1 - 2: Understanding Attackers Flashcards
Differentiating attackers
Internal vs External, sophistication, resource access, motivation, intent
Script Kiddies
Unskilled attackers who reuse tools and scripts made by more sophisticated attackers
Hacktivists
Use tools to advance political and social agendas
Organized crime
Believed to associate with ransomware, extortion, and other means of financial gain
Corporate Espionage
Competitors who may target proprietary information
Nation States
Sponsor sophisticated APTs, typically with military training and advanced tools
White Hat
Operate and hack with good intent and organizational blessing
Black Hat
Operate illegally with malicious intent
Grey Hat
Operate without permission in typically illegal ways, but intend to help
Insider threat
Risk that current, former employees, contractors, or other insiders may exploit their privileged access
Privilege escalation attacks
Taking a regular account into a role or account with heightened privileges
Preventing insider attacks
HR can perform background checks, follow rule of least privilege, require multiple users for high risk actions, mandatory vacations
Shadow IT
Technology brought into the organization without IT clearing it
Email (attack vector)
Conducting phishing campaigns to get at least one user to activate malware
Social media (attack vector)
Spread malware or influence employees to gain trust and access