02 Threats and Giggles

Vexing Vulnerabilities

Threat Theater

Devious Disruptions

Social Shenanigans

Hacker Havoc

Insider Issues

100

A software flaw that could be exploited to breach security.

What is Vulnerable software?

100

A malicious actor with harmful intentions.

What is Intentional?

100

An attack that affects the availability of services.

What is Service disruption?

100

Pretending to be someone else to deceive.

What is Impersonation?

100

A hacker with malicious intent.

What is Unauthorized?

100

A threat from someone with system privileges.

What is an Internal threat?

200

A general term for a security weakness.

What is a Vulnerability?

200

The possibility of exploiting a security weakness.

What is a Threat?

200

Moving data from a private network to an external one.

What is Data exfiltration?

200

Using tricks to get people to reveal sensitive information.

What is Social engineering?

200

An expert in computer security systems.

What is a Hacker?

200

An insider causing security issues unintentionally.

What is an Unintentional or inadvertent insider threat?

300

When a product no longer receives official support.

What are Unsupported systems?

300

An actor causing security issues without meaning to.

What is Unintentional?

300

Spreading false information to deceive others.

What is Disinformation?

300

Telling lies to make someone believe a falsehood.

What is Pretexting?

300

A hacker performing authorized security tests.

What is Authorized?

300

The entire process of delivering goods and services.

What is a Supply chain?

400

A network setup that leaves many points open to attack.

What is an Unsecure network?

400

The chance and impact of a security breach.

What is Risk?

400

Demanding money to keep information secret.

What is Blackmail?

400

Sending fake emails to steal personal information.

What is Phishing?

400

Registering a misspelled domain to deceive users.

What is Typosquatting?

500

Unauthorized IT resources used within a network.

What is Shadow IT?

500

An individual responsible for a security incident.

What is a Threat actor?

500

Demanding payment to prevent or halt an attack.

What is Extortion?

500

A phone-based attack to extract information.

What is Vishing?

500

An inexperienced hacker using others’ tools.

What is an Unskilled attacker?

500

Gaining control of an employee’s email for fraud.

What is Business email compromise?

600

The method used by a threat actor to carry out an attack.

What is a Threat vector?

600

The level of access a threat actor has before an attack.

What is Internal/external?

600

Falsifying records for personal gain.

What is Fraud?

600

A phishing attack using SMS messages.

What is SMiShing?

600

A hacker motivated by social or political causes.

What are Hacktivists?

600

Injecting malicious code into frequented websites.

What is a Watering hole attack?

700

An attack that tricks victims into using malicious items.

What is a Lure?

700

Redirecting a website request to a fake site.

What is Pharming?

700

A threat actor supported by a country’s resources.

What are Nation-state actors?