12. Introduction to Threats, Attacks, and Exploits
Introduction to Threats, Attacks, and Exploits
ND545 C1 L3 12 Deep Dive Into Threats, Attacks,And Exploits Video
Threats
Now that we know about vulnerabilities, we need to understand threats that may try to take advantage of them.
Definition of threat: Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. (NIST)
Examples of threats with cars
- Nails in the road
- Rain
- Drunk Driving
Examples of threats with information technology
- Malicious hacker
- Disclosed passwords
- User error
Threat source - The person or thing that is likely to cause damage.
Threat vector- The way a threat or threat source will take advantage of or exploit a vulnerability to cause damage.
Attack and exploit
In cybersecurity, the behavior of a threat trying to exploit or take advantage of a flaw in a computer system is an attack or exploit in action
For example, a malicious hacker may attack a computer system by cracking a password database and then use the results to gain unauthorized access. Here, the hacker is exploiting multiple vulnerabilities: gaining access to the password database, having the ability to crack it, and exploiting the results and using the password.
Threat Information Resource
The MITRE ATT&CKĀ® Framework is a well-known knowledge base of cybersecurity attack scenarios based on real-world observations and it is used in many places. It is very likely you will see this framework in other places or lessons. In this section, we will only give a high-level introduction.
ND545 C1 L3 13 Deep Dive Into Threats, Attacks,And Exploits Exercise Instructions Video
New terms
- Threat: Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
- Exploit: A hardware or software tool designed to take advantage of a flaw in a computer system, typically for malicious purposes such as installing malware.
- Attack: Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.
Source: https://csrc.nist.gov/glossary
Further research
- MITRE ATT&CK Framework - https://attack.mitre.org/