Vulnerability, Threat, and Risk

Questions and Answers

Which scenario best illustrates the concept of 'risk' in the context of digital security?

• A hospital implements multi-factor authentication to protect patient records.
• A disgruntled employee threatens to leak confidential company data to a competitor.
• A company discovers that its web server is running an outdated version of Apache with known vulnerabilities.
• Sensitive customer data is compromised due to a successful phishing attack targeting an employee. (correct)

An organization identifies a critical vulnerability in their customer-facing web application. Which of the following actions would be considered a threat in this scenario?

• The organization conducting a penetration test to assess the vulnerability's impact.
• Implementing a web application firewall (WAF) to filter malicious traffic.
• The organization patching the vulnerability with the latest security update.
• A group of hacktivists announcing their intention to exploit the vulnerability to protest the organization's policies. (correct)

A hospital discovers that several laptops containing unencrypted patient data have been stolen from a storage room. Which of the following best describes the vulnerability in this scenario?

• The hospital's failure to comply with data protection regulations.
• The theft of the laptops by unknown individuals.
• The lack of physical security measures to protect the laptops. (correct)
• The potential for unauthorized access to sensitive patient data.

A company's database server is misconfigured, allowing unauthorized users to potentially gain access to sensitive data. Which of the following security principles is most directly compromised by this misconfiguration?

Confidentiality, protecting information from unauthorized access. (C)

A disgruntled employee modifies critical financial records in a company database. Which security principle has been violated?

Integrity (C)

A company's web server goes offline due to a distributed denial-of-service (DDoS) attack, preventing customers from accessing their accounts. Which security principle has been violated?

Availability (A)

Which type of attack involves revealing information that was previously confidential, potentially leading to unauthorized access or harm?

Disclosure (B)

What type of attack is characterized by the unauthorized transfer of data from a computer or network to an external location, often referred to as data theft?

Data exfiltration (D)

Which of the following terms describes an attack that prevents legitimate users from accessing services or resources?

Denial attack (D)

A company is concerned about the potential loss of funds due to fraudulent transactions. Which risk category does this scenario primarily fall under?

Financial Risk (D)

A major data breach leads to significant negative publicity and loss of customer trust for an organization. Which risk category is most directly exemplified by this scenario?

Reputational Risk (D)

A company's new product launch is delayed due to a cyberattack targeting its research and development department. This delay significantly impacts the company's ability to compete in the market. Which risk category does this situation primarily represent?

Strategic Risk (A)

A manufacturing company experiences a significant disruption in its production line due to a ransomware attack that encrypts critical systems. This incident leads to financial losses and delays in fulfilling customer orders. Which risk category is most directly exemplified in this scenario?

Operational Risk (D)

A financial institution fails to comply with new data protection regulations, resulting in hefty fines and legal penalties. Which risk category does this scenario primarily represent?

Compliance Risk (D)

A software company continues to use a third-party library in its product that has reached its end-of-life (EOL). What type of vulnerability does this decision introduce?

Supply chain vulnerability (C)

A company is using a Software-as-a-Service (SaaS) application to manage its customer data. What should the company consider regarding vulnerabilities?

The company needs to understand the security responsibilities shared with the SaaS provider. (B)

An administrator leaves default settings enabled on a critical server, creating a potential security risk. What type of vulnerability is this?

Configuration Vulnerability (C)

A company's network lacks proper segmentation, allowing an attacker who compromises one system to easily move to others. What type of vulnerability does this represent?

Architectural Vulnerability (B)

Which of the following describes the 'propagation mechanism' of malware?

The way in which the malware spreads or distributes itself. (D)

What is the primary characteristic that differentiates a virus from a worm?

Viruses require human action to spread; worms can spread automatically. (D)

Which of the following best describes the primary function of a Trojan horse?

To appear as legitimate software while concealing malicious intent. (A)

Which type of malware is designed to encrypt a victim's files and demand payment for their decryption?

Ransomware (C)

What is the primary purpose of spyware?

To collect information about a user without their consent. (D)

A programmer intentionally inserts a piece of code into a software application that will delete critical files when a specific date is reached. What type of malicious code is this?

Logic bomb (B)

An attacker exploits a hidden vulnerability in a system to gain unauthorized remote access. What is this vulnerability commonly referred to as?

Backdoor (C)

Which of the following threat actors is most likely to be motivated by geopolitical objectives?

Nation-state (A)

Which of the following is the primary motivation of cybercriminals?

Profit (A)

Which threat actor is primarily motivated by ideological beliefs or social change?

Hacktivist (D)

Which of the following attributes of threat actors involves assessing their technical expertise and proficiency in executing attacks?

Capabilities and Skills (B)

Observing the persistence and ability of threat actors to adapt their tactics in response to defenses is an example of assessing which attribute?

Persistence and Adaptability (A)

What is the primary goal of an Advanced Persistent Threat (APT)?

To establish a long-term, illegal connection into a network to steal sensitive information. (C)

In the context of an Advanced Persistent Threat (APT), what does the 'Access' stage typically involve?

Introducing malware into the target network. (A)

What proactive measure is most effective in defending against Advanced Persistent Threats (APTs)?

Monitoring network traffic and user behavior for unusual activity. (A)

What type of threat is often associated with disgruntled employees or former staff members?

Insider threats (D)

Which of the following attack types is an example of social engineering?

Phishing (D)

Which of the following password attacks involves trying common or easily guessable passwords?

Dictionary attack (A)

What type of attack involves injecting malicious code into a database query?

SQL injection (A)

Which attack type exploits vulnerabilities in a website to execute malicious scripts in a user's web browser?

Cross-site scripting (XSS) (C)

Which type of network attack involves an attacker intercepting and potentially altering communication between two parties without their knowledge?

Man-in-the-middle (MitM) attack (D)

Flashcards

What is a Vulnerability?

A weakness or gap in your protection.

What is a Threat?

Something that can damage or destroy an asset.

What is Risk?

Where assets, threats and vulnerabilities intersect.

What is Confidentiality?

Protecting information and systems from unauthorized access.

What is Disclosure?

Revealing information that was previously confidential.

What is a Data Breach?

Unauthorized access or disclosure of sensitive information.

What is Data Exfiltration?

Unauthorized transfer of data to an external location.

What is Integrity?

Protects data from unauthorized modification.

What are alternative attacks?

Compromising security to achieve malicious objectives.

What is Availability?

Ensures that systems are available for authorized users.

What are Denial Attacks?

Disrupting legitimate users from accessing services.

What is Financial Risk?

Potential loss of financial resources.

What is Reputational Risk?

Damage to reputation or credibility.

What is Strategic Risk?

Failure to achieve strategic goals.

What is Operational Risk?

Risks from internal processes or human factors.

What is Compliance Risk

Failing to comply with laws and regulations.

What is End of Life?

Cessation of production and support.

What is Lack of Vendor Support?

Absence of vendor assistance or updates.

What is an Embedded System?

A specialized computing device with limited functionality.

What is Spyware?

Software designed to gather information without consent.

What is Adware?

Software that displays ads, often tracking user data.

What is Bloatware?

Unwanted software that consumes excessive system resources.

What is Ransomware?

Software that encrypts files, demanding payment.

What is a Backdoor?

Hidden vulnerability allowing unauthorized access.

What is a Logic Bomb?

Code that triggers malicious action under specific conditions.

What are Advanced Persistent Threats?

A type of cyberattack to establish an illegal long-term connection.

What is Access?

Gaining access to the system.

What does Settle mean?

Gaining access in the system.

What does Stretch mean?

Looking for more resources to take over.

What does Move mean?

Move deeper into the system.

What does Persist mean?

Maintain access to achieve goal.

Who are Nation-States?

Actors with geopolitical motivations.

Who are Cybercriminals?

Actors driven by profit.

Who are Hacktivists?

Actors with ideological motives.

Who are Terrorist Groups?

Actors motivated by ideological violence.

Who are Thrill-Seekers?

Actors seeking satisfaction.

Study Notes

Vulnerability, Threat, and Risk

• Vulnerability is a weakness or gap in protection
• Outdated software versions with known security flaws exemplify a vulnerability
• A threat is something that can damage or destroy an asset
• Malware attacks, which target vulnerabilities in computer systems, are threats
• Risk is where assets, threats, and vulnerabilities intersect
• Risk assessment for a data breach involving sensitive customer information is an example

Group Activity 1: College Laptop Theft Scenario

• A college's MySecondTeacher (MST) contains sensitive personal data (student records, academic transcripts, and financial information)
• An administrative staff member accidentally leaves their laptop unattended
• The laptop is stolen
• The vulnerability is the lack of physical security measures for protecting laptops containing sensitive data
• The threat is theft of the laptop and potential unauthorized access to sensitive information
• The potential risks include data breaches, identity theft, and reputational damage to the college
• Proactive measures to enhance security and mitigate risks include:
  • Implementing encryption for sensitive data stored on laptops
  • Enforcing strong password policies
  • Providing staff training on security protocols
  • Implementing remote wiping capabilities
  • Conducting regular security audits and monitoring

Understanding Vulnerability Types

• Confidentiality protects information and systems from unauthorized access
• Disclosure is revealing information that was previously confidential or secret
• A data breach is an unauthorized access or disclosure of sensitive information
• Data exfiltration, also known as data theft, is the unauthorized transfer of data from a computer or network to an external location
• Integrity protects information and systems from unauthorized modification
• Alternative attacks are methods or techniques employed to compromise security or achieve malicious objectives
• Availability ensures that information and systems are available for authorized users when needed
• Denial attacks disrupt or prevent legitimate users from accessing services or resources

Risk Categories

• Financial Risk: The potential loss of financial resources due to adverse events, or uncertainties in activities
• Reputational Risk: The potential damage to an individual's or organization's reputation or brand image
• Strategic Risk: The risk that strategic objectives or goals will not be achieved
• Operational Risk: Potential risk from internal processes, systems, or human factors resulting in losses, disruptions, or liabilities
• Compliance Risk: Potential risk of failing to comply with laws, regulations, standards, or internal policies

Supply Chain Vulnerability

• End of life constitutes the cessation of production and support for a product
• Lack of vendor support means absence of assistance or updates from the manufacturer
• An embedded system is a specialized computing device with limited functionality, often integrated into larger systems

Configuration Vulnerability

• Default Configuration poses a vulnerability
• Follow documentation standards and configuration baseline to prevent vulnerability
• Cryptographic Vulnerability poses a vulnerability
• Patch Management (OS, firmware and application)
• Access control

Malware

• Propagation Mechanism: The way a malware object spreads
• Payload: The malicious action that the malware performs

Virus, Worm and Trojan

• Virus: Attacks the files in a system
• Worms: Attack systems in a network
• Trojans: Attack the users in a system
• Viruses replicate
• Worms replicate
• Trojans do not replicate
• Viruses spread through human interaction
• Worms spread by themselves
• Trojans Poses as beneficial software

Payload

• Spyware: Gathers information from a device without the user's consent
• Adware: Displays advertisements and tracks user data
• Bloatware: Consumes excessive system resources and storage space
• Ransomware: Encrypts files or locks a device
• Crypto-malware: Mines cryptocurrency

Backdoor and Logic Bombs

• Backdoor: A hidden method or vulnerability intentionally inserted into software or systems for unauthorized access
• Logic bomb: Code inserted into software or systems that triggers a malicious action under specific conditions.

Attributes of Threat Actors

• Motivation: Understanding the driving force behind an attacker's actions, whether it's financial gain, ideology, or sabotage.
• Capabilities and Skills: Assessing the technical expertise and proficiency of threat actors in executing attacks.
• Resources: Evaluating the availability of financial, technological, and human resources at the disposal of attackers.
• Tactics, Techniques, and Procedures (TTPs): Recognizing the specific methods and strategies employed by threat actors to achieve their goals.
• Targeting Strategy: Identifying the types of targets actors prioritize based on their objectives.
• Geographical Location: Considering the geographic origin of threat actors for attribution and threat analysis.
• Level of Sophistication: Gauging the sophistication and complexity of attacks carried out by threat actors.
• Persistence and Adaptability: Observing the persistence and ability of threat actors to adapt their tactics in response to defenses.

Advanced Persistent Threat (APT)

• Is a type of cyberattack performed by hackers to establish an illegal, long-term connection with a victim's network to steal highly sensitive information.

APT Work Method

• Access: Hackers introduce malware
• Settle: Hackers gain access to a system
• Stretch: Hackers search for opportunities to gain administrator rights
• Move: Hackers dig deeper into a network
• Persist: Hackers remain in place until they've achieved their goal

How to Manage APT

• Protect the perimeter: Limit and control access to the firewall and the physical space.
• Monitor everything: Gather everything you can about your data.
• Apply data security analytics: Compare file and user activity to baseline behaviors.

Attack Surface

• Attack surface constitutes the possible points where an unauthorised person can exploit the system with vulnerabilities
• Digital Attack surfaces are classified into three types
• Physical attack surface
• Social Engineering Attack Surface

Attack Indicators

• Account Lockout
• Concurrent session use
• Imposible travel time scenario
• Block contains
• Resource consumption
• Resource inaccessibility
• out-of-cycle logging
• Missing log

Various Types of Attacks

• Social Engineering attacks: Phishing, Spear phishing, Pretexting, Baiting, Tailgating.
• Password attacks: Brute force attacks, Dictionary attacks, Rainbow table attacks, Credential stuffing attacks.
• Application attacks: SQL injection, Cross-site scripting (XSS), Cross-site request forgery (CSRF), Remote code execution (RCE).
• Cryptanalysis attacks: Brute force attacks, Known plaintext attacks, Chosen plaintext attacks, Birthday attacks.
• Network attacks: Denial of Service (DoS) attacks, Distributed Denial of Service (DDoS) attacks, Man-in-the-middle (MitM) attacks, DNS spoofing attacks.