Module 2: A brief overview of types of actors and their motives

by
Contents hide
1 INTRODUCTION – A brief overview of types of actors and their motives
2 TYPES OF ACTORS AND THEIR MOTIVES
3 AN ARCHITECT’S PERSPECTIVE ON ATTACK CLASSIFICATIONS
4 MALWARE AND AN INTRODUCTION TO THREAT PROTECTION
5 Additional Attack examples today
6 ATTACKS AND CYBER RESOURCES
7 A DAY IN THE LIFE OF A SOC ANALYST
8 A BRIEF OVERVIEW OF TYPES OF ACTORS AND THEIR MOTIVES
9 CONCLUSION – A brief overview of types of actors and their motives
Spread the love

INTRODUCTION – A brief overview of types of actors and their motives

The module delivers an exhaustive insight on types of actors that exist in the cybersecurity arena, their motivations, and methods to perpetrate attacks. Moreover, it outlines the organization and individual impacts these attacks may have and possible tools for support during investigations in cybersecurity.

Learning Objectives

  • Identify major cybercrime and hacker organizations, understand emerging challenges in cybersecurity.
  • Describe a general sensitometry framework for network security.
  • Summarize the building blocks, human motivations, and protection properties of network security.
  • Define confidentiality as used in the CIA triad and operationalization of the same in organizations.
  • Discuss the role and function of Security Operations Centers (SOCs) and IBM Security Command Centers.
  • Explore resources available to help organizations protect against cybercrime.
  • Highlight key elements of contemporary cyberwarfare operations.
  • Contrast phishing campaigns with vishing-based campaigns.
  • Definition of social engineering and how cybercriminals exploit it.
  • The Intrusion Kill Chain and how each of its phases contributes to the success of a cyberattack.
  • Describe rogue software processes and methods for defending against them.
  • Define host insertion and strategies to counter it.
  • Denial of service (DoS) attacks and mitigation techniques.
  • Summarize IP spoofing and its defenses.
    Describe packet sniffing and preventive measures.
  • Understand network mapping and methods to safeguard against it.
  • Summary of technical and administrative controls against malware.
  • Define botnets, keyloggers, logic bombs, and advanced persistent threats (APTs).
  • Differentiate types of malware including viruses, worms, trojan horses, spyware, adware, remote access tools (RATs), rootkits, and ran

TYPES OF ACTORS AND THEIR MOTIVES

1. What are the four (4) main types of actors identified in the video A brief overview of types of actors and their motives?

  • Hactivists (CORRECT)
  • Governments (CORRECT)
  • Black Hats
  • Security Analysts
  • White Hats
  • Hackers (CORRECT)Internal (CORRECT)

They are usually political motivated rather than economically motivated. At times, money could be a driver for them too.

But besides all the other security challenges, national actor is now becoming another misery that strikes with high frequency and the threats would continually rise.

Their characterisation as financially motivated, however, does not preclude their significance as forces in the cybersecurity world.

Internal actors can cause massive damages based on the information they know and the accessing powers they have which make their situation peculiar.

2. Which of these common motivations is often attributed to a hacktivist?

  • Money
  • Just playing around
  • Hire me!
  • Political action and movements (CORRECT)

Correct! Motivations of the hacktivism movement are very much based in politics and not finance.

3. In the video Hacking organizations, which three (3) governments were called out as being active hackers?

  • Venezuela
  • China (CORRECT)
  • Israel (CORRECT)
  • United States (CORRECT)
  • Canada

Partially correct! China is very active.

Partially correct! Yes, Israel is active among governments with hacking organizations.

Partially correct! The NSA is known to be active.

4. Which four (4) of the following are known hacking organizations?

  • Syrian Electronic Army (CORRECT)
  • Fancy Bears (CORRECT)
  • Guardians of Peace (CORRECT)
  • Anonymous (CORRECT)
  • The Ponemon Institute

Partially correct!

5. Which of these hacks resulted in over 100 million credit card numbers being stolen?

  • 2011 Sony Playstation hack
  • 2013 Singapore Cyberattacks
  • 2014 Ebay hack
  • 2015 Target Stores hack (CORRECT)
  • 2016 US Election hack

Correct. Data breach has compromised over 100 million credit cards.

AN ARCHITECT’S PERSPECTIVE ON ATTACK CLASSIFICATIONS

1. Which of the following statements is True?

  • Passive attacks are easy to detect because the original message wrapper must be modified by the attacker before it is forwarded on to the intended recipient.
  • Passive attacks are hard to detect because the original message is delivered unchanged and can pass an integrity check. (CORRECT)
  • Passive attacks are hard to detect because the original message is never delivered so the receiving does not know they missed anything.
  • Passive attacks are easy to detect because of the latency created by the interception and second forwarding.

2. The purpose of security services includes which three (3) of the following?

  • Often replicate functions found in physical documents (CORRECT)
  • Includes any component of your security infrastructure that has been outsourced to a third-party
  • Enhance security of data processing systems and information transfer. (CORRECT)
  • Are intended to counter security attacks. (CORRECT)

Partially Correct

3. Which statement best describes access control?

  • Protection against denial by one of the parties in communication
  • Prevention of unauthorized use of a resource (CORRECT)
  • Assurance that the communicating entity is the one claimed
  • Protection against the unauthorized disclosure of data

4. The International Telecommunication Union (ITU) X.800 standard addresses which three (3) of the following topics?

 
  • Access Control (CORRECT)
  • Data transmission speeds
  • Data Confidentiality (CORRECT)
  • Transmission cost sharing between member countries
  • Authentication (CORRECT)

The protection of data against unauthorized access is the focus of this process.

The ensuring of protection of the data from the unauthorized disclosure is also covered.

Furthermore, it would also include authentication with respect to peer entities as well as the origin of data.

5. Protocol suppression, ID and authentication are examples of which?

  • Security Policy (CORRECT)
  • Security Mechanism
  • Business Policy
  • Security Architecture

Correct! These, in fact, constitute the technical measures which have been put into place to enforce the Security Policy.

6. The motivation for more security in open systems is driven by which three (3) of the following factors?

  • New requirements from the WTO, World Trade Organization
  • The desire by a number of organizations to use OSI recommendations. (CORRECT)
  • The appearence of data protection legislation in several countries. (CORRECT)
  • Society’s increasing dependance on computers. (CORRECT)

Increased security requirements have been emphasized for the further adoption of OSI recommendations.

Reflect on the impact of regulations, such as the GDPR, on data protection.

This is especially the case for devices and systems that currently connect to the Internet.

7. True or False: The accidental disclosure of confidential data by an employee is considered a legitimate organizational threat.

  • True (CORRECT)
  • False

Correct! Not all threats are intentional

8. True or False: The accidental disclosure of confidential information by an employee is considered an attack.

  • True
  • False (CORRECT)

Correct. An attack is generally understood to be an attempt to break security intentionally.

9. A replay attack and a denial of service attack are examples of which?

  • Security architecture attack (CORRECT)
  • Origin attack
  • Passive attack
  • Masquerade attack

Correct! In fact, they are both singular attacks on the security architecture itself.

10. The International Telecommunication Union is an organization that is described by which of the following statements?

  • The ITU is an organization charted and staffed by the United Nations to maintain international standards, such as X.800, for telecommunication. (CORRECT)
  • The ITU is an industry organization founded by the largest telecommunication companies in the world and focused on lobbying governments on their behalf.
  • The ITU is a partnership of the national telephone companies of most European countries intended to help compete against the largest American telecom.
  • The ITU is a workers union focused on ensuring the welfare of telecommunication workers.

MALWARE AND AN INTRODUCTION TO THREAT PROTECTION

1. True or False: An application that runs on your computer without your authorization but does no damage to the system is not considered malware.

  • True
  • False (CORRECT)

Correct! Adware and Spyware often do not damage the host but are definitely considered Malware.

2. How would you classify a piece of malicious code designed to cause damage and spreads from one computer to another by attaching itself to files but requires human actions in order to replicate?

  • Virus (CORRECT)
  • Worms
  • Trojan Horses
  • Spyware
  • Adware
  • Ransomware

Correct! For self-replication and self-spreading, a virus requires user action.

3. How would you classify a piece of malicious code designed collect data about a computer and its users and then report that back to a malicious actor?

  • Virus
  • Worms
  • Spyware (CORRECT)
  • Adware

Correct! These purposes have been kept for observing the host system and watching users attached to it.

4. A large scale Denial of Service attack usually relies upon which of the following?

  • A botnet (CORRECT)
  • A keylogger
  • Logic  Bombs
  • Trojan Horses

Correct! To execute an effective DoS attack, you would need many servers that cannot be managed by hand.

5. Antivirus software can be classified as which form of threat control?

  • Technical controls (CORRECT)
  • Administrative controls
  • Active controls
  • Passive controls

Correct! Antivirus programs are software that can act as a tool against common cyber threats.

Additional Attack examples today

1. Which of the following measures can be used to counter a mapping attack?

  • Record traffic entering the network
  • Look for suspicious activity like IP addresses or ports being scanned sequentially.
  • Use a host scanner and keep an inventory of hosts on your network.
  • All of the above. (CORRECT)

Correct! There is all grounds to really implement these three options, they are great.

2. In order for a network card (NIC) to engage in packet sniffing, it must be running in which mode?

  • Promiscuous (CORRECT)
  • Sniffer
  • Inspection
  • Open

Correct, the NIC must be running in promiscuous mode.

3. Which countermeasure can be helpful in combating an IP Spoofing attack?

  • Ingress filtering (CORRECT)
  • Enable IP Packet Authentication filtering
  • Keep your certificates up-to-date
  • Enable the IP Spoofing feature available in most commercial antivirus software.
  • All of the above.

Correct! This method works only when all routers perform it.

4. Which two (2) measures can be used to counter a Denial of Service (DOS) attack?

 
  • Enable packet filtering on your firewall.
  • Use traceback to identify the source of the flooded packets. (CORRECT)
  • Implement a filter to remove flooded packets before they reach the host. (CORRECT)
  • Enable the DOS Filtering option now available on most routers and switches.

The main disadvantage is, however, the fact that not only the source is innocuous, but also involves machines under the assumption that they themselves have not been compromised.

Another disadvantage would be the possibility of filtering out some legitimate packets.

5. Which countermeasure should be used agains a host insertion attack?

  • Maintain an accurate inventory of computer hosts by MAC address.
  • Use a host scanning tool to match a list of discovered hosts against known hosts.
  • Investigate newly discovered hosts.
  • All of the above. (CORRECT)

Correct! All of these steps are necessary.

ATTACKS AND CYBER RESOURCES

1. Which is not one of the phases of the intrusion kill chain?

  • Activation (CORRECT)
  • Command and Control
  • Installation
  • Delivery

Correct! Activation does not form part of the intrusion kill chain steps.

2. Which social engineering attack involves a person instead of a system such as an email server? 

  • Phishing
  • Spectra
  • Cyberwarfare
  • Vishing (CORRECT)

Correct! Generally speaking, a vishing attack is conducted via the telephone.

3. Which of the following is an example of a social engineering attack?

  • Setting up a web site offering free games, but infecting the downloads with malware.
  • Calling an employee and telling him you are from IT support and must observe him logging into his corporate account. (CORRECT)
  • Logging in to the Army’s missle command computer and launching a nuclear weapon.
  • Sending someone an email with a Trojan Horse attachment.

Correct! Luring someone into that which shouldn’t be done – social engineering.

4. True or False: While many countries are preparing their military for a future cyberwar, there have been no “cyber battles” to-date.

  • True
  • False (CORRECT)

Correct! Many cyber-attacks are defined as acts of cyber warfare by several countries such as the United States, China, Israel, Russia, Iran, and others.

A DAY IN THE LIFE OF A SOC ANALYST

1. Which tool did Javier say was crucial to his work as a SOC analyst?

  • SIEM (Security Information and Event Management) (CORRECT)
  • Packet Sniffers
  • Firewalls
  • Intrusion detection software

Correct! Tools like QRadar SIEM are essential to Javier in so far as different advanced correlations can be conducted while integrating threat intelligence.

A BRIEF OVERVIEW OF TYPES OF ACTORS AND THEIR MOTIVES

1. Which hacker organization hacked into the Democratic National Convention and released Hillary Clinton’s emails?

  • Fancy Bears (CORRECT)
  • Anonymous
  • Syrian Electronic Army
  • Guardians of the Peace 
  • All of the above

2. What challenges are expected in the future?

  • Enhanced espionage from more countries
  • Far more advanced malware
  • New consumer technology to exploit
  • All of the above (CORRECT)

3. Why are cyber attacks using SWIFT so dangerous?

  • SWIFT is the protocol used by all banks to transfer money (CORRECT)
  • SWIFT is the flight plan and routing system used by all cooperating nations for international commercial flights
  • SWIFT is the protocol used to transmit all diplomatic telegrams between governments around the world
  • SWIFT is the protocol used by all US healthcare providers to encrypt medical records

4. Which statement best describes Authentication?

  • Assurance that the communicating entity is the one claimed (CORRECT)
  • Prevention of unauthorized use of a resource
  • Assurance that a resource can be accessed and used
  • Protection against denial by one of the parties in communication

5. Trusted functionality, security labels, event detection, security audit trails and security recovery are all examples of which type of security mechanism?

  • Active security mechanism
  • External security mechanism
  • Passive security mechanism (CORRECT)
  • Contingent security mechanism

6. If an organization responds to an intentional threat, that threat is now classified as what?

  • An attack (CORRECT)
  • An active threat
  • An open case
  • A malicious threat

7. An attack that is developed particularly for a specific customer and occurs over a long period of time is a form of what type of attack?

  • Denial of Service (DOS)
  • Advanced Persistent Threat (CORRECT)
  • Water Hole
  • Spectra

8. A political motivation is often attributed to which type of actor?

  • Security Analysts
  • Internal
  • Hackers
  • Hacktivist (CORRECT)

9. The video Hacking organizations called out several countries with active government sponsored hacking operations in effect. Which one of these was among those named?

  • Canada
  • Egypt
  • Israel (CORRECT)
  • South Africa

10. Which of these is not a known hacking organization?

  • The Ponemon Institute (CORRECT)
  • Fancy Bears
  • Syrian Electronic Army
  • Anonymous
  • Guardians of the Peace

11. Which type of actor hacked the 2016 US Presidential Elections?

  • Government (CORRECT)
  • Internal
  • Hacktivists
  • Hackers

12. True or False: Passive attacks are easy to detect because the original messages are usually altered or undelivered.

  • False (CORRECT)
  • True

13. True or False: Authentication, Access Control and Data Confidentiality are all addressed by the ITU X.800 standard.

  • True (CORRECT)
  • False

14. True or False: Only acts performed with intention to do harm can be classified as Organizational Threats

  • False (CORRECT)
  • True

15. How would you classify a piece of malicious code designed to cause damage, can self-replicate and spreads from one computer to another by attaching itself to files?

  • Virus
  • Worm (CORRECT)
  • Spyware
  • Trojan Horse
  • Adware
  • Ransomware

16. Botnets can be used to orchestrate which form of attack?

  • Distribution of Spam
  • DDoS attacks
  • Phishing attacks
  • Distribution of Spyware
  • As a Malware launchpadAll of the above (CORRECT)

17. Policies and training can be classified as which form of threat control?

  • Technical controls
  • Administrative controls (CORRECT)
  • Passive controls
  • Active controls

18. Which type of attack can be addressed using a switched Ethernet gateway and software on every host on your network that makes sure their NICs is not running in promiscuous mode.

  • Packet Sniffing (CORRECT)
  • Host Insertion
  • Trojan Horse
  • Ransomware
  • All of the above

19. A flood of maliciously generated packets swamp a receiver’s network interface preventing it from responding to legitimate traffic. This is characteristic of which form of attack?

  • A Denial of Service (DOS) attack (CORRECT)
  • A Trojan Horse
  • A Masquerade attack
  • A Ransomware attack

20. A person calls you at work and tells you he is a lawyer for your company and that you need to send him specific confidential company documents right away, or else! Assuming the caller is not really a lawyer for your company but a bad actor, what kind of attack is this?

  • A Social Engineering attack (CORRECT)
  • A Trojan Horse
  • A Denial of Service attack
  • A Worm attack

21. Which type of actor was not one of the four types of actors mentioned in the video A brief overview of types of actors and their motives?

  • Hacktivists
  • Governments
  • Hackers
  • Internal
  • Black Hats (CORRECT)

22. Cryptography, digital signatures, access controls and routing controls considered which?

  • Business Policy
  • Security Policy
  • Specific security mechanisms (CORRECT)
  • Pervasive security mechanisms

23. Traffic flow analysis is classified as which?

  • An active attack
  • A passive attack (CORRECT)
  • An origin attack
  • A masquerade attack

24. True or False: An individual hacks into a military computer and uses it to launch an attack on a target he personally dislikes. This is considered an act of cyberwarfare.

  • False (CORRECT)
  • True

CONCLUSION – A brief overview of types of actors and their motives

When it comes to concluding remarks, this whole module has given you a clear view of the different tomatofaces and their motivations concerning the different kinds of attacks and the effect of such attacks to an organization or individuals. You have also learned about the tools that can assist you in carrying out your cybersecurity investigation.

Leave a Comment