1.3 Explain threat actor types and attributes. Flashcards
Threat actors and attributes• Also called a malicious actor
The entity responsible for an event that has
an impact on the safety of another entity
• Broad scope of actors
• And motivations vary widely
• Intelligence can come from everywhere
• Open source intelligence is a massive starting point
Script kiddies
Runs premade scripts without any knowledge of what’s really happening • Can be internal or external • But usually external • Not very sophisticated • No formal funding • Looking for low hanging fruit • Motivated by the hunt • Working the ego, trying to make a name
Hacktivist
- A hacker with a purpose
- Social change or a political agenda
- Often an external entity
- Can be remarkably sophisticated
- Very specific hacks
- DoS, web site defacing, release of private documents, etc.
- Funding is limited
- Some organizations have fundraising options
Organized crime
Professional criminals
• Motivated by money
• Almost always an external entity
• Very sophisticated
• Best hacking money can buy
• Crime that’s organized
• One person hacks, one person manages the exploits,
another person sells the data, another handles
customer support
• Lots of capital to fund hacking efforts
Nation states / APT
• Governments • National security, job security • Always an external entity • Highest sophistication • Military control, utilities, financial control • United States and Israel destroyed 1,000 nuclear centrifuges with the Stuxnet worm • Constant attacks • Advanced Persistent Threat (APT) • Massive resources available
Insiders
More than just passwords on sticky notes
• Some insiders are out for no good
• Sophistication may not be advanced,
but the insider has institutional knowledge
• Attacks can be directed at vulnerable systems
• The bad guy knows what to hit
• Extensive resources
Competitors
- Many different motivations
- DoS, espionage, harm reputation
- High level of sophistication
- The competitive upside is huge (and very unethical)
- Many different intents
- Shut down your competitor during an event
- Steal customer lists
- Corrupt manufacturing databases
- Take financial information