Threat Actors: Who Are the Attackers?
| Threat Actor | Motivation | Traits | Examples |
|---|
| Nation-State Hackers | Espionage, cyber warfare | Highly skilled, stealthy, well-funded | Fancy Bear (Russia), APT Groups |
| Organized Crime Groups | Financial gain (ransomware, theft) | Professional, use Ransomware-as-a-Service | Conti ransomware gang |
| Hacktivists | Ideological or political disruption | Varied skill levels | Anonymous |
| Insider Threats | Revenge, profit, carelessness | Already have access, dangerous | Disgruntled employees stealing data |
| Script Kiddies | Fun, curiosity, fame | Unskilled, use pre-made hacking tools | Individuals using automated exploit kits |
| Shadow IT | Convenience, speed | Employees using unauthorized tech | Unapproved cloud apps in a workplace |
Threat Vectors: How Attacks Occur
| Threat Vector | How It Works | Examples |
|---|
| Message-Based Attacks | Phishing emails, SMS scams, fake calls | Malicious emails trick users into revealing credentials |
| File-Based Attacks | Malware hidden in PDFs, executables | Infected attachments in emails |
| Web-Based Attacks | Drive-by downloads, fake websites | Visiting a compromised site installs malware |
| Removable Media Attacks | Infected USBs, rogue devices | Plugging in a USB auto-installs a keylogger |
| Supply Chain Attacks | Compromised vendor software/hardware | Backdoor injected into a trusted software update |
| Network Attacks | Eavesdropping, Man-in-the-Middle (MITM) | Hackers intercept unencrypted Wi-Fi communications |
Tip: Attackers often combine vectors for maximum impact (e.g., Phishing → Malware Download → Remote Access).
Common Vulnerabilities: Identifying Weak Spots
| Vulnerability Category | Examples | How It’s Exploited |
|---|
| Application Vulnerabilities | SQL Injection, Cross-Site Scripting (XSS), Buffer Overflows | Injecting malicious input into web forms |
| Operating System (OS) Vulnerabilities | Unpatched software, privilege escalation flaws | Exploiting outdated system configurations |
| Hardware/Firmware Weaknesses | Default passwords, unpatched firmware | Using factory-set credentials to gain access |
| Cloud/Virtualization Weaknesses | Misconfigured storage, VM escape | Public cloud storage exposes sensitive data |
| Configuration Issues | Open ports, weak firewall rules | Attackers find unsecured services to exploit |
| Zero-Day Vulnerabilities | Newly discovered flaws with no patch yet | Hackers attack before vendors release security fixes |
Tip: If an exam scenario mentions poor configurations, unpatched systems, or weak security settings, it’s likely a vulnerability issue.
Indicators of Malicious Activity: Spotting an Attack
| Indicator | Possible Attack |
|---|
| Unusual Outbound Traffic | Data exfiltration or malware communication |
| High CPU/Memory Usage | Cryptomining malware or excessive bot activity |
| Unknown Running Processes | Malware persistence in the system |
| Strange Account Behavior | Account compromise, credential theft |
| Disabled Security Tools | Rootkits, insider sabotage |
| Unauthorized Configuration Changes | Privilege escalation or tampering |
Tip: Exam scenarios will often require recognizing an attack based on its symptoms in logs or system behavior.
Malware Types and Attack Techniques
| Malware Type | How It Works |
|---|
| Virus | Attaches to files and spreads when opened |
| Worm | Self-replicates across networks automatically |
| Trojan Horse | Disguises as legitimate software to install malware |
| Ransomware | Encrypts files and demands payment |
| Rootkit | Hides deep in the system to evade detection |
| Spyware | Secretly collects user data |
| Logic Bomb | Activates malicious code when triggered |
| Keylogger | Records keystrokes to steal passwords |
| Attack Technique | What It Does |
|---|
| DDoS Attack | Floods a network or service to make it crash |
| DNS Poisoning | Redirects users to fraudulent websites |
| ARP Poisoning | Manipulates network traffic flow |
| Brute Force Attack | Repeatedly guesses passwords until one works |
| Dictionary Attack | Uses pre-defined wordlists to crack passwords |
| Password Spraying | Tries common passwords across many accounts |
Defense Strategies: Preventing Cyber Attacks
| Mitigation Strategy | How It Helps |
|---|
| Network Segmentation | Limits malware spread within different zones |
| Access Control Lists (ACLs) | Restricts network traffic based on rules |
| Patch Management | Fixes security vulnerabilities with updates |
| Application Allowlisting | Prevents unauthorized programs from running |
| Isolation & Sandboxing | Limits risk by executing suspicious files separately |
| Encryption | Protects sensitive data at rest and in transit |
| Monitoring & Detection (SIEM, IDS/IPS) | Detects security threats in real-time |
| Least Privilege Enforcement | Restricts user access to only essential permissions |
| Configuration Management | Keeps security settings standardized |
| Incident Response Planning | Enables fast action in case of breaches |
English with a size of 7.65 KB