COURSE 1 – INTRODUCTION TO CYBERSECURITY TOOLS & CYBER ATTACKS

Module 2: A brief overview of types of actors and their motives

IBM CYBERSECURITY ANALYST PROFESSIONAL CERTIFICATE

Complete Coursera Study Guide

Enroll in Coursera IBM Cybersecurity Analyst Professional Certificate Here

TABLE OF CONTENT

INTRODUCTION – A brief overview of types of actors and their motives

This module offers a concise introduction to various types of actors and their motivations. It also delves into diverse attack methodologies and their ramifications on both organizations and individuals. Additionally, you’ll gain insight into the array of tools at your disposal to aid in cybersecurity investigations.

Learning Objectives

  • List major cybercrime and hacker organizations and identify upcoming challenges for cybersecurity
  • Describe a general model for network security
  • Summarize network security’s architectural, motivational, and protective elements
  • Explain confidentiality in the context of the CIA triad and how organizations implement it
  • Describe security operations centers (SOCs) and IBM Security Command Centers
  • Discuss various resources that can help your organization protect against cybercrime
  • Describe important elements of recent cyberwarfare operations
  • Compare and contrast phishing and vishing campaigns
  • Explain social engineering and how cybercriminals use it
  • Explain what the Intrusion Kill Chain is and how each of its phases contributes to a cyberattack’s success
  • Describe rogue software processes and how to protect against them
  • Define host insertion and summarize how to counter it
  • Describe denial of service attacks and how to reduce their impact
  • Summarize IP spoofing and how to defend against it
  • Describe packet sniffing and countermeasures for it
  • Explain network mapping and how to protect against it
  • Summarize technical and administrative controls for protecting against malware
  • Describe botnets, keyloggers, logic bombs, and advanced persistent threats (APTs)
  • Define malware, virus, worm, trojan horse, spyware, adware, remote access tool (RAT), rootkit, and ransomware
  • Summarize the attack models for interruption, interception, modification, fabrication, and diversion
  • Describe types of passive and active attacks
  • Define attack in terms of cybersecurity
  • Differentiate between accidental and intentional threats
  • Explain what constitutes a cybersecurity threat
  • Define security service and describe the various types
  • Define security mechanism and describe the various types
  • Contrast active and passive attacks
  • Recall recent examples of significant cyberattacks and their impacts
  • Describe the primary actors in cybercrime and their motives

TYPES OF ACTORS AND THEIR MOTIVES

1. What are the four (4) main types of actors identified in the video A brief overview of types of actors and their motives?

  • Hactivists (CORRECT)
  • Governments (CORRECT)
  • Black Hats
  • Security Analysts
  • White Hats
  • Hackers (CORRECT)Internal (CORRECT)

Partially correct! Hactivists may be motivated by money, but more often by political concerns of some sort.

Partially correct! Government or “nation-state” actors are becoming increasingly active and are an increasing threat.

Partially correct! Hackers definately are prominent actors and are usually motivated by money.

Partially correct! Internal actors do cause a lot of damage. They have a head start when it comes to knowledge and access.

2. Which of these common motivations is often attributed to a hacktivist?

  • Money
  • Just playing around
  • Hire me!
  • Political action and movements (CORRECT)

Correct! The hacktivism movement is often poitically motivated.

3. In the video Hacking organizations, which three (3) governments were called out as being active hackers?

  • Venezuela
  • China (CORRECT)
  • Israel (CORRECT)
  • United States (CORRECT)
  • Canada

Partially correct! China is very active.

Partially correct! Yes, Israel is active among governments with hacking organizations.

Partially correct! The NSA is known to be active.

4. Which four (4) of the following are known hacking organizations?

  • Syrian Electronic Army (CORRECT)
  • Fancy Bears (CORRECT)
  • Guardians of Peace (CORRECT)
  • Anonymous (CORRECT)
  • The Ponemon Institute

Partially correct!

5. Which of these hacks resulted in over 100 million credit card numbers being stolen?

  • 2011 Sony Playstation hack
  • 2013 Singapore Cyberattacks
  • 2014 Ebay hack
  • 2015 Target Stores hack (CORRECT)
  • 2016 US Election hack

Correct. Over 100 million credit card numbers were stolen.

AN ARCHITECT’S PERSPECTIVE ON ATTACK CLASSIFICATIONS

1. Which of the following statements is True?

  • Passive attacks are easy to detect because the original message wrapper must be modified by the attacker before it is forwarded on to the intended recipient.
  • Passive attacks are hard to detect because the original message is delivered unchanged and can pass an integrity check. (CORRECT)
  • Passive attacks are hard to detect because the original message is never delivered so the receiving does not know they missed anything.
  • Passive attacks are easy to detect because of the latency created by the interception and second forwarding.

2. The purpose of security services includes which three (3) of the following?

  • Often replicate functions found in physical documents (CORRECT)
  • Includes any component of your security infrastructure that has been outsourced to a third-party
  • Enhance security of data processing systems and information transfer. (CORRECT)
  • Are intended to counter security attacks. (CORRECT)

Partially Correct

3. Which statement best describes access control?

  • Protection against denial by one of the parties in communication
  • Prevention of unauthorized use of a resource (CORRECT)
  • Assurance that the communicating entity is the one claimed
  • Protection against the unauthorized disclosure of data

4. The International Telecommunication Union (ITU) X.800 standard addresses which three (3) of the following topics?

  • Access Control (CORRECT)
  • Data transmission speeds
  • Data Confidentiality (CORRECT)
  • Transmission cost sharing between member countries
  • Authentication (CORRECT)

Partially correct! I addresses protecting data from unauthorized access.

Partially correct! It addresses the protection of data from unauthorized disclosure.

Partially correct! Both peer-entity and data origin authentication.

5. Protocol suppression, ID and authentication are examples of which?

  • Security Policy (CORRECT)
  • Security Mechanism
  • Business Policy
  • Security Architecture

Correct! These are the technical implementation of the Security Policy

6. The motivation for more security in open systems is driven by which three (3) of the following factors?

  • New requirements from the WTO, World Trade Organization
  • The desire by a number of organizations to use OSI recommendations. (CORRECT)
  • The appearence of data protection legislation in several countries. (CORRECT)
  • Society’s increasing dependance on computers. (CORRECT)

Partially correct! The spread of OSI recommendations brings with it the need for enhanced security.

Partially correct! Think GDPR.

Partially correct! Especially those that are connected to the Internet.

7. True or False: The accidental disclosure of confidential data by an employee is considered a legitimate organizational threat.

  • True (CORRECT)
  • False

Correct! Not all threats are intentional

8. True or False: The accidental disclosure of confidential information by an employee is considered an attack.

  • True
  • False (CORRECT)

Correct. An attack has to be an intentional attempt to violate security.

9. A replay attack and a denial of service attack are examples of which?

  • Security architecture attack (CORRECT)
  • Origin attack
  • Passive attack
  • Masquerade attack

Correct! These are both attacks against the security architecture itself.

10. The International Telecommunication Union is an organization that is described by which of the following statements?

  • The ITU is an organization charted and staffed by the United Nations to maintain international standards, such as X.800, for telecommunication. (CORRECT)
  • The ITU is an industry organization founded by the largest telecommunication companies in the world and focused on lobbying governments on their behalf.
  • The ITU is a partnership of the national telephone companies of most European countries intended to help compete against the largest American telecom.
  • The ITU is a workers union focused on ensuring the welfare of telecommunication workers.

MALWARE AND AN INTRODUCTION TO THREAT PROTECTION

1. True or False: An application that runs on your computer without your authorization but does no damage to the system is not considered malware.

  • True
  • False (CORRECT)

Correct! Adware and Spyware often do not damage the host but are definitely considered Malware.

2. How would you classify a piece of malicious code designed to cause damage and spreads from one computer to another by attaching itself to files but requires human actions in order to replicate?

  • Virus (CORRECT)
  • Worms
  • Trojan Horses
  • Spyware
  • Adware
  • Ransomware

Correct! A virus requires action on the part of the user in order to replicate and spread.

3. How would you classify a piece of malicious code designed collect data about a computer and its users and then report that back to a malicious actor?

  • Virus
  • Worms
  • Spyware (CORRECT)
  • Adware

Correct! These are designed to spy on the host system and collect data about its users.

4. A large scale Denial of Service attack usually relies upon which of the following?

  • A botnet (CORRECT)
  • A keylogger
  • Logic  Bombs
  • Trojan Horses

Correct! Many servers are required to implement an effective DoS attack – far more than could be managed manually.

5. Antivirus software can be classified as which form of threat control?

  • Technical controls (CORRECT)
  • Administrative controls
  • Active controls
  • Passive controls

Correct! Antivirus software is a technology that can be deployed to help mitigate cyber threats.

Additional Attack examples today

1. Which of the following measures can be used to counter a mapping attack?

  • Record traffic entering the network
  • Look for suspicious activity like IP addresses or ports being scanned sequentially.
  • Use a host scanner and keep an inventory of hosts on your network.
  • All of the above. (CORRECT)

Correct! All 3 of these options can and should be used.

2. In order for a network card (NIC) to engage in packet sniffing, it must be running in which mode?

  • Promiscuous (CORRECT)
  • Sniffer
  • Inspection
  • Open

Correct, the NIC must be running in promiscuous mode.

3. Which countermeasure can be helpful in combating an IP Spoofing attack?

  • Ingress filtering (CORRECT)
  • Enable IP Packet Authentication filtering
  • Keep your certificates up-to-date
  • Enable the IP Spoofing feature available in most commercial antivirus software.
  • All of the above.

Correct! This works but only if all routers use it.

4. Which two (2) measures can be used to counter a Denial of Service (DOS) attack?

  • Enable packet filtering on your firewall.
  • Use traceback to identify the source of the flooded packets. (CORRECT)
  • Implement a filter to remove flooded packets before they reach the host. (CORRECT)
  • Enable the DOS Filtering option now available on most routers and switches.

Partially correct! The downside here is that the source is most likely innocent but compromised machines.

Partially correct! The downside is that you will be filtering out some legitimate packets as well.

5. Which countermeasure should be used agains a host insertion attack?

  • Maintain an accurate inventory of computer hosts by MAC address.
  • Use a host scanning tool to match a list of discovered hosts against known hosts.
  • Investigate newly discovered hosts.
  • All of the above. (CORRECT)

Correct! All of these steps are necessary.

ATTACKS AND CYBER RESOURCES

1. Which is not one of the phases of the intrusion kill chain?

  • Activation (CORRECT)
  • Command and Control
  • Installation
  • Delivery

Correct! Activation is not part if the intrusion kill chain

2. Which social engineering attack involves a person instead of a system such as an email server? 

  • Phishing
  • Spectra
  • Cyberwarfare
  • Vishing (CORRECT)

Correct! a vishing attack often is conducted over the phone.

3. Which of the following is an example of a social engineering attack?

  • Setting up a web site offering free games, but infecting the downloads with malware.
  • Calling an employee and telling him you are from IT support and must observe him logging into his corporate account. (CORRECT)
  • Logging in to the Army’s missle command computer and launching a nuclear weapon.
  • Sending someone an email with a Trojan Horse attachment.

Correct! Talking someone into doing something they should not do is social engineering.

4. True or False: While many countries are preparing their military for a future cyberwar, there have been no “cyber battles” to-date.

  • True
  • False (CORRECT)

Correct! There have been hundreds attacks that can be considered acts of cyberwarfare conducted by many countries, includeing the United States, China, Israel, Russia, Iran, etc.

A DAY IN THE LIFE OF A SOC ANALYST

1. Which tool did Javier say was crucial to his work as a SOC analyst?

  • SIEM (Security Information and Event Management) (CORRECT)
  • Packet Sniffers
  • Firewalls
  • Intrusion detection software

Correct! Tools like QRadar SIEM are crucial to Javier since he can use it to perform advanced corrolations and threat intelligence integration.

A BRIEF OVERVIEW OF TYPES OF ACTORS AND THEIR MOTIVES

1. Which hacker organization hacked into the Democratic National Convention and released Hillary Clinton’s emails?

  • Fancy Bears (CORRECT)
  • Anonymous
  • Syrian Electronic Army
  • Guardians of the Peace 
  • All of the above

2. What challenges are expected in the future?

  • Enhanced espionage from more countries
  • Far more advanced malware
  • New consumer technology to exploit
  • All of the above (CORRECT)

3. Why are cyber attacks using SWIFT so dangerous?

  • SWIFT is the protocol used by all banks to transfer money (CORRECT)
  • SWIFT is the flight plan and routing system used by all cooperating nations for international commercial flights
  • SWIFT is the protocol used to transmit all diplomatic telegrams between governments around the world
  • SWIFT is the protocol used by all US healthcare providers to encrypt medical records

4. Which statement best describes Authentication?

  • Assurance that the communicating entity is the one claimed (CORRECT)
  • Prevention of unauthorized use of a resource
  • Assurance that a resource can be accessed and used
  • Protection against denial by one of the parties in communication

5. Trusted functionality, security labels, event detection, security audit trails and security recovery are all examples of which type of security mechanism?

  • Active security mechanism
  • External security mechanism
  • Passive security mechanism (CORRECT)
  • Contingent security mechanism

6. If an organization responds to an intentional threat, that threat is now classified as what?

  • An attack (CORRECT)
  • An active threat
  • An open case
  • A malicious threat

7. An attack that is developed particularly for a specific customer and occurs over a long period of time is a form of what type of attack?

  • Denial of Service (DOS)
  • Advanced Persistent Threat (CORRECT)
  • Water Hole
  • Spectra

8. A political motivation is often attributed to which type of actor?

  • Security Analysts
  • Internal
  • Hackers
  • Hacktivist (CORRECT)

9. The video Hacking organizations called out several countries with active government sponsored hacking operations in effect. Which one of these was among those named?

  • Canada
  • Egypt
  • Israel (CORRECT)
  • South Africa

10. Which of these is not a known hacking organization?

  • The Ponemon Institute (CORRECT)
  • Fancy Bears
  • Syrian Electronic Army
  • Anonymous
  • Guardians of the Peace

11. Which type of actor hacked the 2016 US Presidential Elections?

  • Government (CORRECT)
  • Internal
  • Hacktivists
  • Hackers

12. True or False: Passive attacks are easy to detect because the original messages are usually altered or undelivered.

  • False (CORRECT)
  • True

13. True or False: Authentication, Access Control and Data Confidentiality are all addressed by the ITU X.800 standard.

  • True (CORRECT)
  • False

14. True or False: Only acts performed with intention to do harm can be classified as Organizational Threats

  • False (CORRECT)
  • True

15. How would you classify a piece of malicious code designed to cause damage, can self-replicate and spreads from one computer to another by attaching itself to files?

  • Virus
  • Worm (CORRECT)
  • Spyware
  • Trojan Horse
  • Adware
  • Ransomware

16. Botnets can be used to orchestrate which form of attack?

  • Distribution of Spam
  • DDoS attacks
  • Phishing attacks
  • Distribution of Spyware
  • As a Malware launchpadAll of the above (CORRECT)

17. Policies and training can be classified as which form of threat control?

  • Technical controls
  • Administrative controls (CORRECT)
  • Passive controls
  • Active controls

18. Which type of attack can be addressed using a switched Ethernet gateway and software on every host on your network that makes sure their NICs is not running in promiscuous mode.

  • Packet Sniffing (CORRECT)
  • Host Insertion
  • Trojan Horse
  • Ransomware
  • All of the above

19. A flood of maliciously generated packets swamp a receiver’s network interface preventing it from responding to legitimate traffic. This is characteristic of which form of attack?

  • A Denial of Service (DOS) attack (CORRECT)
  • A Trojan Horse
  • A Masquerade attack
  • A Ransomware attack

20. A person calls you at work and tells you he is a lawyer for your company and that you need to send him specific confidential company documents right away, or else! Assuming the caller is not really a lawyer for your company but a bad actor, what kind of attack is this?

  • A Social Engineering attack (CORRECT)
  • A Trojan Horse
  • A Denial of Service attack
  • A Worm attack

21. Which type of actor was not one of the four types of actors mentioned in the video A brief overview of types of actors and their motives?

  • Hacktivists
  • Governments
  • Hackers
  • Internal
  • Black Hats (CORRECT)

22. Cryptography, digital signatures, access controls and routing controls considered which?

  • Business Policy
  • Security Policy
  • Specific security mechanisms (CORRECT)
  • Pervasive security mechanisms

23. Traffic flow analysis is classified as which?

  • An active attack
  • A passive attack (CORRECT)
  • An origin attack
  • A masquerade attack

24. True or False: An individual hacks into a military computer and uses it to launch an attack on a target he personally dislikes. This is considered an act of cyberwarfare.

  • False (CORRECT)
  • True

CONCLUSION – A brief overview of types of actors and their motives

In conclusion, this module has provided a succinct overview of different types of actors and their motives, as well as an understanding of various types of attacks and their effects on organizations and individuals. Furthermore, you have learned about the tools available to assist you in conducting cybersecurity investigations.

Previous Week
Next Week

Subscribe to our site

Get new content delivered directly to your inbox.

Quiztudy Top Courses

Popular in Coursera

Liking our content? Then, don’t forget to ad us to your BOOKMARKS so you can find us easily!

Subscribe