CompTIA Security+ Study Guide Chapter 2: Cybersecurity Threat Landscape

White-Hat Hackers

Authorized attackers who act with authorization and seek to discover security vulnerabilities with the intent of correcting them. May either be employees of the organization or contractors hired to engage in penetration testing.

Black-Hat Hackers

Unauthorized attackers who act with malicious intent. They seek to defeat security controls and compromise the confidentiality, integrity, or availability of information and systems for their own, unauthorized purposes.

Gray-Hat Hackers

Semi-authorized attackers are those who fall somewhere between white and black hat hackers. They act without proper authorization, but they do so with the intent of informing their targets of any security vulnerabilities.

Script Kiddie

Derogatory term for people who use hacking techniques but have limited skills. Often such attackers may rely almost entirely on automated tools they download from the internet.

Hacktivists

People who use hacking techniques to accomplish some activist goal. They might deface the website of a company whose policies they disagree with or might attack a network due to some political issue.

Cyber-Dependent Crime

Ransomware, data compromise, DDoS attacks, website defacement and attacks against critical infrastructure

Advanced Persistent Threats (APT)

State actors hacking into either foreign governments or corporations. (see page 26)

Insider Attacks

Occur when an employee, contractor, vendor, or other individual with authorized access to information and systems uses that access to wage an attack against the organization. These attacks are often aimed at disclosing confidential information, but insiders may also seek to alter information or disrupt business processes.

Dark Web

Shadowy anonymous network often engaging in illicit activity. Ran over standard internet connections but using multiple layers of encryption to provide anonymous communication.

Threat Vectors

The means that threat actors use to obtain access to sensitive information. ex. Phishing emails

Threat Intelligence

Set of activities and resources available to cybersecurity professionals seeking to learn about changes in the threat environment. Building a threat intelligence program is a crucial part of any organization's approach to cybersecurity.

Predictive Analysis

Identify likely risks to the organization.

Vulnerability Databases

Databases that reports vulnerabilities.

Indicators of Compromise (IoCs)

Telltale signs that an attack has taken place and may include file signatures, log patterns, and other evidence left behind by attackers.

Open Source Threat Intelligence

Threat intelligence that is acquired from publicly available sources. (see pages 31-33 for open source websites)

Threat Maps

A geographic view of threat intelligence.

Structured Threat Information eXpression (STIX)

An XML language originally sponsored by the US DHS. It's current version defines 12 STIX domain objects, including things like attack patterns, identities, malware, threat actors, and tools. These objects are then related to each other by one of two STIX relationship object models: either as a relationship or a sighting.

Trusted Automated eXchange of Indicator Information (TAXII)

A companion to STIX. Intended to allow cyber threat information to be communicated at the application layer via HTTPS. Specifically designed to support STIX data exchange.