1.3 Explain threat actor types and attributes Flashcards
An attacker used Open Source Intelligence (OSINT) to gather information about a target’s Internet Protocol (IP) address registration records for the victim’s servers. What type of technique did the attacker use?
DNS harvesting
A targeted attack has a budget that can allocate resources and manpower to achieve its goals. What attribute does this type of attack contain?
Sophistication
An employee suspected of modifying company invoices, diverted funds from a company account to his or her own private bank account. What kind of malicious actor type does this describe?
Insider threat
An environmental advocacy group uses cyber weapons to put companies at risk and promote their agenda. What type of attack does this demonstrate?
Hacktivists
With no specific target in mind, and without a reasonable goal, an attacker launched an unstructured phishing attack with an attachment of a replicating computer worm. If the attacker did not fully understand how this malware worked, and just wanted to gain attention, what classification of threat actor is this person?
A script kiddie
An attacker gained access to a target’s cell phone information by social engineering a cellular provider to send the attacker a SIM card issued for the victim. What type of activity is this attack categorized by?
Organized crime
Organized crime can operate across the Internet from different jurisdictions than its victim, increasing the complexity of prosecution. SIM swap fraud illustrates a type of organized crime.
Insider threats are employees who harbor grievances or perpetrate fraud. For example, an insider threat might plan and execute a campaign to modify invoices and divert funds.
Competitor attacks could aim at theft or at disrupting a competitor’s business or damaging their reputation. Competitor attacks might be facilitated by employees who have recently changed companies and have insider knowledge.
A script kiddie uses hacker tools without necessarily understanding how they work. Script kiddie attacks might have no specific target or any reasonable goal other than gaining attention or proving technical abilities.
next
Which of the following is NOT a critical profiling factor when assessing the risk that any one type of threat actor poses to an organization?
Non-repudiation
Which of the following are examples of external malicious threat actor types?
Competitor attacks
Organized crime
Competitor attacks might be facilitated by employees who have recently changed companies and bring an element of insider knowledge with them.
Organized crime can operate across the Internet from different jurisdictions than its victim, increasing the complexity of prosecution.
The term Advanced Persistent Threat (APT) was coined to understand the behavior underpinning modern types of cyber adversaries. An APT refers to the ongoing ability of an adversary to compromise network security (to obtain and maintain access) using a variety of tools and techniques.
Insider threats are employees who harbor grievances or perpetrate fraud. An insider threat might plan and execute a campaign to modify invoices and divert funds.
A bank manager fired a security engineer. The engineer changed companies, working for another bank, and brought insider knowledge, which broke a Non-disclosure Agreement (NDA) with the previous employer. The security engineer used this knowledge to damage the previous company’s reputation. What classification of threat actor is the engineer?
Competitor
An attacker gained access to a target’s cell phone information by social engineering a cellular provider to send the attacker a SIM card issued for the victim. What type of activity is this attack categorized by?
Organized crime