1.3 Explain threat actor types and attributes. Flashcards
Types of Actors - Script Kiddies
A script kiddie does not have a lot of education about
how an attack works but is able to execute one by downloading a program, or script, from the Internet to perform the attack. Again the script kiddie does not understand the details of the attack, they just know when they run the script or program, it gives them access to a system.
Types of Actors - Hacktivist
Hacktivists are people who hack out of principle, or for a cause. The cause could be political beliefs, environmental issues, or support for something or someone in need of help. The well-publicized group Anonymous is an example of a hacktivist group.
Types of Actors - Organized Crime
Groups of criminals who run large enterprises from the profits of organized crimes also can use hackers to help generate profits. As an example, hackers for an organized crime group could steal credit card numbers and use them to buy products to resell on the black market for profit.
Types of Actors - Nation States/APT
Nation states is a term used to describe a group of people within a country that has a single government and have a common identity. Nation-state defines the languages we speak, our holidays, and the laws we adhere to.
Advanced persistent threats (APT) is when an individual organizes a group of individuals to continuously hack a specific target. There are reports that some countries are now hacking specific targets by sponsoring hacker groups instead of using in-house resources.
Types of Actors - Insiders
A very important point to remember is that you need to protect your assets from persons inside the organization just as much as you need to protect them from persons outside the organization. A company that focuses on just having a firewall to protect against hackers on the Internet and totally forgets to secure assets from internal persons or employees is sure to have security incidents!
Types of Actors - Competitors
Competitors could use hackers to exploit your company’s systems to discover secrets about new products and services your company is working on.
They also could use hackers to exploit your systems in order to cause disruption to your services so that your customers look for business elsewhere, namely the competitor behind the exploit.
Attributes of Actors - Internal/External
Actors are typically classified as internal actors or external actors. An internal actor could be a disgruntled employee who wants to retaliate for not getting a pay raise or a promotion.
An external actor is someone outside the organization who intends to hack into the organization’s network.
Attributes of Actors - Level of Sophistication
Many threat actors have a high level of technical knowledge or social skills; however, the level of sophistication will depend on the actor. For example, a script kiddie typically has the minimal technical knowledge, but highly sophisticated criminal attackers typically have the technical knowledge to organize and execute complex attacks.
Attributes of Actors - Resources/Funding
Actors who become hackers have different levels of resources and funding available to them. For example, whereas a script kiddie might be a teenager with quite limited resources in his or her parents’ basement using a school-supplied laptop, a state-sponsored hacker may have unlimited resources, including state-of-the-art computer hardware and sophisticated software tools.
Attributes of Actors - Intent/Motivation
Many people who hack or perform malicious actions have some reason to do it. The motivation could be financial, political, revenge, or even bragging rights.
Use of Open-Source Intelligence
Open-source intelligence (OSINT) is information that is available from public sources such as newspapers, magazines, television, and the Internet. With the amount of information that is on the Internet today, it is very easy to learn of vulnerabilities of a product.
