2.1 Threat Actors

Question 1

Threat Actors

Answer 1

The entity responsible for an event that has an impact
on the safety of another entity
– Also called a malicious actor
* Threat actor attributes
– Describes characteristics of the attacker
* Useful to categorize the motivation
– Why is this attack happening?
– Is this directed or random?

Question 2

Attributes of threat actors

Answer 2

Internal/external
– The attacker is inside the house
– They’re outside and trying to get in
* Resources/funding
– No money
– Extensive funding
* Level of sophistication/capability
– Blindly runs scripts or automated vulnerability scans
– Can write their own attack malware and scripts

Question 3

Motivations of threat actors

Answer 3

What makes them tick?
– There’s a purpose to this attack
* Motivations include
– Data exfiltration
– Espionage
– Service disruption
– Blackmail
– Financial gain
– Philosophical/political beliefs
– Ethical
– Revenge
– Disruption/chaos
– War

Question 4

Nation states

Answer 4

External entity
– Government and national security
* Many possible motivations
– Data exfiltration, philosophical, revenge, disruption,
war
* Constant attacks, massive resources
– Commonly an Advanced Persistent Threat (APT)
* Highest sophistication
– Military control, utilities, financial control
– United States and Israel destroyed 1,000 nuclear
centrifuges with the Stuxnet worm

Question 5

Unskilled attackers

Answer 5

Runs pre-made scripts without any knowledge of what’s
really happening
– Anyone can do this
* Motivated by the hunt
– Disruption, data exfiltration, sometimes philosophical
* Can be internal or external
– But usually external
* Not very sophisticated
– Limited resources, if any
* No formal funding
– Looking for low hanging fruit

Question 6

Hacktivist

Answer 6

A hacker with a purpose
– Motivated by philosophy, revenge, disruption, etc.
* Often an external entity
– Could potentially infiltrate to also be an insider threat
* Can be remarkably sophisticated
– Very specific hacks
– DoS, web site defacing, private document release
* Funding may be limited
– Some organizations have fundraising options

Question 7

Insider threat

Answer 7

More than just passwords on sticky notes
– Motivated by revenge, financial gain
* Extensive resources
– Using the organization’s resources against themselves
* An internal entity
– Eating away from the inside
* Medium level of sophistication
– The insider has institutional knowledge
– Attacks can be directed at vulnerable systems
– The insider knows what to hit

Question 8

Organized crime

Answer 8

Professional criminals
– Motivated by money
– Almost always an external entity
* Very sophisticated
– Best hacking money can buy
* Crime that’s organized
– One person hacks, one person manages the exploits,
another person sells the data, another handles
customer support
* Lots of capital to fund hacking efforts

Question 9

Shadow IT

Answer 9

Going rogue
– Working around the internal IT organization
– Builds their own infrastructure
* Information Technology can put up roadblocks
– Shadow IT is unencumbered
– Use the cloud
– Might also be able to innovate
* Limited resources
– Company budget
* Medium sophistication
– May not have IT training or knowledge