Quiz 1 answers - JadenGil/Jaden-Tech-Journal GitHub Wiki
Question 1:
Advanced Persistent Threat (APT) Is a new type of attacker that is very skilled at pulling off cyberattacks and leverages IT technologies to effectively and systematically bypass all their protections one at a time.
The main thing that makes APT different from other kinds of cyberattacks is the persistence of the attack. APT is also a much more focused and effective kind of attack because they are controlled by an intelligent actor who is focused on their objective. Objectives like stealing corporate secrets and persisting until they succeed.
APTs will consistently adjust their method of attack to push through the latest defenses and in order to stop an APT all of your defenses must work and be maintained perfectly otherwise the APT will exploit any mistake they can find.
Your method of defense must be able to adapt just as fast as the APT.
Question 2:
CIA stands for Confidentiality, Integrity, and Availability
Confidentiality:
This could be affected by something like a Man-in-the-Middle attack. If you're sending an email with confidential information in it and you're hit with a MitM attack the info in that info is no longer confidential and will be taken and potentially spread around. This is a smaller-scale example of how a cyber attack can break confidentiality.
Integrity:
If someone were to fall for a phishing email it could inject something like a trojan horse virus onto that computer and it could easily be spread throughout the entire network of a company and take down most of if not the entire network making the network unstable breaking down the integrity of the whole thing.
Availability:
Using the same example above if your network is taken down by a trojan horse it cannot be used for however long the problem is occurring which is especially bad if this is happening to a corporation since none of their customers will be able to access their services.
Question 3:
Firmware and Supply Chain:
"Takes fully automated, polymorphic malware to its logical conclusion" It does this by delivering malware capabilities through a supply chain by either embedding it in product firmware or software products before they get shipped out to the masses.
This attack is virtually undetectable since it is difficult to differentiate the supply chain malware from the other features that come from the factory.
Question 4:
A defender should always make the assumption that the attacker is willing to and will take things to the extreme and push boundaries as far as possible. Essentially treat every attacker like an APT because you cannot predict the abilities of an attacker so your defenses should be the best that they possibly can be.
If you only do what is required then you might not protect a crucial part of the network which would leave an easily accessible back door open on the network and it should be assumed that an attacker will find it.
Question 5:
The cyberattacker had published salary info and private emails of employees and senior executives.
Doing this breaks the confidentiality of the business on the worker's end as gave away sensitive information with details regarding both personal information and private information that only certain people in the company should know.