Cybersecurity Threats and Attacks - Lecture 3

Vocabulary terms covering basic cybersecurity concepts, threat actors, the MITRE ATT&CK framework, and specific malware types based on the Lecture 3 transcript.

Vulnerability

A weakness in an asset, such as technology, configuration, or security policy, that leaves it exposed to a threat.

Threat

An event or action that has the potential to take advantage of a vulnerability and impact the asset's CIA (Confidentiality, Integrity, Availability).

Attack

The actual execution of a threat; the process of carrying out a threat against a vulnerability.

Common Vulnerabilities and Exposures (CVE)

The de facto standard for specifying and identifying unique vulnerabilities in software, protocols, or devices.

Supply Chain Attack

A cyber attack that exploits unknown weak links in a processing chain, such as smaller less secure businesses, to target larger companies.

Hacker

A computer programming expert; can be categorized as White-Hat (reports vulnerabilities) or Black-Hat (unauthorized break-ins).

Structured Threat

A threat posed by highly motivated, technically competent attackers who often operate as a business unit to maximize profit.

Unstructured Threat

A threat posed by inexperienced attackers who typically use existing, readily available tools.

MITRE ATT&CK

A globally accessible knowledge base of adversary tactics and techniques based on real-world observations.

Tactic (MITRE ATT&CK)

The adversary's technical goals, such as Initial Access, Persistence, or Credential Access.

Technique (MITRE ATT&CK)

The specific way or method an adversary achieves a technical goal; for example, "Brute Force" is a technique under the Credential Access tactic.

Phishing

A technique using emails or malicious links to trick users into providing sensitive information or deploying malware.

Malware

Malicious software designed to infiltrate or damage a computer system, including types like viruses, worms, and Trojans.

Rootkit

A collection of tools that enables administrator-level access to a computer, often very difficult to detect (e.g., Stuxnet).

Ransomware

Malware that encrypts data on a compromised computer and demands payment for the decryption key.

Intrusion Kill Chain

A model developed by Lockheed Martin describing the stages of a cyber attack: Reconnaissance, Weaponisation, Delivery, Exploitation, Installation, C2, and Actions on Objectives.

TrickBot

A computer Trojan malware targeting Microsoft Windows, often used for credential theft and persistence.

Process Hollowing

A process injection technique (T1055.012) where an adversary injects malicious code into a legitimate process like svchost.exe.