Threat Actors and Motivations
An individual with limited skills who downloads tools to launch attacks.
What is a script kiddie?
These controls discourage malicious activity by creating psychological barriers.
What are deterrent controls?
A phishing campaign tailored to executives.
What is whaling?
A program that appears legitimate and useful but secretly carries out malicious actions.
What is a Trojan?
A weakness in software that can be exploited by attackers.
What is a software vulnerability?
Hackers who break into systems to promote a political or social cause.
What is a hacktivist?
Controls like policies, risk assessments, and procedures fall under this category.
What are managerial controls?
An attacker phones employees pretending to be IT and requests their login details.
What is vishing?
Self-replicating malware that spreads without user action.
What is a worm?
Outdated software that no longer receives vendor patches is an example of what type of security risk?
What is an unsupported system?
A manager with elevated privileges deletes critical company data. What type of threat actor is this?
What is an insider?
An IT department requires staff to attend annual cybersecurity awareness training. What type of control is this?
What are directive controls?
You mistype a website and land on a fake login page that looks identical to the real one.
What is typosquatting?
A computer comes pre-installed with unnecessary software that consumes memory, slows performance, and monitors user behavior without consent.
What is bloatware?
A web application has a security flaw that could allow attackers to access sensitive data. The IT team downloads and installs a vendor-supplied software update to fix the vulnerability. What is being applied here?
What is a patch?
An organized crime group steals credit card information to resell on the dark web. What is their primary motivation?
What is financial motivation?
A backup generator kicks in when the primary power source fails, ensuring systems remain online. What type of control is this?
What are compensating controls?
An attacker compromises a local news website often visited by employees of a government agency, planting malicious code.
What is a watering hole attack?
A system crash occurs on the exact date of a disgruntled employee’s termination. Forensic analysis reveals hidden code triggered by a time condition.
What is a logic bomb?
A company wants to protect its computers from viruses and other malicious software. IT installs antivirus software on all employee devices to automatically detect and remove threats before they cause harm. Which malware prevention is being used?
What is anti-malware?
A government-backed group spends months infiltrating a defense contractor, using stealthy techniques and custom malware to exfiltrate classified designs. Which actor and threat type is this?
What is a nation-state actor conducting an advanced persistent threat?
A company deploys an intrusion prevention system (IPS) along with an advanced network appliance to protect its network. Which two types of security controls does this fall under?
What are technical and preventive controls?
An attacker spends weeks researching employees on LinkedIn, builds fake documents tailored to their company projects, and sends convincing spear-phishing emails that bypass filters. What technique is being used to manipulate victims?
What is pretexting?
Attackers gain access to a company network and install software that silently mines cryptocurrency, using the computing resources of all infected machines.
What is cryptojacking?
A system runs software that is no longer supported by the vendor and is exposed to malware threats on the network. IT decides to disconnect it from the main network until it can be replaced or updated. What risk mitigation strategy is being used?
What is isolating an unsupported system?