Chapter 2: Cybersecurity Threat Landscape

Shadow IT

Computer hardware, software, or services used on a private network without authorization from the system owner.

Ransomware attack

a kind of cyberattack in which malware locks the data on a victim's computer and demands payment to decrypt the data.

Three types of hackers

White Hat Hackers

Black Hat Hackers

Gray Hat Hackers

white hat hackers

ethical hackers that break into the systems for non malicious reasons such as to test the system security vulnerabilities or to expose undisclosed weaknesses

black hat hackers

break into systems to destroy information or for illegal gain

gray hat hackers

Hackers who normally behave legally, but who may, for certain reasons and in limited situations, conduct illegal activities, usually for reasons they feel are ethically compelling.

Script kiddies or script bunnies

Hackers that find hacking code on the Internet and click-and-point their way into systems to cause damage or spread viruses but have limited skills.

Hacktivists/Hactivism

a person who gains unauthorized access to computer files or networks in order to further social or political ends.

Criminal syndicates

A type of threat actor that uses hacking and computer fraud for commercial gain. Also referred to as organized crime.

Advanced Persistent Threat (APT)

A network attack in which an intruder gains access to a network and stays there undetected with the intention of stealing data over a long period of time.

Nation-state attacks

a serious and growing threat that organizations of all sizes face. Their primary objective is to gain strategic advantage for their country, such as by stealing secrets, gathering cyber intelligence, conducting reconnaissance, or disrupting operations.

zero-day attack

Attack that exploits previously unknown vulnerabilities, so victims have no time (zero days) to prepare for or defend against the attack.

Insider Threat

A threat to an organization that comes from employees, contractors, and anyone else that may have willingly been given insider knowledge.

Dark Web

The portion of the internet that is intentionally hidden from search engines, uses masked IP addresses, and is accessible only with a special web browser.

Threat Assessment

a process that involves carefully considering the nature of the threat, the risk posed by the individual making it, and the indicated response to reduce the risk of harmful action

Threat Vector

The means by which a threat actor carries out their objectives.

Email and Social Media

most commonly exploited threat vectorfs

direct access

gain direct access to an organization's network by physically entering the organization's facilities.

Wireless Network

a network where users can access the Internet without the use of fixed cables

Removable Media

A portable device allowing for the storage of computer data.

cloud services

A collection of data centers or connected servers that provide anywhere anytime access to data and applications

Third-party risks

Vulnerabilities that arise from dependencies in business relationships with suppliers and customers.

Threat Intelligence

Set of activities and resources available to cybersecurity professionals seeking to learn about changes in the threat environment

Predictive Analytics

extracts information from data and uses it to predict future trends and identify behavioral patterns

Open Source Threat Intelligence

Threat intelligence that is acquired from publicly available sources.

Closed-Source Intelligence

Data that is derived from the provider's own research and analysis efforts, such as data from honeynets that they operate, plus information mined from its customers' systems, suitably anonymized

Threat maps

A real-time map of the computer security attacks that are going on at any given time.

Confidence Scores

Allow organizations to filter and use threat intelligence based on how much trust they can give it.

Structured Threat Information eXpression (STIX)

A standardized and structured language that represents threat information in a flexible, automatable, and easy-to-use manner.

Organization for the Advancement of Structured Information Standards (OASIS)

an international nonprofit consortium that maintains many other projects related to information formatting, including XML and HTML

Consortium

a group of companies or institutions

Information Sharing and Analysis Centers (ISACs)

Not-for-profit group set up to share sector-specific threat intelligence and security best practices amongst its members.