Friday, 2 September 2022

Threat Classification

 

Threat Classification

Threat

The Threat  a malicious act that seeks to damage data, steal data, or disrupt digital life in general . In simple way, we can say that any attack of viruses, data breaches, and Denial of Service (DoS) attacks is called Threat.

We can categorized the Threat  in multiple different ways, depending on several factors. This can include the obvious, such as whether it’s environmental or man-made, adversarial or non-adversarial. According  to  National Institute of Standards and Technology (NIST) Special Publication (SP) 800-30,  that there are four different types of threat sources (also known as threat agents) that can cause or generate a threat event:

  • Adversarial   Includes malicious persons, groups, organizations, and nation-states
  • Accidental   Users or administrators
  • Structural   Equipment or software failure
  • Environmental   Natural or man-made disasters and outages

We can also classify threats according to the type of attack they represent, through which avenue of attack (called a threat vector), and whether they are known or unknown treats.

We can classify Threat in Four different category,

  • Known Knowns
  • Known unknowns
  • Unknown Knowns
  • Unknown unknowns
Known Knowns Threats: A threat that can be identified using basic signature or pattern matching, other way threats we are aware of and understand it.

Known unknowns Threats: A threat that cannot be identified using basic signature or pattern matching, other way threats we are aware but don't understand it.

Unknown Knowns Threats: A classification of malware that contains obfuscation techniques to circumvent signature-matching and detection, other way we understand but but are not aware of it.

Unknown Unknowns Threats: A classification of malware that contains completely new attack vectors and exploits, other way threats we are neither aware of nor understand it.

Now we discussed different type threats in details,

Zero Day Threats:  A zero-day threat or vulnerability is a flaw in a piece of software that the vendor is unaware of and thus has not issued a patch or advisory for. The code written to take advantage of this flaw is called the zero-day exploit. it can create complicated problems well before anyone realizes something is wrong.

Obfuscated Malware Code:  Malicious code whose execution the malware author has attempted to hide through various techniques such as compression, encryption, or encoding to severely limit attempts to statically analyze the malware.

Recycled Threats:  Refers to the process of combining and modifying parts of existing exploit code to create new threats that are not as easily identified by automated scanning.

Malware:  Any software intentionally designed to cause damage to a computer, server, client, or computer networks.

Documented Exploits: A piece of software, data or sequence of commands that takes advantage of a vulnerability to cause unintended behavior or to gain unauthorized access to sensitive data.





No comments:

Post a Comment

Building Own SIEM Environment using Opensource Tools (Part 4)

  Building Own SIEM Environment using Opensource Tools (Part 4) Wazuh Server As per last blog, we are going to install Wazuh server and Wazu...