Ch2 Flashcards
What are the attributes of threat actors?
The attributes are internal/external, sophistication/capability, and resources/funding.
What is the difference between internal and external threat actors?
Internal actors have legitimate access; external actors must break into a system without permission.
What does sophistication/capability refer to?
It describes the threat actor’s ability to use advanced tools and techniques, ranging from basic tools to custom exploits.
What does resources/funding mean in relation to threat actors?
It refers to the financial/logistical support needed for tools, skilled personnel, and strategies. Nation-states and organized crime often provide funding.
What are common motivations of threat actors?
Motivations include service disruption, data exfiltration, disinformation, revenge, financial gain, and political agendas.
What are the three primary strategies used by threat actors?
The three strategies are service disruption, data exfiltration, and disinformation.
How do threat actor strategies impact the CIA triad?
Data exfiltration compromises confidentiality, disinformation attacks integrity, and service disruption targets availability.
What is the goal of service disruption?
To prevent an organization from working normally, either for revenge, chaos, or blackmail.
What is data exfiltration?
It is the unauthorized copying or transfer of valuable information from a system or network.
What is disinformation?
Disinformation involves falsifying trusted resources like websites or spreading false information via social media.
What are chaotic motivations?
Early attacks aimed to cause chaos for fun or credit; modern chaos-driven attacks often further political or revenge motives.
What are financial motivations?
Threat actors commit blackmail, extortion, or fraud to make a profit.
What is blackmail in cybersecurity?
Blackmail involves demanding payment to prevent the release of stolen or falsified information.
What is extortion?
Extortion involves demanding payment to stop or prevent an attack, such as ransomware blocking access to systems.
What is fraud in cybersecurity?
Fraud involves falsifying records, tampering with accounts, or spreading false news to gain financial advantage.
What are political motivations for threat actors?
These include whistleblowing, campaign group disruptions, or nation-states targeting other governments and organizations.
What is cyber espionage?
Cyber espionage involves stealing secrets for political, military, or commercial gain.
What is a whistleblower?
A whistleblower releases confidential information due to ethical concerns, often acting with protected disclosures.
What are the main types of threat actors?
Hackers, unskilled attackers, hacker teams/hacktivists, nation-state actors, organized crime, competitors, and internal threats.
What is a hacker?
A hacker is an individual skilled in gaining unauthorized access to systems; they can be unauthorized (malicious) or authorized (ethical).
What is an unskilled attacker?
An unskilled attacker uses hacking tools without fully understanding them, often targeting systems opportunistically.
Who are hacker teams and hacktivists?
Groups like Anonymous or WikiLeaks use cyberattacks to promote political or social agendas.
Who are nation-state actors?
Government-sponsored groups that use cyberattacks for military, strategic, or economic goals, often maintaining plausible deniability.
What is an advanced persistent threat (APT)?
An APT is a long-term, sophisticated attack used to maintain ongoing access to a system.
How do nation-state actors use false flags?
They pose as independent groups or hacktivists to disguise their involvement in cyberattacks.
What role does organized crime play in cyber threats?
Organized crime commits financial fraud, extortion, and blackmail, often across jurisdictions to evade prosecution.
How can competitors pose a cyber threat?
Rogue businesses may perform espionage, steal trade secrets, or disrupt operations to harm rivals.
What is an internal threat actor?
An internal threat actor is someone within an organization (e.g., employees, contractors) who misuses their legitimate access.
What motivates internal threat actors?
Revenge, financial gain, and opportunistic misuse of access often motivate internal actors.
What is shadow IT?
Shadow IT refers to unauthorized hardware or software introduced into an organization, creating unmonitored vulnerabilities.
What is an unintentional insider threat?
It involves mistakes, oversights, or carelessness, such as weak passwords or poor security practices.
What is the CIA triad?
The CIA triad refers to the principles of Confidentiality, Integrity, and Availability in cybersecurity.
