the term used to describe an individual or group that poses a threat to cybersecurity?

Hacking perpetrator

Malware attacker

Security breacher

Cyber threat actor (correct)

What is the primary motivation of black hat hackers?

Financial gain (correct)

Ideological motivations only

Self-protection

Protecting others from cyber threats

What is the attack vector in a cyber attack?

The type of malware used

The targeted sector of the attack

The path and tool used by a malicious threat actor to intrude a computer system (correct)

The level of sophistication of the threat actor

What is a characteristic of black hat organizations?

They have call centers to make outbound calls

What do black hat hackers sometimes try to convince victims to do?

Allow remote access to their computers

What is a way to categorize threat actors?

By their motivation, type of attack, and targeted sector

What is the primary objective of penetration testing?

To identify vulnerabilities and weaknesses in an organization's defenses

What is the purpose of reconnaissance and research in penetration testing?

To identify ways to legally bypass security controls and mechanisms

What do white hat hackers create to distract cybercriminals?

Honeypots

What is the purpose of a honeypot?

To mimic a target for hackers and gain information about cybercriminals

What do gray hat hackers often do?

Look for vulnerabilities in a system without the owner's permission

What do gray hat hackers sometimes do after finding issues?

Report the issues to the owner for a small fee

What is the purpose of Nmap's port scan?

To determine which services a host is running

What is theHarvester used for?

To gather open-source intelligence (OSINT) for a particular domain or company

What is the purpose of the nslookup command?

To query internet domain name servers

What is the main goal of service discovery?

To determine which services each host is running

What is Nmap Netstat used for?

To show the state of TCP/UDP ports on the local machine

What does Dnsenum do?

Packages a number of DNS tests into a single query

What is a primary goal of an attacker using a rootkit?

To gain remote control and administration-level access over a system

Why are IoT attacks becoming more popular?

Due to the rapid growth of IoT devices and low priority given to embedded security

What is a common result of a rootkit attack?

Data theft

What type of access can an attacker gain using a rootkit?

Administration-level access

What is a common target of IoT attacks?

Low-security devices

What is the primary goal of threat hunting in a network?

To proactively search for undetected cyber threats

What is the primary purpose of a penetration testing process?

To test the efficiency of security measures in place

What is the role of the red team in a red team/blue team exercise?

To try to attack an organization's cybersecurity defenses

What is the main difference between social engineering and technical hacking?

Social engineering uses human nature, while technical hacking uses technical skills

What is the final phase of the penetration testing process?

Final analysis and report

What is the primary goal of a blue team in a red team/blue team exercise?

To defend against and respond to the red team's attack

Study Notes

Cybersecurity Threats and Actors

• Cybersecurity threats are often posed by individuals or groups known as threat actors.
• Black hat hackers typically aim for illicit profit, personal gain, or to exploit vulnerabilities for malicious purposes.
• Attack vectors represent the methods used by threat actors to gain unauthorized access to systems, such as phishing or malware.

Characteristics and Motivations of Hackers

• Black hat organizations often engage in illegal activities, focusing on breach and exploitation without ethical considerations.
• Black hat hackers may attempt to persuade victims into installing malware or divulging sensitive information through social engineering tactics.
• Threat actors can be categorized into several groups, including white hat, black hat, and gray hat hackers, based on their motives and activities.

Penetration Testing

• The main objective of penetration testing is to identify security weaknesses before they can be exploited by malicious actors.
• Reconnaissance and research in penetration testing involve gathering intelligence about the target to plan an effective testing strategy.

Distraction Techniques and Tools

• White hat hackers create decoy systems known as honeypots to distract cybercriminals and study their methods.
• A honeypot serves the purpose of mimicking vulnerable systems to gather intelligence on potential attacks.

Gray Hat Hackers

• Gray hat hackers often operate in a morally ambiguous area, sometimes probing systems without permission to highlight security flaws.
• Upon discovering vulnerabilities, gray hat hackers may inform the affected parties to secure the systems, though they may not always have authorization.

Network Scanning and Discovery Tools

• The Nmap port scan discovers open ports and services available on a target system, aiding in vulnerability assessments.
• TheHarvester is utilized for gathering email accounts and domain/subdomain names for reconnaissance.
• The nslookup command is employed to query DNS records to troubleshoot or obtain domain information.
• The main goal of service discovery is to identify the services running on open ports to assess their security.
• Nmap Netstat helps analyze active connections and listening ports on devices.
• Dnsenum automates DNS enumeration to gather intelligence about a target's domains and subdomains.

Rootkits and IoT Attacks

• A primary goal of an attacker using a rootkit is to gain persistent access while hiding their presence in the system.
• IoT attacks are gaining traction due to the proliferation of connected devices with inadequate security.
• Common results of a rootkit attack include loss of data integrity, unauthorized monitoring, and overall system compromise.
• An attacker can achieve deep access or remote control of compromised systems using rootkits.
• Common targets of IoT attacks include smart appliances, cameras, and medical devices.

Threat Hunting and Team Dynamics

• The primary goal of threat hunting in a network is to proactively identify and neutralize threats before they materialize into actual attacks.
• The penetration testing process is designed to assess and improve an organization's security posture through simulated attacks.
• In red team/blue team exercises, red teams conduct simulated attacks to test defenses, while blue teams focus on detection and protection strategies.
• The key distinction between social engineering and technical hacking lies in social engineering relying on human manipulation, while technical hacking uses software and hardware vulnerabilities.
• The final phase of the penetration testing process typically involves reporting findings and providing remediation recommendations.
• The blue team’s primary goal in a red team/blue team exercise is to defend systems and improve the organization's incident response capabilities.

Description

Test your knowledge of cyber threat actors, including their motivations, types of attacks, and targeted sectors. Learn about the paths and tools used to intrude computer systems and more.