Attributes of Actors (Threat Actors, Intelligence Sources, & Vulnerabilities) Flashcards
Attributes of Actors
Internal or external and –structured or unstructured
Intent and motivation
Sophistication levels or skillsets
Threat event frequency
–How often are they going to deliver the payload or take advantage of the exploit against your vulnerability
Resources and funding
Structured Attack
Planned
Organized
Persistent
–it’s a multi-phased attack where the threat agent will attempt multiple threat vectors to deliver their payload
Multi-phased/ Polymorphic
Can internal or external
–privileged insider or a temporary worker or a contractor, or it could be an external attacker. Someone tried to breach your firewall system or leverage e-mail or messaging.
Exploit kits, malware campaigns, zero-day code, modules and scripts and ransomware
Unstructured Attack
Accidental
–could be done drive-by web surfing, casually clicking on hyperlinks in web pages, ignoring the acceptable used policy or non adherence.
Non-malicious
–Rarely malicious intent
Drive-by web surfing
–Casually clicking on hyperlinks in web pages ignoring the acceptable used policy or non adherence
No AUP
–Ignoring the acceptable used policy or non adherence
Poor awareness
-No security awareness training and ongoing awareness
E-mail and webmail
–Poor usage of e-mail and web mail
USB and personal electronics
–No policies for external drives like USB drives. FireWire drives, personal electronics, PDAs, cell phones’ pads entering and exiting the organization
Intent and Motivation
Threat Severity
Notoriety
–just basically trying to get notoriety, maybe getting their name or their hacker group assigned to some worm or virus
Fame
–The notoriety led to fame with more advanced viruses and malware, hacktivism groups, hacker groups, for example, the aforementioned cult of the dead cow
Financial
–There are huge financial incentives for data breaches, stealing credit cards, identity theft, World War C, political motivations, organized crime and rogue states