TJ2 Glossary - Shadowsarespooky/TechJournal GitHub Wiki

Risk, Adversity, and Trust

Glossary - Words I’m learning

  • DLP - DATA Loss Prevention
  • Procedures to regulate knowledge and permissions for users in an organization or group
  • Bot-net operators - take control of systems to disrupt
  • APTS - Advanced Persistent Threats
  • VPN - encrypts your info to have a safe presence online, hides your private information such as location

Home Security

Attacks

  • An attempt to gain unauthorized access to collect information, disrupt computer systems, corrupt, deny, destroy information systems in organizations

Vulnerabilities

  • Weakness in a system, this could be information systems, system security procedures, internal controls, or implementations that can be exploited or triggered by a threat. (NIST)
  • People will not always ask for permission
  • Individuals will go in and find information without realizing that they may need to ask permission.
  • DLP Data Loss Prevention
  • Disabling Screen Sharing, Attaching sensitive files to an email
  • Be careful with what data you share.

Threats

  • Anything that can exploit a vulnerability, intentionally or unintentionally
  • Not all threats have malicious intent
  • A potential threat if seen by you, call the admins and let them know to fix it.
  • Don’t try to fix it if you have nothing to do with it.
  • Threats impact:
    • Individuals, Groups, Organizations
  • Threats can be natural, unintentional, and intentional

Attackers can be:

Teenagers, Workers, Hacktivists, Criminals, Terrorists

Motives:

  • Curious
  • Collecting information
  • Disruption, Destruction
  • Inside or outside organization

Vulnerabilities can be:

  • Human
    • Carelessness
    • Lack of awareness
    • Human error (losing keys, shares private information)
  • Physical
    • Unlocked doors,
    • Dumpster diving for documents
    • Lost or stolen hardware
  • Hardware
    • Design Flaws
  • Software
    • A security flaw, glitch, or weakness of procedure in the system

Cyber Threat

  • An attempt to damage or disrupt a computer network or system
  • We have an IT department, to monitor what software computers have and what activity is happening on the network.
  • Know what kinds of attackers could be a threat and what motives they have

Adversaries

  • APTS - Advanced Persistent Threats
  • Highly skilled groups, could be government backed
  • These attacks do not stop, they keep happening
  • These don’t happen overnight, they’ll take their time to take down a system
  • Meaning with all this time, they have the resources to get to their target

APT GROUPS

  • Fancy Bear or APT28 (Russia)
  • Lazarus Group aka Guardians of Peace (North Korea) – Sony Pictures Hack
  • Machete (South America)
  • Elfin, Pioneer Kitten (Iran)
  • Mythic Leopard (Pakistan)
  • Dynamite Panda (China)
  • Viceroy Tiger (India)
  • APT1, APT41 (China)
  • Elderwood (China)
  • Equation Group (USA)
  • Pinchy Spider (Eastern Europe, Russia)
  • Sandworm Team (Russia)

Is an attacker always an outsider?

Insiders

  • No, they can be an insider, an employee that is retiring or was fired. Or even contractor or other business partners
  • Someone who knows the internal workings of the company, group, or organization
  • A student who may just not be doing something that they are not supposed to be doing.

Outsiders

  • Adversaries that are out there, see above
  • Hackers, other groups, government agencies

Why is Cybersecurity a Hard Problem?

  • It's not just removing bugs from a system, or sealing up weaknesses.
  • It’s thinking how an attacker may think, and try to exploit the system or network
  • Security is usually a last thought in a development process of an application or system

Risk

  • Finding and figuring out the risks within the system or network
  • Making sure that the security patches you make won’t expose another weakness
  • Risk = Likelihood x Consequences