Chapter 1.5 - Threat Actors and Vectors Flashcards
Explain different threat actors, vectors, and intelligence sources
Advanced Persistent Threat (APT)
Attackers being in the network and undetected for a long while to get highly sensitive data
Insider Threats
A threat to an organization that comes from people within the organization, such as employees or former employees who have inside information concerning the organization’s security practices, data and computer systems
State Actors
People or groups who use their technology skills to facilitate hacking, sabotage, theft, misinformation and other operations on behalf of a country
Hacktivists
A hacker that has a purpose of social change or with a political agenda
Script Kiddies
An unsophisticated attacker who runs pre-made scripts without any knowledge of what’s really happening
Criminal Syndicates
Professional criminals doing organized crime motivated by money
Hackers
Person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle
Hackers (authorized)
An ethical hacker with good intentions and has permission to hack
Hackers (unauthorized)
A malicious hacker who violates security for personal gain
Hackers (semi-authorized)
A hacker who finds a vulnerability but doesn’t use it
Shadow IT
The use of IT-related hardware or software by a department or individual without the knowledge of the IT or security group within the organization
Competitors (Threat Actor)
A different organization having negative intents against your company by trying to take information or corrupt databases
Attributes of Actors
Internal/ external, level of sophistication/ capability, resources/ funding, intent/ motivation
Attack Vectors
A method used by the attacker to gain access or infect the target
Attack Vectors (Direct Access)
Physically accessing the data center and modifying the operating system
Examples: keylogger, transfer files, DoS, etc.
Attack Vectors (Wireless)
Modifying the access point of configuration
Examples: rogue access point, evil twin, etc.
Attack Vectors (Email)
Using an email to attack someone
Examples: phishing, delivery of malware, etc.
Attack Vectors (Social Media)
Putting personal information online and using it against the user
Examples: user profiling
Attack Vectors (Removable Media)
Using attacks to remove media from systems
Examples: USB, flash drive, data exfiltration
Attack Vectors (Cloud)
Using security misconfigurations against applications and services
Examples: Brute force, orchestration attacks, DoS
Open-source Intelligence (OSINT)
Researching threat using public open-source resources
Examples: Internet, government data, commercial data
Vulnerability Databases
Places where vulnerabilities can be researched
Examples: common vulnerabilities and exposures (CVE)
Public/ Private Information Sharing Centers
Provides a central resource for gathering information on cyber and related threats to critical infrastructure and providing two-way sharing of information between the private and public sectors
Dark Web
Overlay networks that use the Internet but require specific software, configurations, or authorization to access