2.1Compare and contrast common threat actors and motivations Flashcards
Type of Threat actors
- Nation-state
- Unskilled attacker
- Hacktivist
- Insider threat
- Organized crime
- Shadow IT
what is a Threat Actor
individual or entity that’s responsible for incidents that impact security and data protection.
Unskilled Attackers
Unskilled Attackers are individuals
with limited technical experience
who use readily available tools like downloaded scripts,or exploits to carry out their attacks
Nation-state Actor
● Highly skilled attackers sponsored by governments for cyber espionage or
warfare
○ Sometimes, these threat actors attempt what is known as a false flag attack
Advanced Persistent Threat (APT)
used synonymously with a nation-state actor because of
their long-term persistence and stealth
A prolonged and targeted cyberattacks, undetected for an extended period
What motivates a nation-state actor?
to achieve their long-term strategic goals, and
they are not seeking financial gain
False Flag Attack
an attack that appears to originate from
a different source or group than the actual perpetrators
Attributes of threat actors : characteristics
- Internal/external : within and outside an organization
- Resources/funding : Tools, skills, and personnel at the disposal of a given threat actor
- Level of sophistication/capability : Refers to their technical skill, the complexity of the tools and techniques they
use, and their ability to evade detection and countermeasures
lowest skilled threat actors
Script Kiddie
○ Individual with limited technical knowledge
○ use pre-made software or scripts to exploit computer systems and
networks
Advanced technical skilled threat actors
Nation-state actors, Advanced Persistent Threats and others have high levels of
sophistication and capabilities and possess advanced technical skills
Threat actors Motivations
- Data exfiltration : Unauthorized transfer of data from a computer
- Espionage : spying to gather sensitive or classified information
- Service disruption : disrupt the services of various organizations,
either to cause chaos, make a political statement, or to demand a ransom - Blackmail : obtains sensitive or compromising information threatens to release unless certain demands are met
- Financial gain : h various means, such as ransomware attacks, or through
banking trojans - Philosophical/political beliefs :known as hacktivism
- Ethical : Authorized hackers, are motivated by a desire to improve security
- Disruption/chaos : spreading malware to launching sophisticated cyberattacks
against the critical infrastructure - War : disrupt a country’s infrastructure, compromise its national security, and to cause economic damage
Hacktivists
cyber attackers driven
by political, social, or environmental ideologies, who often want to draw attention to a specific cause.
To accomplish their objectives, hacktivists use a wide range of techniques such as :
- Website Defacement : electronic graffiti
- Distributed Denial of Service (DDoS) Attacks: overwhelm
- Doxing : public release of private information about an individual or
organization - Leaking of Sensitive Data
Most well-known hacktivist groups is known as
Anonymous
● Loosely affiliated collective that has been involved in numerous
high-profile attacks over the years for targeting organizations that they
perceive as acting unethically or against the public interest at large
Organized Crime
refers to well-structured groups
that execute cyber attacks for financial gain, usually through methods like ransomware,
identity theft, or credit card fraud, data breaches, online fraud
may be hired by other entities, including governments, to conduct
cyber operations and attacks on their behalf
